handle dates with store time (#22833: Short-term admin accounts)

Author: lfolco

app/code/Magento/Security/Model/ResourceModel/UserExpiration.php

@@ -20,6 +20,35 @@ class UserExpiration extends \Magento\Framework\Model\ResourceModel\Db\AbstractD
      */
     protected $_isPkAutoIncrement = false;
 
+    /**
+     * @var \Magento\Framework\Stdlib\DateTime\TimezoneInterface
+     */
+    private $timezone;
+
+    /**
+     * @var \Magento\Framework\Stdlib\DateTime\DateTime
+     */
+    private $dateTime;
+
+    /**
+     * UserExpiration constructor.
+     *
+     * @param \Magento\Framework\Model\ResourceModel\Db\Context $context
+     * @param \Magento\Framework\Stdlib\DateTime\TimezoneInterface $timezone
+     * @param \Magento\Framework\Stdlib\DateTime\DateTime $dateTime
+     * @param null $connectionName
+     */
+    public function __construct(
+        \Magento\Framework\Model\ResourceModel\Db\Context $context,
+        \Magento\Framework\Stdlib\DateTime\TimezoneInterface $timezone,
+        \Magento\Framework\Stdlib\DateTime\DateTime $dateTime,
+        $connectionName = null
+    ) {
+        parent::__construct($context, $connectionName);
+        $this->timezone = $timezone;
+        $this->dateTime = $dateTime;
+    }
+
     /**
      * Define main table
      *
@@ -31,19 +60,34 @@ protected function _construct()
     }
 
     /**
-     * Perform actions before object save
+     * Convert to UTC time.
      *
-     * @param \Magento\Framework\Model\AbstractModel $object
+     * @param \Magento\Framework\Model\AbstractModel $userExpiration
      * @return $this
-     * @throws \Magento\Framework\Exception\LocalizedException
      */
-    public function _beforeSave(\Magento\Framework\Model\AbstractModel $object)
+    protected function _beforeSave(\Magento\Framework\Model\AbstractModel $userExpiration)
     {
-        /** @var $object \Magento\Security\Model\UserExpiration */
-        if ($object->getExpiresAt() instanceof \DateTimeInterface) {
+        /** @var $userExpiration \Magento\Security\Model\UserExpiration */
+        $expiresAt = $userExpiration->getExpiresAt();
+        $utcValue = $this->dateTime->gmtDate('Y-m-d H:i:s', $expiresAt);
+        $userExpiration->setExpiresAt($utcValue);
+
+        return $this;
+    }
 
-            // TODO: use this? need to check if we're ever passing in a \DateTimeInterface or if it's always a string
-            $object->setExpiresAt($object->getExpiresAt()->format('Y-m-d H:i:s'));
+    /**
+     * Convert to store time.
+     *
+     * @param \Magento\Framework\Model\AbstractModel $userExpiration
+     * @return $this|\Magento\Framework\Model\ResourceModel\Db\AbstractDb
+     * @throws \Exception
+     */
+    protected function _afterLoad(\Magento\Framework\Model\AbstractModel $userExpiration)
+    {
+        /** @var $userExpiration \Magento\Security\Model\UserExpiration */
+        if ($userExpiration->getExpiresAt()) {
+            $storeValue = $this->timezone->date($userExpiration->getExpiresAt());
+            $userExpiration->setExpiresAt($storeValue);
         }
 
         return $this;

app/code/Magento/Security/Model/UserExpiration.php

@@ -10,38 +10,11 @@
 /**
  * Admin User Expiration model.
  * @method string getExpiresAt()
- * @method \Magento\Security\Model\UserExpiration setExpiresAt(string $value)
+ * @method \Magento\Security\Model\UserExpiration setExpiresAt($value)
  */
 class UserExpiration extends \Magento\Framework\Model\AbstractModel
 {
 
-    /**
-     * @var UserExpiration\Validator
-     */
-    private $validator;
-
-    /**
-     * UserExpiration constructor.
-     *
-     * @param \Magento\Framework\Model\Context $context
-     * @param \Magento\Framework\Registry $registry
-     * @param UserExpiration\Validator $validator
-     * @param \Magento\Framework\Model\ResourceModel\AbstractResource|null $resource
-     * @param \Magento\Framework\Data\Collection\AbstractDb|null $resourceCollection
-     * @param array $data
-     */
-    public function __construct(
-        \Magento\Framework\Model\Context $context,
-        \Magento\Framework\Registry $registry,
-        \Magento\Security\Model\UserExpiration\Validator $validator,
-        \Magento\Framework\Model\ResourceModel\AbstractResource $resource = null,
-        \Magento\Framework\Data\Collection\AbstractDb $resourceCollection = null,
-        array $data = []
-    ) {
-        parent::__construct($context, $registry, $resource, $resourceCollection, $data);
-        $this->validator = $validator;
-    }
-
     /**
      * Resource initialization
      *
@@ -51,12 +24,4 @@ protected function _construct()
     {
         $this->_init(\Magento\Security\Model\ResourceModel\UserExpiration::class);
     }
-
-    /**
-     * TODO: remove and use a plugin on UserValidationRules
-     */
-//    protected function _getValidationRulesBeforeSave()
-//    {
-//        return $this->validator;
-//    }
 }

app/code/Magento/Security/Model/UserExpiration/Validator.php

@@ -16,6 +16,15 @@
  */
 class Validator extends AbstractValidator
 {
+    /**@var \Magento\Framework\Stdlib\DateTime\DateTime */
+    private $dateTime;
+
+    public function __construct(
+        \Magento\Framework\Stdlib\DateTime\DateTime $dateTime
+    ) {
+
+        $this->dateTime = $dateTime;
+    }
 
