Merge pull request #5380 from magento-tsg/2.4.0-develop-pr17

[TSG] Fixes for 2.4 (pr17) (2.4.0-develop)

Author: zakdma

app/code/Magento/Customer/Api/SessionCleanerInterface.php

@@ -0,0 +1,22 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Customer\Api;
+
+/**
+ * Interface for cleaning customer session data.
+ */
+interface SessionCleanerInterface
+{
+    /**
+     * Destroy all active customer sessions related to given customer id, including current session.
+     *
+     * @param int $customerId
+     * @return void
+     */
+    public function clearFor(int $customerId): void;
+}

app/code/Magento/Customer/Model/AccountManagement.php

@@ -13,6 +13,7 @@
 use Magento\Customer\Api\Data\AddressInterface;
 use Magento\Customer\Api\Data\CustomerInterface;
 use Magento\Customer\Api\Data\ValidationResultsInterfaceFactory;
+use Magento\Customer\Api\SessionCleanerInterface;
 use Magento\Customer\Helper\View as CustomerViewHelper;
 use Magento\Customer\Model\Config\Share as ConfigShare;
 use Magento\Customer\Model\Customer as CustomerModel;
@@ -68,104 +69,104 @@ class AccountManagement implements AccountManagementInterface
     /**
      * Configuration paths for create account email template
      *
-     * @deprecated Get rid of Helpers in Password Security Management
-     * @see EmailNotification::XML_PATH_REGISTER_EMAIL_TEMPLATE
+     * @deprecated get rid of Helpers in Password Security Management.
+     * @see \Magento\Customer\Model\EmailNotification::XML_PATH_REGISTER_EMAIL_TEMPLATE
      */
     const XML_PATH_REGISTER_EMAIL_TEMPLATE = 'customer/create_account/email_template';
 
     /**
      * Configuration paths for register no password email template
      *
-     * @deprecated Get rid of Helpers in Password Security Management
-     * @see EmailNotification::XML_PATH_REGISTER_EMAIL_TEMPLATE
+     * @deprecated get rid of Helpers in Password Security Management.
+     * @see \Magento\Customer\Model\EmailNotification::XML_PATH_REGISTER_NO_PASSWORD_EMAIL_TEMPLATE
      */
     const XML_PATH_REGISTER_NO_PASSWORD_EMAIL_TEMPLATE = 'customer/create_account/email_no_password_template';
 
     /**
      * Configuration paths for remind email identity
      *
-     * @deprecated Get rid of Helpers in Password Security Management
-     * @see EmailNotification::XML_PATH_REGISTER_EMAIL_TEMPLATE
+     * @deprecated get rid of Helpers in Password Security Management.
+     * @see \Magento\Customer\Model\EmailNotification::XML_PATH_REGISTER_EMAIL_IDENTITY
      */
     const XML_PATH_REGISTER_EMAIL_IDENTITY = 'customer/create_account/email_identity';
 
     /**
      * Configuration paths for remind email template
      *
-     * @deprecated Get rid of Helpers in Password Security Management
-     * @see EmailNotification::XML_PATH_REGISTER_EMAIL_TEMPLATE
+     * @deprecated get rid of Helpers in Password Security Management.
+     * @see \Magento\Customer\Model\EmailNotification::XML_PATH_REMIND_EMAIL_TEMPLATE
      */
     const XML_PATH_REMIND_EMAIL_TEMPLATE = 'customer/password/remind_email_template';
 
     /**
      * Configuration paths for forgot email email template
      *
-     * @deprecated Get rid of Helpers in Password Security Management
-     * @see EmailNotification::XML_PATH_REGISTER_EMAIL_TEMPLATE
+     * @deprecated get rid of Helpers in Password Security Management.
+     * @see \Magento\Customer\Model\EmailNotification::XML_PATH_FORGOT_EMAIL_TEMPLATE
      */
     const XML_PATH_FORGOT_EMAIL_TEMPLATE = 'customer/password/forgot_email_template';
 
