🔃 [Magento Community Engineering] Community Contributions

Accepted Community Pull Requests:
 - #22837: Short-term admin accounts #22833 (by @lfolco)


Fixed GitHub Issues:
 - #22833: Short-term admin accounts (reported by @piotrekkaminski) has been fixed in #22837 by @lfolco in 2.4-develop branch
   Related commits:
     1. fa1f103
     2. 451fae8
     3. 70821f0
     4. b17c54d
     5. c0c6825
     6. 6e2043e
     7. 9136564
     8. 37c9d12
     9. 8b5bec6
     10. 0b78cbb
     11. 976076f
     12. db95a0d
     13. cf66338
     14. c552e5f
     15. f44ac3e
     16. d5855ba
     17. 439f565
     18. c6f455d
     19. 32f8741
     20. a6511f5
     21. ae08dad
     22. 54882c3
     23. ad4628b
     24. 3c608fd
     25. e4ec0e2
     26. 13bfde2
     27. e51bf0a
     28. 185d640
     29. 071f993
     30. b407c8c
     31. 47a9ed7
     32. b631f9d
     33. 6407af8
     34. 75664d4
     35. c384fab
     36. cd53ca4
     37. 581ace6
     38. 13038fc
     39. 2122209
     40. 192f8e8
     41. c5ac841
     42. 57dda2e
     43. 05fae71
     44. 6378fe6
     45. 1535364
     46. c8e1e93
     47. 437cbf0
     48. 60f5710
     49. 9e82e91
     50. 61d3ffa
     51. e87d4e6
     52. bad8f2b
     53. 6406d93
     54. e13b5e4
     55. 83e393e
     56. d2538ad
     57. b16de6b
     58. b195ca0
     59. 1089987
     60. 581988a
     61. f185806
     62. d8c8473
     63. 0f91a9d
     64. 8036e29
     65. 45d648f
     66. 970510c
     67. 78dc3b5
     68. 171c4c9
     69. 89b8512
     70. bcef590
     71. 627273b
     72. 6b8e89e
     73. 9e6f316
     74. 20f2f0e
     75. 1b1c12e
     76. 91e0604
     77. 47dfddb
     78. c6f9e6b
     79. df0c97c
     80. babc965
     81. 4c4149f
     82. 33a5d36
     83. 0ed4e6a
     84. 74389d7
     85. 5111c05
     86. 9d8ce1c
     87. 95fce13
     88. 932559d
     89. 7fee060
     90. 5e6fdeb
     91. 3a67bc8
     92. b03b0a0
     93. c8a41b7
     94. 107cb5f
     95. bef0bd5
     96. 6ef861e
     97. d65e609
     98. c8cfb5b

Author: magento-engcom-team

app/code/Magento/Analytics/Test/Mftf/Test/AdminConfigurationPermissionTest.xml

@@ -35,8 +35,9 @@
         <waitForPageLoad time="30" stepKey="wait2"/>
         <seeInField selector="{{AdminEditUserSection.usernameTextField}}" userInput="$$noReportUser.username$$" stepKey="seeUsernameInField"/>
         <fillField selector="{{AdminEditUserSection.currentPasswordField}}" userInput="{{_ENV.MAGENTO_ADMIN_PASSWORD}}" stepKey="fillCurrentPassword"/>
-        <click selector="{{AdminEditUserSection.userRoleTab}}" stepKey="clickUserRoleTab"/>
+        <scrollToTopOfPage stepKey="scrollToTopOfPage"/>
 
+        <click selector="{{AdminEditUserSection.userRoleTab}}" stepKey="clickUserRoleTab"/>
         <fillField selector="{{AdminEditUserSection.roleNameFilterTextField}}" userInput="$$noReportUserRole.rolename$$" stepKey="fillRoleNameSearch"/>
         <click selector="{{AdminEditUserSection.searchButton}}" stepKey="clickSearchButtonUserRole"/>
         <waitForPageLoad time="10" stepKey="wait3"/>

app/code/Magento/Security/Api/Data/UserExpirationInterface.php

@@ -0,0 +1,67 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+declare(strict_types=1);
+
+namespace Magento\Security\Api\Data;
+
+use \Magento\Security\Api\Data\UserExpirationExtensionInterface;
+
+/**
+ * Interface UserExpirationInterface to be used as a DTO for expires_at property on User model.
+ */
+interface UserExpirationInterface extends \Magento\Framework\Api\ExtensibleDataInterface
+{
+
+    public const EXPIRES_AT = 'expires_at';
+
+    public const USER_ID = 'user_id';
+
+    /**
+     * `expires_at` getter.
+     *
+     * @return string
+     */
+    public function getExpiresAt();
+
+    /**
+     * `expires_at` setter.
+     *
+     * @param string $expiresAt
+     * @return $this
+     */
+    public function setExpiresAt($expiresAt);
+
+    /**
+     * `user_id` getter.
+     *
+     * @return string
+     */
+    public function getUserId();
+
+    /**
+     * `user_id` setter.
+     *
+     * @param string $userId
+     * @return $this
+     */
+    public function setUserId($userId);
+
+    /**
+     * Retrieve existing extension attributes object or create a new one.
+     *
+     * @return \Magento\Security\Api\Data\UserExpirationExtensionInterface|null
+     */
+    public function getExtensionAttributes();
+
+    /**
+     * Set an extension attributes object.
+     *
+     * @param \Magento\Security\Api\Data\UserExpirationExtensionInterface $extensionAttributes
+     * @return $this
+     */
+    public function setExtensionAttributes(UserExpirationExtensionInterface $extensionAttributes);
+}

