Merge branch 'magento-commerce:2.4-develop' into B2B-1875

Author: avattam06

app/code/Magento/Customer/Api/SessionCleanerInterface.php

@@ -13,7 +13,7 @@
 interface SessionCleanerInterface
 {
     /**
-     * Destroy all active customer sessions related to given customer except current session.
+     * Destroy all active customer sessions related to given customer id, including current session.
      *
      * @param int $customerId
      * @return void

app/code/Magento/Customer/Controller/Account/EditPost.php

@@ -4,6 +4,7 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
 
 namespace Magento\Customer\Controller\Account;
 
@@ -226,7 +227,7 @@ public function execute()
 
             try {
                 // whether a customer enabled change email option
-                $this->processChangeEmailRequest($currentCustomerDataObject);
+                $isEmailChanged = $this->processChangeEmailRequest($currentCustomerDataObject);
 
                 // whether a customer enabled change password option
                 $isPasswordChanged = $this->changeCustomerPassword($currentCustomerDataObject->getEmail());
@@ -242,8 +243,8 @@ public function execute()
                 );
                 $this->dispatchSuccessEvent($customerCandidateDataObject);
                 $this->messageManager->addSuccessMessage(__('You saved the account information.'));
-                // logout from current session if password changed.
-                if ($isPasswordChanged) {
+                // logout from current session if password or email changed.
+                if ($isPasswordChanged || $isEmailChanged) {
                     $this->session->logout();
                     $this->session->start();
                     return $resultRedirect->setPath('customer/account/login');
@@ -364,7 +365,7 @@ protected function changeCustomerPassword($email)
      * Process change email request
      *
      * @param CustomerInterface $currentCustomerDataObject
-     * @return void
+     * @return bool
      * @throws InvalidEmailOrPasswordException
      * @throws UserLockedException
      */
@@ -377,13 +378,15 @@ private function processChangeEmailRequest(CustomerInterface $currentCustomerDat
                     $currentCustomerDataObject->getId(),
                     $this->getRequest()->getPost('current_password')
                 );
-                $this->sessionCleaner->clearFor($currentCustomerDataObject->getId());
+                $this->sessionCleaner->clearFor((int) $currentCustomerDataObject->getId());
+                return true;
             } catch (InvalidEmailOrPasswordException $e) {
                 throw new InvalidEmailOrPasswordException(
                     __("The password doesn't match this account. Verify the password and try again.")
                 );
             }
         }
+        return false;
     }
 
     /**

app/code/Magento/Customer/Model/ResourceModel/Customer.php

@@ -3,14 +3,15 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
 
 namespace Magento\Customer\Model\ResourceModel;
 
 use Magento\Customer\Model\AccountConfirmation;
 use Magento\Customer\Model\Customer\NotificationStorage;
 use Magento\Framework\App\ObjectManager;
-use Magento\Framework\Validator\Exception as ValidatorException;
 use Magento\Framework\Exception\AlreadyExistsException;
+use Magento\Framework\Validator\Exception as ValidatorException;
 
 /**
  * Customer entity resource model
@@ -403,4 +404,45 @@ public function changeResetPasswordLinkToken(\Magento\Customer\Model\Customer $c
         }
         return $this;
     }
+
+    /**
+     * Gets the session cut off timestamp string for provided customer id.
+     *
+     * @param int $customerId
+     * @return int|null
+     */
+    public function findSessionCutOff(int $customerId): ?int
+    {
+        $connection = $this->getConnection();
+        $select = $connection->select()->from(
+            ['customer_table' => $this->getTable('customer_entity')],
+            ['session_cutoff' => 'customer_table.session_cutoff']
+        )->where(
+            'entity_id =?',
+            $customerId
+        )->limit(
+            1
+        );
+        $lookup = $connection->fetchRow($select);
+        if (empty($lookup) || $lookup['session_cutoff'] == null) {
+            return null;
+        }
+        return strtotime($lookup['session_cutoff']);
+    }
+
+    /**
+     * Update session cutoff column value for customer
+     *
+     * @param int $customerId
+     * @param int $timestamp
+     * @return void
+     */
+    public function updateSessionCutOff(int $customerId, int $timestamp): void
+    {
+        $this->getConnection()->update(
+            $this->getTable('customer_entity'),
+            ['session_cutoff' => $this->dateTime->formatDate($timestamp)],
+            $this->getConnection()->quoteInto('entity_id = ?', $customerId)
+        );
+    }
 }

