/** * Force admin to change password * * @param EventObserver $observer * @return void */ public function execute(EventObserver $observer) { if (!$this->observerConfig->isPasswordChangeForced()) { return; } if (!$this->authSession->isLoggedIn()) { return; } $actionList = ['adminhtml_system_account_index', 'adminhtml_system_account_save', 'adminhtml_auth_logout']; /** @var \Magento\Framework\App\Action\Action $controller */ $controller = $observer->getEvent()->getControllerAction(); /** @var \Magento\Framework\App\RequestInterface $request */ $request = $observer->getEvent()->getRequest(); if ($this->authSession->getPciAdminUserIsPasswordExpired()) { if (!in_array($request->getFullActionName(), $actionList)) { if ($this->authorization->isAllowed('Magento_Backend::myaccount')) { $controller->getResponse()->setRedirect($this->url->getUrl('adminhtml/system_account/')); $this->actionFlag->set('', \Magento\Framework\App\Action\Action::FLAG_NO_DISPATCH, true); $this->actionFlag->set('', \Magento\Framework\App\Action\Action::FLAG_NO_POST_DISPATCH, true); } else { /* * if admin password is expired and access to 'My Account' page is denied * than we need to do force logout with error message */ $this->authSession->clearStorage(); $this->session->clearStorage(); $this->messageManager->addErrorMessage(__('Your password has expired; please contact your administrator.')); $controller->getRequest()->setDispatched(false); } } } }
/** * Save current admin password to prevent its usage when changed in the future. * * @param EventObserver $observer * @return void */ public function execute(EventObserver $observer) { /* @var $user \Magento\User\Model\User */ $user = $observer->getEvent()->getObject(); if ($user->getId()) { $passwordHash = $user->getPassword(); $passwordLifetime = $this->observerConfig->getAdminPasswordLifetime(); if ($passwordLifetime && $passwordHash && !$user->getForceNewPassword()) { $this->userResource->trackPassword($user, $passwordHash, $passwordLifetime); $this->messageManager->getMessages()->deleteMessageByIdentifier('magento_user_password_expired'); $this->authSession->unsPciAdminUserIsPasswordExpired(); } } }
/** * Check whether the latest password is expired * Side-effect can be when passwords were changed with different lifetime configuration settings * * @param array $latestPassword * @return void */ private function _checkExpiredPassword($latestPassword) { if ($latestPassword && $this->observerConfig->_isLatestPasswordExpired($latestPassword)) { if ($this->observerConfig->isPasswordChangeForced()) { $message = __('It\'s time to change your password.'); } else { $myAccountUrl = $this->url->getUrl('adminhtml/system_account/'); $message = __('It\'s time to <a href="%1">change your password</a>.', $myAccountUrl); } $this->messageManager->addNoticeMessage($message); $message = $this->messageManager->getMessages()->getLastAddedMessage(); if ($message) { $message->setIdentifier('magento_user_password_expired')->setIsSticky(true); $this->authSession->setPciAdminUserIsPasswordExpired(true); } } }