/**
* Upgrade customer password hash when customer has logged in
*
* @param \Magento\Framework\Event\Observer $observer
* @return void
*/
public function execute(\Magento\Framework\Event\Observer $observer)
{
$password = $observer->getEvent()->getData('password');
/** @var \Magento\Customer\Model\Customer $model */
$model = $observer->getEvent()->getData('model');
$customer = $this->customerRepository->getById($model->getId());
$customerSecure = $this->customerRegistry->retrieveSecureData($model->getId());
if (!$this->encryptor->validateHashVersion($customerSecure->getPasswordHash(), true)) {
$customerSecure->setPasswordHash($this->encryptor->getHash($password, true));
$this->customerRepository->save($customer);
}
}
/**
* Admin locking and password hashing upgrade logic implementation
*
* @param EventObserver $observer
* @return void
* @throws \Magento\Framework\Exception\LocalizedException
*/
public function execute(EventObserver $observer)
{
$password = $observer->getEvent()->getPassword();
/** @var User $user */
$user = $observer->getEvent()->getUser();
$authResult = $observer->getEvent()->getResult();
if (!$authResult && $user->getId()) {
// update locking information regardless whether user locked or not
$this->_updateLockingInformation($user);
}
// check whether user is locked
$lockExpires = $user->getLockExpires();
if ($lockExpires) {
$lockExpires = new \DateTime($lockExpires);
if ($lockExpires > new \DateTime()) {
throw new UserLockedException(__('You did not sign in correctly or your account is temporarily disabled.'));
}
}
if (!$authResult) {
return;
}
$this->userResource->unlock($user->getId());
$latestPassword = $this->userResource->getLatestPassword($user->getId());
$this->_checkExpiredPassword($latestPassword);
if (!$this->encryptor->validateHashVersion($user->getPassword(), true)) {
$user->setPassword($password)->setData('force_new_password', true)->save();
}
}