app/code/Magento/Security/Model/Plugin/AdminUserForm.php

@@ -0,0 +1,112 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Security\Model\Plugin;
+
+use Magento\Framework\Stdlib\DateTime\TimezoneInterface;
+use Magento\Security\Model\ResourceModel\UserExpiration;
+use Magento\Security\Model\UserExpirationFactory;
+
+/**
+ * Add the `expires_at` form field to the User main form.
+ */
+class AdminUserForm
+{
+
+    /**
+     * @var TimezoneInterface
+     */
+    private $localeDate;
+
+    /**
+     * @var UserExpiration
+     */
+    private $userExpirationResource;
+
+    /**
+     * @var UserExpirationFactory
+     */
+    private $userExpirationFactory;
+
+    /**
+     * UserForm constructor.
+     *
+     * @param TimezoneInterface $localeDate
+     * @param UserExpirationFactory $userExpirationFactory
+     * @param UserExpiration $userExpirationResource
+     */
+    public function __construct(
+        TimezoneInterface $localeDate,
+        UserExpirationFactory $userExpirationFactory,
+        UserExpiration $userExpirationResource
+    ) {
+        $this->localeDate = $localeDate;
+        $this->userExpirationResource = $userExpirationResource;
+        $this->userExpirationFactory = $userExpirationFactory;
+    }
+
+    /**
+     * Add the `expires_at` field to the admin user edit form.
+     *
+     * @param \Magento\User\Block\User\Edit\Tab\Main $subject
+     * @param \Closure $proceed
+     * @return mixed
+     */
+    public function aroundGetFormHtml(
+        \Magento\User\Block\User\Edit\Tab\Main $subject,
+        \Closure $proceed
+    ) {
+        /** @var \Magento\Framework\Data\Form $form */
+        $form = $subject->getForm();
+        if (is_object($form)) {
+            $dateFormat = $this->localeDate->getDateFormat(
+                \IntlDateFormatter::MEDIUM
+            );
+            $timeFormat = $this->localeDate->getTimeFormat(
+                \IntlDateFormatter::MEDIUM
+            );
+            $fieldset = $form->getElement('base_fieldset');
+            $userIdField = $fieldset->getElements()->searchById('user_id');
+            $userExpirationValue = null;
+            if ($userIdField) {
+                $userId = $userIdField->getValue();
+                $userExpirationValue = $this->loadUserExpirationByUserId($userId);
+            }
+            $fieldset->addField(
+                'expires_at',
+                'date',
+                [
+                    'name' => 'expires_at',
+                    'label' => __('Expiration Date'),
+                    'title' => __('Expiration Date'),
+                    'date_format' => $dateFormat,
+                    'time_format' => $timeFormat,
+                    'class' => 'validate-date',
+                    'value' => $userExpirationValue,
+                ]
+            );
+
+            $subject->setForm($form);
+        }
+
+        return $proceed();
+    }
+
+    /**
+     * Loads a user expiration record by user ID.
+     *
+     * @param string $userId
+     * @return string
+     */
+    private function loadUserExpirationByUserId($userId)
+    {
+        /** @var \Magento\Security\Model\UserExpiration $userExpiration */
+        $userExpiration = $this->userExpirationFactory->create();
+        $this->userExpirationResource->load($userExpiration, $userId);
+        return $userExpiration->getExpiresAt();
+    }
+}

app/code/Magento/Security/Model/Plugin/AuthSession.php

@@ -7,6 +7,7 @@
 
 use Magento\Backend\Model\Auth\Session;
 use Magento\Security\Model\AdminSessionsManager;
+use Magento\Security\Model\UserExpirationManager;
 
 /**
  * Magento\Backend\Model\Auth\Session decorator
@@ -33,22 +34,32 @@ class AuthSession
      */
     protected $securityCookie;
 
+    /**
+     * @var UserExpirationManager
+     */
+    private $userExpirationManager;
+
     /**
      * @param \Magento\Framework\App\RequestInterface $request
      * @param \Magento\Framework\Message\ManagerInterface $messageManager
      * @param AdminSessionsManager $sessionsManager
      * @param \Magento\Security\Model\SecurityCookie $securityCookie
+     * @param UserExpirationManager|null $userExpirationManager
      */
     public function __construct(
         \Magento\Framework\App\RequestInterface $request,
         \Magento\Framework\Message\ManagerInterface $messageManager,
         AdminSessionsManager $sessionsManager,
-        \Magento\Security\Model\SecurityCookie $securityCookie
+        \Magento\Security\Model\SecurityCookie $securityCookie,
+        \Magento\Security\Model\UserExpirationManager $userExpirationManager = null
     ) {
         $this->request = $request;
         $this->messageManager = $messageManager;
         $this->sessionsManager = $sessionsManager;
         $this->securityCookie = $securityCookie;
+        $this->userExpirationManager = $userExpirationManager ?:
+            \Magento\Framework\App\ObjectManager::getInstance()
+                ->get(\Magento\Security\Model\UserExpirationManager::class);
     }
 