     /**
      * Configuration paths for forgot email identity
      *
-     * @deprecated Get rid of Helpers in Password Security Management
-     * @see EmailNotification::XML_PATH_REGISTER_EMAIL_TEMPLATE
+     * @deprecated get rid of Helpers in Password Security Management.
+     * @see \Magento\Customer\Model\EmailNotification::XML_PATH_FORGOT_EMAIL_IDENTITY
      */
     const XML_PATH_FORGOT_EMAIL_IDENTITY = 'customer/password/forgot_email_identity';
 
     /**
      * Configuration paths for account confirmation required
      *
-     * @deprecated Get rid of Helpers in Password Security Management
+     * @deprecated get rid of Helpers in Password Security Management.
      * @see AccountConfirmation::XML_PATH_IS_CONFIRM
      */
     const XML_PATH_IS_CONFIRM = 'customer/create_account/confirm';
 
     /**
      * Configuration paths for account confirmation email template
      *
-     * @deprecated Get rid of Helpers in Password Security Management
-     * @see EmailNotification::XML_PATH_REGISTER_EMAIL_TEMPLATE
+     * @deprecated get rid of Helpers in Password Security Management.
+     * @see \Magento\Customer\Model\EmailNotification::XML_PATH_CONFIRM_EMAIL_TEMPLATE
      */
     const XML_PATH_CONFIRM_EMAIL_TEMPLATE = 'customer/create_account/email_confirmation_template';
 
     /**
      * Configuration paths for confirmation confirmed email template
      *
-     * @deprecated Get rid of Helpers in Password Security Management
-     * @see EmailNotification::XML_PATH_REGISTER_EMAIL_TEMPLATE
+     * @deprecated get rid of Helpers in Password Security Management.
+     * @see \Magento\Customer\Model\EmailNotification::XML_PATH_CONFIRMED_EMAIL_TEMPLATE
      */
     const XML_PATH_CONFIRMED_EMAIL_TEMPLATE = 'customer/create_account/email_confirmed_template';
 
     /**
      * Constants for the type of new account email to be sent
      *
-     * @deprecated Get rid of Helpers in Password Security Management
-     * @see EmailNotificationInterface::NEW_ACCOUNT_EMAIL_REGISTERED
+     * @deprecated get rid of Helpers in Password Security Management.
+     * @see \Magento\Customer\Model\EmailNotificationInterface::NEW_ACCOUNT_EMAIL_REGISTERED
      */
     const NEW_ACCOUNT_EMAIL_REGISTERED = 'registered';
 
     /**
      * Welcome email, when password setting is required
      *
-     * @deprecated Get rid of Helpers in Password Security Management
-     * @see EmailNotificationInterface::NEW_ACCOUNT_EMAIL_REGISTERED
+     * @deprecated get rid of Helpers in Password Security Management.
+     * @see \Magento\Customer\Model\EmailNotificationInterface::NEW_ACCOUNT_EMAIL_REGISTERED_NO_PASSWORD
      */
     const NEW_ACCOUNT_EMAIL_REGISTERED_NO_PASSWORD = 'registered_no_password';
 
     /**
      * Welcome email, when confirmation is enabled
      *
-     * @deprecated Get rid of Helpers in Password Security Management
-     * @see EmailNotificationInterface::NEW_ACCOUNT_EMAIL_REGISTERED
+     * @deprecated get rid of Helpers in Password Security Management.
+     * @see \Magento\Customer\Model\EmailNotificationInterface::NEW_ACCOUNT_EMAIL_CONFIRMATION
      */
     const NEW_ACCOUNT_EMAIL_CONFIRMATION = 'confirmation';
 
     /**
      * Confirmation email, when account is confirmed
      *
-     * @deprecated Get rid of Helpers in Password Security Management
-     * @see EmailNotificationInterface::NEW_ACCOUNT_EMAIL_REGISTERED
+     * @deprecated get rid of Helpers in Password Security Management.
+     * @see \Magento\Customer\Model\EmailNotificationInterface::NEW_ACCOUNT_EMAIL_CONFIRMED
      */
     const NEW_ACCOUNT_EMAIL_CONFIRMED = 'confirmed';
 
