Merge branch 'develop' of github.corp.magento.com:magento-extensibility/magento2ce into develop

Author: bwaters

.htaccess.sample

@@ -1,12 +1,11 @@
 ############################################
-## overrides deployment configuration mode value
-## use command bin/magento deploy:mode:set to switch modes
-
-#   SetEnv MAGE_MODE developer
+## Optional override of deployment mode. We recommend you use the
+## command bin/magento deploy:mode:set to switch modes instead
+#   SetEnv MAGE_MODE default # or production or developer
 
 ############################################
-## uncomment these lines for CGI mode
-## make sure to specify the correct cgi php binary file name
+## Uncomment these lines for CGI mode.
+## Make sure to specify the correct cgi php binary file name
 ## it might be /cgi-bin/php-cgi
 
 #    Action php5-cgi /cgi-bin/php5-cgi
@@ -17,42 +16,42 @@
 
 #   Options -MultiViews
 
-## you might also need to add this line to php.ini
+## You might also need to add this line to php.ini
 ##     cgi.fix_pathinfo = 1
-## if it still doesn't work, rename php.ini to php5.ini
+## If it still doesn't work, rename php.ini to php5.ini
 
 ############################################
-## this line is specific for 1and1 hosting
+## This line is specific for 1and1 hosting
 
     #AddType x-mapp-php5 .php
     #AddHandler x-mapp-php5 .php
 
 ############################################
-## default index file
+## Default index file
 
     DirectoryIndex index.php
 
 <IfModule mod_php5.c>
 
 ############################################
-## adjust memory limit
+## Adjust memory limit
 
     php_value memory_limit 768M
     php_value max_execution_time 18000
 
 ############################################
-## disable automatic session start
+## Disable automatic session start
 ## before autoload was initialized
 
     php_flag session.auto_start off
 
 ############################################
-## enable resulting html compression
+## Enable resulting html compression
 
     #php_flag zlib.output_compression on
 
 ###########################################
-## disable user agent verification to not break multiple image upload
+## Disable user agent verification to not break multiple image upload
 
     php_flag suhosin.session.cryptua off
 
@@ -61,32 +60,32 @@
 <IfModule mod_php7.c>
 
 ############################################
-## adjust memory limit
+## Adjust memory limit
 
     php_value memory_limit 768M
     php_value max_execution_time 18000
 
 ############################################
-## disable automatic session start
+## Disable automatic session start
 ## before autoload was initialized
 
     php_flag session.auto_start off
 
 ############################################
-## enable resulting html compression
+## Enable resulting html compression
 
     #php_flag zlib.output_compression on
 
 ###########################################
-## disable user agent verification to not break multiple image upload
+## Disable user agent verification to not break multiple image upload
 
     php_flag suhosin.session.cryptua off
 
 </IfModule>
 
 <IfModule mod_security.c>
 ###########################################
-## disable POST processing to not break multiple image upload
+## Disable POST processing to not break multiple image upload
 
     SecFilterEngine Off
     SecFilterScanPOST Off
@@ -95,7 +94,7 @@
 <IfModule mod_deflate.c>
 
 ############################################
-## enable apache served files compression
+## Enable apache served files compression
 ## http://developer.yahoo.com/performance/rules.html#gzip
 
     # Insert filter on all content
@@ -123,14 +122,14 @@
 <IfModule mod_ssl.c>
 
 ############################################
-## make HTTPS env vars available for CGI mode
+## Make HTTPS env vars available for CGI mode
 
     SSLOptions StdEnvVars
 
 </IfModule>
 
 ############################################
-## workaround for Apache 2.4.6 CentOS build when working via ProxyPassMatch with HHVM (or any other)
+## Workaround for Apache 2.4.6 CentOS build when working via ProxyPassMatch with HHVM (or any other)
 ## Please, set it on virtual host configuration level
 
 ##    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
@@ -139,19 +138,19 @@
 <IfModule mod_rewrite.c>
 
 ############################################
-## enable rewrites
+## Enable rewrites
 
     Options +FollowSymLinks
     RewriteEngine on
 
 ############################################
-## you can put here your magento root folder
+## You can put here your magento root folder
 ## path relative to web root
 
     #RewriteBase /magento/
 
 ############################################
-## workaround for HTTP authorization
+## Workaround for HTTP authorization
 ## in CGI environment
 
     RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
@@ -163,21 +162,21 @@
     RewriteRule .* - [L,R=405]
 
 ############################################
-## redirect for mobile user agents
+## Redirect for mobile user agents
 
     #RewriteCond %{REQUEST_URI} !^/mobiledirectoryhere/.*$
     #RewriteCond %{HTTP_USER_AGENT} "android|blackberry|ipad|iphone|ipod|iemobile|opera mobile|palmos|webos|googlebot-mobile" [NC]
     #RewriteRule ^(.*)$ /mobiledirectoryhere/ [L,R=302]
 
 ############################################
-## never rewrite for existing files, directories and links
+## Never rewrite for existing files, directories and links
 
     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteCond %{REQUEST_FILENAME} !-d
     RewriteCond %{REQUEST_FILENAME} !-l
 
 ############################################
-## rewrite everything else to index.php
+## Rewrite everything else to index.php
 
     RewriteRule .* index.php [L]
 

app/code/Magento/Customer/Model/Authentication.php

@@ -82,7 +82,7 @@ public function processAuthenticationFailure($customerId)
         $customerSecure = $this->customerRegistry->retrieveSecureData($customerId);
 
         if (!($lockThreshold && $maxFailures)) {
-            return false;
+            return;
         }
         $failuresNum = (int)$customerSecure->getFailuresNum() + 1;
 
@@ -92,10 +92,13 @@ public function processAuthenticationFailure($customerId)
         }
 
         $lockThreshInterval = new \DateInterval('PT' . $lockThreshold . 'S');
-        // set first failure date when this is first failure or last first failure expired
-        if (1 === $failuresNum || !$firstFailureDate || $now->diff($firstFailureDate) > $lockThreshInterval) {
+        $lockExpires = $customerSecure->getLockExpires();
+        $lockExpired = ($lockExpires !== null) && ($now > new \DateTime($lockExpires));
+        // set first failure date when this is the first failure or the lock is expired
+        if (1 === $failuresNum || !$firstFailureDate || $lockExpired) {
             $customerSecure->setFirstFailure($this->dateTime->formatDate($now));
             $failuresNum = 1;
+            $customerSecure->setLockExpires(null);
             // otherwise lock customer
         } elseif ($failuresNum >= $maxFailures) {
             $customerSecure->setLockExpires($this->dateTime->formatDate($now->add($lockThreshInterval)));