Merge pull request #7749 from magento-cia/cia-2.4.6-bugfixes-06262022

admanesachin · web-flow · commit bf1e13725402 · 2022-06-27T23:23:55.000-05:00
Cia-2.4.6-develop-bugfixes-06262022
diff --git a/app/code/Magento/Customer/Model/Plugin/ClearSessionsAfterLogoutPlugin.php b/app/code/Magento/Customer/Model/Plugin/ClearSessionsAfterLogoutPlugin.php
@@ -0,0 +1,108 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Customer\Model\Plugin;
+
+use Magento\Customer\Model\Session;
+use Magento\Framework\App\Area;
+use Magento\Framework\App\State;
+use Magento\Framework\Session\SaveHandlerInterface;
+use Magento\Framework\Session\StorageInterface;
+use Magento\Framework\Exception\SessionException;
+use Psr\Log\LoggerInterface;
+use Magento\Framework\Exception\LocalizedException;
+
+/**
+ * Clears previous active sessions after logout
+ *
+ * @SuppressWarnings(PHPMD.CookieAndSessionMisuse)
+ */
+class ClearSessionsAfterLogoutPlugin
+{
+    /**
+     * Array key for all active previous session ids.
+     */
+    private const PREVIOUS_ACTIVE_SESSIONS = 'previous_active_sessions';
+
+    /**
+     * @var Session
+     */
+    private Session $session;
+
+    /**
+     * @var SaveHandlerInterface
+     */
+    private SaveHandlerInterface $saveHandler;
+
+    /**
+     * @var StorageInterface
+     */
+    private StorageInterface $storage;
+
+    /**
+     * @var State
+     */
+    private State $state;
+
+    /**
+     * @var LoggerInterface
+     */
+    private LoggerInterface $logger;
+
+    /**
+     * Initialize Dependencies
+     *
+     * @param Session $customerSession
+     * @param SaveHandlerInterface $saveHandler
+     * @param StorageInterface $storage
+     * @param State $state
+     * @param LoggerInterface $logger
+     */
+    public function __construct(
+        Session $customerSession,
+        SaveHandlerInterface $saveHandler,
+        StorageInterface $storage,
+        State $state,
+        LoggerInterface $logger
+    ) {
+        $this->session = $customerSession;
+        $this->saveHandler = $saveHandler;
+        $this->storage = $storage;
+        $this->state = $state;
+        $this->logger = $logger;
+    }
+
+    /**
+     * Plugin to clear session after logout
+     *
+     * @param Session $subject
+     * @param Session $result
+     * @return Session
+     * @throws LocalizedException
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    public function afterLogout(Session $subject, Session $result): Session
+    {
+        $isAreaFrontEnd = $this->state->getAreaCode() === Area::AREA_FRONTEND;
+        $previousSessions = $this->storage->getData(self::PREVIOUS_ACTIVE_SESSIONS);
+
+        if ($isAreaFrontEnd && !empty($previousSessions)) {
+            foreach ($previousSessions as $sessionId) {
+                try {
+                    $this->session->start();
+                    $this->saveHandler->destroy($sessionId);
+                    $this->session->writeClose();
+                } catch (SessionException $e) {
+                    $this->logger->error($e);
+                }
+
+            }
+            $this->storage->setData(self::PREVIOUS_ACTIVE_SESSIONS, []);
+        }
+        return $result;
+    }
+}
diff --git a/app/code/Magento/Customer/Model/Plugin/CustomerNotification.php b/app/code/Magento/Customer/Model/Plugin/CustomerNotification.php
@@ -3,6 +3,7 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
 
 namespace Magento\Customer\Model\Plugin;
 
@@ -16,13 +17,21 @@
 use Magento\Framework\App\RequestInterface;
 use Magento\Framework\App\State;
 use Magento\Framework\Exception\NoSuchEntityException;
+use Magento\Framework\Session\StorageInterface;
 use Psr\Log\LoggerInterface;
 
 /**
  * Refresh the Customer session if `UpdateSession` notification registered
+ *
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
  */
 class CustomerNotification
 {
+    /**
+     * Array key for all active previous session ids.
+     */
+    private const PREVIOUS_ACTIVE_SESSIONS = 'previous_active_sessions';
+
     /**
      * @var Session
      */
@@ -53,6 +62,11 @@ class CustomerNotification
      */
     private $request;
 
+    /**
+     * @var StorageInterface
+     */
+    private StorageInterface $storage;
+
     /**
      * Initialize dependencies.
      *
@@ -61,22 +75,25 @@ class CustomerNotification
      * @param State $state
      * @param CustomerRepositoryInterface $customerRepository
      * @param LoggerInterface $logger
-     * @param RequestInterface|null $request
+     * @param RequestInterface $request
+     * @param StorageInterface|null $storage
      */
     public function __construct(
         Session $session,
         NotificationStorage $notificationStorage,
         State $state,
         CustomerRepositoryInterface $customerRepository,
         LoggerInterface $logger,
-        RequestInterface $request
+        RequestInterface $request,
+        StorageInterface $storage = null
     ) {
         $this->session = $session;
         $this->notificationStorage = $notificationStorage;
         $this->state = $state;
         $this->customerRepository = $customerRepository;
         $this->logger = $logger;
         $this->request = $request;
+        $this->storage = $storage ?? ObjectManager::getInstance()->get(StorageInterface::class);
     }
 
