MC-32830: Do not store admin and customer tokens in DB

Author: ogorkun

app/code/Magento/Integration/Plugin/Model/AdminUser.php

@@ -7,6 +7,8 @@
 namespace Magento\Integration\Plugin\Model;
 
 use Magento\Integration\Model\AdminTokenService;
+use Magento\User\Model\User;
+use Magento\Framework\Model\AbstractModel;
 
 /**
  * Plugin to delete admin tokens when admin becomes inactive
@@ -27,22 +29,22 @@ public function __construct(
         $this->adminTokenService = $adminTokenService;
     }
 
-    /**
-     * Check if admin is inactive - if so, invalidate their tokens
-     *
-     * @param \Magento\User\Model\User $subject
-     * @param \Magento\Framework\DataObject $object
-     * @return \Magento\User\Model\User
-     * @throws \Magento\Framework\Exception\LocalizedException
-     */
     public function afterSave(
-        \Magento\User\Model\User $subject,
-        \Magento\Framework\DataObject $object
-    ): \Magento\User\Model\User {
-        $isActive = $object->getIsActive();
+        User $subject,
+        AbstractModel $return
+    ): AbstractModel {
+        $isActive = $return->getIsActive();
         if ($isActive !== null && $isActive == 0) {
-            $this->adminTokenService->revokeAdminAccessToken($object->getId());
+            $this->adminTokenService->revokeAdminAccessToken((int) $return->getId());
         }
-        return $subject;
+
+        return $return;
+    }
+
+    public function afterDelete(User $subject, AbstractModel $return): AbstractModel
+    {
+        $this->adminTokenService->revokeAdminAccessToken((int) $return->getId());
+
+        return $return;
     }
 }

app/code/Magento/Integration/Plugin/Model/CustomerUser.php

@@ -5,7 +5,9 @@
  */
 namespace Magento\Integration\Plugin\Model;
 
+use Magento\Framework\Model\AbstractModel;
 use Magento\Integration\Model\CustomerTokenService;
+use Magento\Customer\Model\Customer;
 
 /**
  * Plugin to delete customer tokens when customer becomes inactive
@@ -29,18 +31,27 @@ public function __construct(
     /**
      * Check if customer is inactive - if so, invalidate their tokens
      *
-     * @param \Magento\Customer\Model\Customer $subject
-     * @param \Magento\Framework\DataObject $object
-     * @return $this
+     * @param Customer $subject
+     * @param AbstractModel $object
+     * @return AbstractModel
+     *
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
      */
     public function afterSave(
-        \Magento\Customer\Model\Customer $subject,
-        \Magento\Framework\DataObject $object
+        Customer $subject,
+        AbstractModel $object
     ) {
         $isActive = $object->getIsActive();
         if (isset($isActive) && $isActive == 0) {
             $this->customerTokenService->revokeCustomerAccessToken($object->getId());
         }
-        return $subject;
+        return $object;
+    }
+
+    public function afterDelete(Customer $subject, AbstractModel $return): AbstractModel
+    {
+        $this->customerTokenService->revokeCustomerAccessToken((int) $subject->getId());
+
+        return $return;
     }
 }