     /**
      * Ensure that the given date is later than the current date.
@@ -31,9 +40,8 @@ public function isValid($value)
         $expiresAt = $value;
         $label = 'Expiration date';
         if (\Zend_Validate::is($expiresAt, 'NotEmpty')) {
-            $currentTime = new \DateTime();
-            $expiresAt = new \DateTime($expiresAt);
-
+            $currentTime = $this->dateTime->gmtTimestamp();
+            $expiresAt = $this->dateTime->gmtTimestamp($value);
             if ($expiresAt < $currentTime) {
                 $messages['expires_at'] = __('"%1" must be later than the current date.', $label);
             }

app/code/Magento/Security/Model/UserExpirationManager.php

@@ -10,7 +10,7 @@
 use Magento\Security\Model\ResourceModel\UserExpiration\Collection as ExpiredUsersCollection;
 
 /**
- * Class to handle expired admin users.
+ * Class to handle admin user expirations.
  */
 class UserExpirationManager
 {
@@ -107,7 +107,6 @@ public function deactivateExpiredUsers(?array $userIds = null): void
 
     /**
      * Check if the given user is expired.
-     * // TODO: check users expired an hour ago (timezone stuff)
      *
      * @param \Magento\User\Model\User $user
      * @return bool

app/code/Magento/Security/Observer/AdminUserAuthenticateBefore.php

@@ -56,7 +56,7 @@ public function execute(Observer $observer)
         /** @var \Magento\User\Model\User $user */
         $user = $this->user->loadByUsername($username);
 
-        if ($this->userExpirationManager->userIsExpired($user)) {
+        if ($user->getId() && $this->userExpirationManager->userIsExpired($user)) {
             $this->userExpirationManager->deactivateExpiredUsers([$user->getId()]);
             throw new AuthenticationException(
                 __(

app/code/Magento/User/Block/User/Edit/Tab/Main.php

@@ -169,16 +169,22 @@ protected function _prepareForm()
                 ]
             );
         }
-        // TODO: use store time and convert to GMT
+
+        $dateFormat = $this->_localeDate->getDateFormat(
+            \IntlDateFormatter::MEDIUM
+        );
+        $timeFormat = $this->_localeDate->getTimeFormat(
+            \IntlDateFormatter::MEDIUM
+        );
         $baseFieldset->addField(
             'expires_at',
             'date',
             [
                 'name' => 'expires_at',
                 'label' => __('Expiration Date'),
                 'title' => __('Expiration Date'),
-                'date_format' => 'yyyy-MM-dd',
-                'time_format' => 'hh:mm:ss',
+                'date_format' => $dateFormat,
+                'time_format' => $timeFormat,
                 'class' => 'validate-date',
             ]
         );

dev/tests/integration/testsuite/Magento/Security/Model/UserExpirationManagerTest.php

@@ -44,8 +44,8 @@ protected function setUp()
             ->setCurrentScope(\Magento\Backend\App\Area\FrontNameResolver::AREA_CODE);
         $this->auth = $this->objectManager->create(\Magento\Backend\Model\Auth::class);
         $this->authSession = $this->objectManager->create(\Magento\Backend\Model\Auth\Session::class);
-        $this->auth->setAuthStorage($this->authSession);
         $this->adminSessionInfo = $this->objectManager->create(\Magento\Security\Model\AdminSessionInfo::class);
+        $this->auth->setAuthStorage($this->authSession);
         $this->userExpirationManager =
             $this->objectManager->create(\Magento\Security\Model\UserExpirationManager::class);
     }
@@ -67,7 +67,6 @@ protected function tearDown()
      */
     public function testUserIsExpired()
     {
-        static::markTestSkipped();
         $adminUserNameFromFixture = 'adminUserExpired';
         $user = $this->loadUserByUsername($adminUserNameFromFixture);
         static::assertTrue($this->userExpirationManager->userIsExpired($user));
@@ -121,7 +120,6 @@ public function testDeactivateExpiredUsersWithNonExpiredUser()
      */
     public function testDeactivateExpiredUsers()
     {
-        static::markTestSkipped();
         $notExpiredUser = $this->loadUserByUsername('adminUserNotExpired');
         $expiredUser = $this->loadUserByUsername('adminUserExpired');
         $this->userExpirationManager->deactivateExpiredUsers();