     /**
@@ -89,18 +106,33 @@ public function __construct(
      */
     public function beforeExecute(ActionInterface $subject)
     {
-        $customerId = $this->session->getCustomerId();
-
-        if ($this->isFrontendRequest() && $this->isPostRequest() && $this->isSessionUpdateRegisteredFor($customerId)) {
-            try {
-                $this->session->regenerateId();
-                $customer = $this->customerRepository->getById($customerId);
-                $this->session->setCustomerData($customer);
-                $this->session->setCustomerGroupId($customer->getGroupId());
-                $this->notificationStorage->remove(NotificationStorage::UPDATE_CUSTOMER_SESSION, $customer->getId());
-            } catch (NoSuchEntityException $e) {
-                $this->logger->error($e);
+        $customerId = (int)$this->session->getCustomerId();
+
+        if (!$this->isFrontendRequest()
+            || !$this->isPostRequest()
+            || !$this->isSessionUpdateRegisteredFor($customerId)) {
+            return;
+        }
+
+        try {
+            $oldSessionId = $this->session->getSessionId();
+            $previousSessions = $this->storage->getData(self::PREVIOUS_ACTIVE_SESSIONS);
+
+            if (empty($previousSessions)) {
+                $previousSessions = [];
             }
+            $previousSessions[] = $oldSessionId;
+            $this->storage->setData(self::PREVIOUS_ACTIVE_SESSIONS, $previousSessions);
+            $this->session->regenerateId();
+            $customer = $this->customerRepository->getById($customerId);
+            $this->session->setCustomerData($customer);
+            $this->session->setCustomerGroupId($customer->getGroupId());
+            $this->notificationStorage->remove(
+                NotificationStorage::UPDATE_CUSTOMER_SESSION,
+                $customer->getId()
+            );
+        } catch (NoSuchEntityException $e) {
+            $this->logger->error($e);
         }
     }
 
@@ -131,8 +163,8 @@ private function isFrontendRequest(): bool
      * @param int $customerId
      * @return bool
      */
-    private function isSessionUpdateRegisteredFor($customerId): bool
+    private function isSessionUpdateRegisteredFor(int $customerId): bool
     {
-        return $this->notificationStorage->isExists(NotificationStorage::UPDATE_CUSTOMER_SESSION, $customerId);
+        return (bool)$this->notificationStorage->isExists(NotificationStorage::UPDATE_CUSTOMER_SESSION, $customerId);
     }
 }
diff --git a/app/code/Magento/Customer/Test/Unit/Model/Plugin/CustomerNotificationTest.php b/app/code/Magento/Customer/Test/Unit/Model/Plugin/CustomerNotificationTest.php
@@ -20,7 +20,13 @@
 use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 use Psr\Log\LoggerInterface;
+use Magento\Framework\Session\StorageInterface;
 
+/**
+ * Unit test for CustomerNotification plugin
+ *
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ */
 class CustomerNotificationTest extends TestCase
 {
     private const STUB_CUSTOMER_ID = 1;
@@ -65,6 +71,11 @@ class CustomerNotificationTest extends TestCase
      */
     private $plugin;
 
+    /**
+     * @var StorageInterface|MockObject
+     */
+    private $storage;
+
     protected function setUp(): void
     {
         $this->sessionMock = $this->createMock(Session::class);
@@ -87,19 +98,27 @@ protected function setUp(): void
             ->with(NotificationStorage::UPDATE_CUSTOMER_SESSION, self::STUB_CUSTOMER_ID)
             ->willReturn(true);
 
+        $this->storage = $this
+            ->getMockBuilder(StorageInterface::class)
+            ->addMethods(['getData', 'setData'])
+            ->disableOriginalConstructor()
+            ->getMockForAbstractClass();
+
         $this->plugin = new CustomerNotification(
             $this->sessionMock,
             $this->notificationStorageMock,
             $this->appStateMock,
             $this->customerRepositoryMock,
             $this->loggerMock,
-            $this->requestMock
+            $this->requestMock,
+            $this->storage
         );
     }
 
     public function testBeforeExecute()
     {
         $customerGroupId = 1;
+        $testSessionId = [uniqid()];
 
         $customerMock = $this->getMockForAbstractClass(CustomerInterface::class);
         $customerMock->method('getGroupId')->willReturn($customerGroupId);
@@ -116,6 +135,10 @@ public function testBeforeExecute()
         $this->sessionMock->expects($this->once())->method('setCustomerData')->with($customerMock);
         $this->sessionMock->expects($this->once())->method('setCustomerGroupId')->with($customerGroupId);
         $this->sessionMock->expects($this->once())->method('regenerateId');
+        $this->storage->expects($this->once())->method('getData')->willReturn($testSessionId);
+        $this->storage
+            ->expects($this->once())
+            ->method('setData');
 
         $this->plugin->beforeExecute($this->actionMock);
     }
diff --git a/app/code/Magento/Customer/etc/frontend/di.xml b/app/code/Magento/Customer/etc/frontend/di.xml
@@ -127,4 +127,7 @@
             </argument>
         </arguments>
     </type>
+    <type name="Magento\Customer\Model\Session">
+        <plugin name="afterLogout" type="Magento\Customer\Model\Plugin\ClearSessionsAfterLogoutPlugin"/>
+    </type>
 </config>
