Merge remote-tracking branch 'origin/BUG#AC-9337' into spartans_pr_06062024

Author: glo60612

app/code/Magento/Integration/Api/TokenManager.php

@@ -94,4 +94,15 @@ public function revokeFor(UserContextInterface $userContext): void
     {
         $this->tokenRevoker->revokeFor($userContext);
     }
+
+    /**
+     * Revoke  previously issued tokens for given user.
+     *
+     * @param UserContextInterface $userContext
+     * @return void
+     */
+    public function revokeForOld(UserContextInterface $userContext): void
+    {
+        $this->tokenRevoker->revokeForOld($userContext);
+    }
 }

app/code/Magento/Integration/Model/CustomerTokenService.php

@@ -77,6 +77,7 @@ public function createCustomerAccessToken($username, $password)
             CustomUserContext::USER_TYPE_CUSTOMER
         );
         $params = $this->tokenManager->createUserTokenParameters();
+        $this->revokeCustomerAccessTokenOld($customerDataObject->getId());
 
         return $this->tokenManager->create($context, $params);
     }
@@ -114,4 +115,23 @@ private function getRequestThrottler()
         }
         return $this->requestThrottler;
     }
+
+    /**
+     * Revoke old token by customer id.
+     *
+     * @param int $customerId
+     * @return bool
+     * @throws \Magento\Framework\Exception\LocalizedException
+     */
+    public function revokeCustomerAccessTokenOld($customerId)
+    {
+        try {
+            $this->tokenManager->revokeForOld(
+                new CustomUserContext((int)$customerId, CustomUserContext::USER_TYPE_CUSTOMER)
+            );
+        } catch (UserTokenException $exception) {
+            throw new LocalizedException(__('Failed to revoke customer\'s access tokens'), $exception);
+        }
+        return true;
+    }
 }

app/code/Magento/JwtUserToken/Model/Revoker.php

@@ -39,4 +39,15 @@ public function revokeFor(UserContextInterface $userContext): void
             new Revoked((int) $userContext->getUserType(), (int) $userContext->getUserId(), time())
         );
     }
+
+    /**
+     * @inheritDoc
+     */
+    public function revokeForOld(UserContextInterface $userContext): void
+    {
+        //Invalidating all tokens issued before current datetime.
+        $this->revokedRepo->saveRevoked(
+            new Revoked((int) $userContext->getUserType(), (int) $userContext->getUserId(), time()-1)
+        );
+    }
 }