     /**
@@ -64,6 +75,11 @@ public function aroundProlong(Session $session, \Closure $proceed)
             $session->destroy();
             $this->addUserLogoutNotification();
             return null;
+        } elseif ($this->userExpirationManager->isUserExpired($session->getUser()->getId())) {
+            $this->userExpirationManager->deactivateExpiredUsersById([$session->getUser()->getId()]);
+            $session->destroy();
+            $this->addUserLogoutNotification();
+            return null;
         }
         $result = $proceed();
         $this->sessionsManager->processProlong();

app/code/Magento/Security/Model/Plugin/UserValidationRules.php

@@ -0,0 +1,42 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Security\Model\Plugin;
+
+use Magento\Security\Model\UserExpiration\Validator;
+
+/**
+ * \Magento\User\Model\UserValidationRules decorator
+ */
+class UserValidationRules
+{
+    /**@var Validator */
+    private $validator;
+
+    /**
+     * UserValidationRules constructor.
+     *
+     * @param Validator $validator
+     */
+    public function __construct(Validator $validator)
+    {
+        $this->validator = $validator;
+    }
+
+    /**
+     * Add the Expires At validator to user validation rules.
+     *
+     * @param \Magento\User\Model\UserValidationRules $userValidationRules
+     * @param \Magento\Framework\Validator\DataObject $result
+     * @return \Magento\Framework\Validator\DataObject
+     * @SuppressWarnings(PHPMD.UnusedFormalParameter)
+     */
+    public function afterAddUserInfoRules(\Magento\User\Model\UserValidationRules $userValidationRules, $result)
+    {
+        return $result->addRule($this->validator, 'expires_at');
+    }
+}

app/code/Magento/Security/Model/ResourceModel/UserExpiration.php

@@ -0,0 +1,88 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+declare(strict_types=1);
+
+namespace Magento\Security\Model\ResourceModel;
+
+/**
+ * Admin User Expiration resource model
+ */
+class UserExpiration extends \Magento\Framework\Model\ResourceModel\Db\AbstractDb
+{
+
+    /**
+     * Flag that notifies whether Primary key of table is auto-incremented
+     *
+     * @var bool
+     */
+    protected $_isPkAutoIncrement = false;
+
+    /**
+     * @var \Magento\Framework\Stdlib\DateTime\TimezoneInterface
+     */
+    private $timezone;
+
+    /**
+     * UserExpiration constructor.
+     *
+     * @param \Magento\Framework\Model\ResourceModel\Db\Context $context
+     * @param \Magento\Framework\Stdlib\DateTime\TimezoneInterface $timezone
+     * @param string $connectionName
+     */
+    public function __construct(
+        \Magento\Framework\Model\ResourceModel\Db\Context $context,
+        \Magento\Framework\Stdlib\DateTime\TimezoneInterface $timezone,
+        ?string $connectionName = null
+    ) {
+        parent::__construct($context, $connectionName);
+        $this->timezone = $timezone;
+    }
+
+    /**
+     * Define main table
+     *
+     * @return void
+     */
+    protected function _construct()
+    {
+        $this->_init('admin_user_expiration', 'user_id');
+    }
+
+    /**
+     * Convert to UTC time.
+     *
+     * @param \Magento\Framework\Model\AbstractModel $userExpiration
+     * @return $this
+     * @throws \Magento\Framework\Exception\LocalizedException
+     */
+    protected function _beforeSave(\Magento\Framework\Model\AbstractModel $userExpiration)
+    {
+        /** @var $userExpiration \Magento\Security\Model\UserExpiration */
+        $expiresAt = $userExpiration->getExpiresAt();
+        $utcValue = $this->timezone->convertConfigTimeToUtc($expiresAt);
+        $userExpiration->setExpiresAt($utcValue);
+
+        return $this;
+    }
+
+    /**
+     * Convert to store time.
+     *
+     * @param \Magento\Framework\Model\AbstractModel $userExpiration
+     * @return $this|\Magento\Framework\Model\ResourceModel\Db\AbstractDb
+     * @throws \Exception
+     */
+    protected function _afterLoad(\Magento\Framework\Model\AbstractModel $userExpiration)
+    {
+        /** @var $userExpiration \Magento\Security\Model\UserExpiration */
+        if ($userExpiration->getExpiresAt()) {
+            $storeValue = $this->timezone->date($userExpiration->getExpiresAt());
+            $userExpiration->setExpiresAt($storeValue->format('Y-m-d H:i:s'));
+        }
+
+        return $this;
+    }
+}