1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<?php
/**
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/
namespace Magento\User\Observer\Backend;
use Magento\Framework\Event\Observer as EventObserver;
use Magento\Framework\Event\ObserverInterface;
/**
* User backend observer model for passwords
*/
class ForceAdminPasswordChangeObserver implements ObserverInterface
{
/**
* Backend configuration interface
*
* @var \Magento\User\Model\Backend\Config\ObserverConfig
*/
protected $observerConfig;
/**
* Authorization interface
*
* @var \Magento\Framework\AuthorizationInterface
*/
protected $authorization;
/**
* Backend url interface
*
* @var \Magento\Backend\Model\UrlInterface
*/
protected $url;
/**
* Backend session
*
* @var \Magento\Backend\Model\Session
*/
protected $session;
/**
* Backend authorization session
*
* @var \Magento\Backend\Model\Auth\Session
*/
protected $authSession;
/**
* Action flag
*
* @var \Magento\Framework\App\ActionFlag
*/
protected $actionFlag;
/**
* Message manager interface
*
* @var \Magento\Framework\Message\ManagerInterface
*/
protected $messageManager;
/**
* @param \Magento\Framework\AuthorizationInterface $authorization
* @param \Magento\User\Model\Backend\Config\ObserverConfig $observerConfig
* @param \Magento\Backend\Model\UrlInterface $url
* @param \Magento\Backend\Model\Session $session
* @param \Magento\Backend\Model\Auth\Session $authSession
* @param \Magento\Framework\App\ActionFlag $actionFlag
* @param \Magento\Framework\Message\ManagerInterface $messageManager
*/
public function __construct(
\Magento\Framework\AuthorizationInterface $authorization,
\Magento\User\Model\Backend\Config\ObserverConfig $observerConfig,
\Magento\Backend\Model\UrlInterface $url,
\Magento\Backend\Model\Session $session,
\Magento\Backend\Model\Auth\Session $authSession,
\Magento\Framework\App\ActionFlag $actionFlag,
\Magento\Framework\Message\ManagerInterface $messageManager
) {
$this->authorization = $authorization;
$this->observerConfig = $observerConfig;
$this->url = $url;
$this->session = $session;
$this->authSession = $authSession;
$this->actionFlag = $actionFlag;
$this->messageManager = $messageManager;
}
/**
* Force admin to change password
*
* @param EventObserver $observer
* @return void
*/
public function execute(EventObserver $observer)
{
if (!$this->observerConfig->isPasswordChangeForced()) {
return;
}
if (!$this->authSession->isLoggedIn()) {
return;
}
$actionList = [
'adminhtml_system_account_index',
'adminhtml_system_account_save',
'adminhtml_auth_logout',
'mui_index_render'
];
/** @var \Magento\Framework\App\Action\Action $controller */
$controller = $observer->getEvent()->getControllerAction();
/** @var \Magento\Framework\App\RequestInterface $request */
$request = $observer->getEvent()->getRequest();
if ($this->authSession->getPciAdminUserIsPasswordExpired()) {
if (!in_array($request->getFullActionName(), $actionList)) {
if ($this->authorization->isAllowed('Magento_Backend::myaccount')) {
$controller->getResponse()->setRedirect($this->url->getUrl('adminhtml/system_account/'));
$this->actionFlag->set('', \Magento\Framework\App\Action\Action::FLAG_NO_DISPATCH, true);
$this->actionFlag->set('', \Magento\Framework\App\Action\Action::FLAG_NO_POST_DISPATCH, true);
} else {
/*
* if admin password is expired and access to 'My Account' page is denied
* than we need to do force logout with error message
*/
$this->authSession->clearStorage();
$this->session->clearStorage();
$this->messageManager->addErrorMessage(
__('Your password has expired; please contact your administrator.')
);
$controller->getRequest()->setDispatched(false);
}
}
}
}
}