@@ -191,15 +192,16 @@ class AccountManagement implements AccountManagementInterface
     /**
      * Configuration path to customer reset password email template
      *
-     * @deprecated Get rid of Helpers in Password Security Management
-     * @see Magento/Customer/Model/EmailNotification::XML_PATH_REGISTER_EMAIL_TEMPLATE
+     * @deprecated get rid of Helpers in Password Security Management.
+     * @see \Magento\Customer\Model\EmailNotification::XML_PATH_RESET_PASSWORD_TEMPLATE
      */
     const XML_PATH_RESET_PASSWORD_TEMPLATE = 'customer/password/reset_password_template';
 
     /**
      * Minimum password length
      *
-     * @deprecated Get rid of Helpers in Password Security Management
+     * @deprecated get rid of Helpers in Password Security Management.
+     * @see \Magento\Customer\Model\AccountManagement::XML_PATH_MINIMUM_PASSWORD_LENGTH
      */
     const MIN_PASSWORD_LENGTH = 6;
 
@@ -283,21 +285,6 @@ class AccountManagement implements AccountManagementInterface
      */
     private $transportBuilder;
 
-    /**
-     * @var SessionManagerInterface
-     */
-    private $sessionManager;
-
-    /**
-     * @var SaveHandlerInterface
-     */
-    private $saveHandler;
-
-    /**
-     * @var CollectionFactory
-     */
-    private $visitorCollectionFactory;
-
     /**
      * @var DataObjectProcessor
      */
@@ -383,6 +370,11 @@ class AccountManagement implements AccountManagementInterface
      */
     private $getByToken;
 
+    /**
+     * @var SessionCleanerInterface
+     */
+    private $sessionCleaner;
+
     /**
      * @param CustomerFactory $customerFactory
      * @param ManagerInterface $eventManager
@@ -417,10 +409,12 @@ class AccountManagement implements AccountManagementInterface
      * @param AddressRegistry|null $addressRegistry
      * @param GetCustomerByToken|null $getByToken
      * @param AllowedCountries|null $allowedCountriesReader
+     * @param SessionCleanerInterface|null $sessionCleaner
      * @SuppressWarnings(PHPMD.CyclomaticComplexity)
      * @SuppressWarnings(PHPMD.ExcessiveParameterList)
      * @SuppressWarnings(PHPMD.NPathComplexity)
      * @SuppressWarnings(PHPMD.LongVariable)
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
      */
     public function __construct(
         CustomerFactory $customerFactory,
@@ -455,7 +449,8 @@ public function __construct(
         SearchCriteriaBuilder $searchCriteriaBuilder = null,
         AddressRegistry $addressRegistry = null,
         GetCustomerByToken $getByToken = null,
-        AllowedCountries $allowedCountriesReader = null
+        AllowedCountries $allowedCountriesReader = null,
+        SessionCleanerInterface $sessionCleaner = null
     ) {
         $this->customerFactory = $customerFactory;
         $this->eventManager = $eventManager;
@@ -486,12 +481,6 @@ public function __construct(
         $this->dateTimeFactory = $dateTimeFactory ?: $objectManager->get(DateTimeFactory::class);
         $this->accountConfirmation = $accountConfirmation ?: $objectManager
             ->get(AccountConfirmation::class);
-        $this->sessionManager = $sessionManager
-            ?: $objectManager->get(SessionManagerInterface::class);
-        $this->saveHandler = $saveHandler
-            ?: $objectManager->get(SaveHandlerInterface::class);
-        $this->visitorCollectionFactory = $visitorCollectionFactory
-            ?: $objectManager->get(CollectionFactory::class);
         $this->searchCriteriaBuilder = $searchCriteriaBuilder
             ?: $objectManager->get(SearchCriteriaBuilder::class);
         $this->addressRegistry = $addressRegistry
@@ -500,6 +489,7 @@ public function __construct(
             ?: $objectManager->get(GetCustomerByToken::class);
         $this->allowedCountriesReader = $allowedCountriesReader
             ?: $objectManager->get(AllowedCountries::class);
+        $this->sessionCleaner = $sessionCleaner ?? $objectManager->get(SessionCleanerInterface::class);
     }
 
     /**
@@ -538,7 +528,10 @@ public function resendConfirmation($email, $websiteId = null, $redirectUrl = '')
         } catch (MailException $e) {
             // If we are not able to send a new account email, this should be ignored
             $this->logger->critical($e);
+
+            return false;
         }
+
         return true;
     }
 
@@ -685,16 +678,18 @@ public function initiatePasswordReset($email, $template, $websiteId = null)
      */
     private function handleUnknownTemplate($template)
     {
-        $phrase = __(
-            'Invalid value of "%value" provided for the %fieldName field. Possible values: %template1 or %template2.',
-            [
-                'value' => $template,
-                'fieldName' => 'template',
-                'template1' => AccountManagement::EMAIL_REMINDER,
-                'template2' => AccountManagement::EMAIL_RESET
-            ]
+        throw new InputException(
+            __(
+                'Invalid value of "%value" provided for the %fieldName field. '
+                    . 'Possible values: %template1 or %template2.',
+                [
+                    'value' => $template,
+                    'fieldName' => 'template',
+                    'template1' => AccountManagement::EMAIL_REMINDER,
+                    'template2' => AccountManagement::EMAIL_RESET
+                ]
+            )
         );
-        throw new InputException($phrase);
     }
 
     /**
@@ -725,7 +720,7 @@ public function resetPassword($email, $resetToken, $newPassword)
         $customerSecure->setRpToken(null);
         $customerSecure->setRpTokenCreatedAt(null);
         $customerSecure->setPasswordHash($this->createPasswordHash($newPassword));
-        $this->destroyCustomerSessions($customer->getId());
+        $this->sessionCleaner->clearFor((int)$customer->getId());
         $this->customerRepository->save($customer);
 
         return true;
@@ -872,6 +867,7 @@ public function createAccountWithPasswordHash(CustomerInterface $customer, $hash
         if ($customer->getId()) {
             $customer = $this->customerRepository->get($customer->getEmail());
             $websiteId = $customer->getWebsiteId();
+
             if ($this->isCustomerInStore($websiteId, $customer->getStoreId())) {
                 throw new InputException(__('This customer already exists in this store.'));
             }
@@ -1050,7 +1046,7 @@ private function changePasswordForCustomer($customer, $currentPassword, $newPass
         $customerSecure->setRpTokenCreatedAt(null);
         $this->checkPasswordStrength($newPassword);
         $customerSecure->setPasswordHash($this->createPasswordHash($newPassword));
-        $this->destroyCustomerSessions($customer->getId());
+        $this->sessionCleaner->clearFor((int)$customer->getId());
         $this->disableAddressValidation($customer);
         $this->customerRepository->save($customer);
 
@@ -1619,36 +1615,6 @@ private function getEmailNotification()
         }
     }
 
-    /**
-     * Destroy all active customer sessions by customer id (current session will not be destroyed).
-     *
-     * Customer sessions which should be deleted are collecting from the "customer_visitor" table considering
-     * configured session lifetime.
-     *
-     * @param string|int $customerId
-     * @return void
-     */
-    private function destroyCustomerSessions($customerId)
-    {
-        $sessionLifetime = $this->scopeConfig->getValue(
-            \Magento\Framework\Session\Config::XML_PATH_COOKIE_LIFETIME,
-            \Magento\Store\Model\ScopeInterface::SCOPE_STORE
-        );
-        $dateTime = $this->dateTimeFactory->create();
-        $activeSessionsTime = $dateTime->setTimestamp($dateTime->getTimestamp() - $sessionLifetime)
-            ->format(DateTime::DATETIME_PHP_FORMAT);
-        /** @var \Magento\Customer\Model\ResourceModel\Visitor\Collection $visitorCollection */
-        $visitorCollection = $this->visitorCollectionFactory->create();
-        $visitorCollection->addFieldToFilter('customer_id', $customerId);
-        $visitorCollection->addFieldToFilter('last_visit_at', ['from' => $activeSessionsTime]);
-        $visitorCollection->addFieldToFilter('session_id', ['neq' => $this->sessionManager->getSessionId()]);
-        /** @var \Magento\Customer\Model\Visitor $visitor */
-        foreach ($visitorCollection->getItems() as $visitor) {
-            $sessionId = $visitor->getSessionId();
-            $this->saveHandler->destroy($sessionId);
-        }
-    }
-
     /**
      * Set ignore_validation_flag for reset password flow to skip unnecessary address and customer validation
      *