app/code/Magento/Customer/Model/ResourceModel/Visitor.php

@@ -3,6 +3,7 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
 
 namespace Magento\Customer\Model\ResourceModel;
 
@@ -59,7 +60,6 @@ protected function _prepareDataForSave(\Magento\Framework\Model\AbstractModel $v
     {
         return [
             'customer_id' => $visitor->getCustomerId(),
-            'session_id' => $visitor->getSessionId(),
             'last_visit_at' => $visitor->getLastVisitAt()
         ];
     }
@@ -95,4 +95,45 @@ public function clean(\Magento\Customer\Model\Visitor $object)
 
         return $this;
     }
+
+    /**
+     * Gets created at value for the visitor id.
+     *
+     * @param int $visitorId
+     * @return int|null
+     */
+    public function fetchCreatedAt(int $visitorId): ?int
+    {
+        $connection = $this->getConnection();
+        $select = $connection->select()->from(
+            ['visitor_table' => $this->getTable('customer_visitor')],
+            ['created_at' => 'visitor_table.created_at']
+        )->where(
+            'visitor_table.visitor_id = ?',
+            (string) $visitorId
+        )->limit(
+            1
+        );
+        $lookup = $connection->fetchRow($select);
+        if (empty($lookup) || $lookup['created_at'] == null) {
+            return null;
+        }
+        return strtotime($lookup['created_at']);
+    }
+
+    /**
+     * Update visitor session created at column value
+     *
+     * @param int $visitorId
+     * @param int $timestamp
+     * @return void
+     */
+    public function updateCreatedAt(int $visitorId, int $timestamp): void
+    {
+        $this->getConnection()->update(
+            $this->getTable('customer_visitor'),
+            ['created_at' => $this->dateTime->formatDate($timestamp)],
+            $this->getConnection()->quoteInto('visitor_id = ?', $visitorId)
+        );
+    }
 }

app/code/Magento/Customer/Model/Session.php

@@ -3,6 +3,8 @@
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
+declare(strict_types=1);
+
 namespace Magento\Customer\Model;
 
 use Magento\Customer\Api\CustomerRepositoryInterface;
@@ -11,6 +13,7 @@
 use Magento\Customer\Model\Config\Share;
 use Magento\Customer\Model\ResourceModel\Customer as ResourceCustomer;
 use Magento\Framework\App\ObjectManager;
+use Magento\Framework\Session\Generic;
 
 /**
  * Customer session model
@@ -70,7 +73,7 @@ class Session extends \Magento\Framework\Session\SessionManager
     protected $_configShare;
 
     /**
-     * @var \Magento\Framework\Session\Generic
+     * @var Generic
      */
     protected $_session;
 
@@ -132,7 +135,7 @@ class Session extends \Magento\Framework\Session\SessionManager
      * @param ResourceCustomer $customerResource
      * @param CustomerFactory $customerFactory
      * @param \Magento\Framework\UrlFactory $urlFactory
-     * @param \Magento\Framework\Session\Generic $session
+     * @param Generic $session
      * @param \Magento\Framework\Event\ManagerInterface $eventManager
      * @param \Magento\Framework\App\Http\Context $httpContext
      * @param CustomerRepositoryInterface $customerRepository
@@ -158,7 +161,7 @@ public function __construct(
         ResourceCustomer $customerResource,
         CustomerFactory $customerFactory,
         \Magento\Framework\UrlFactory $urlFactory,
-        \Magento\Framework\Session\Generic $session,
+        Generic $session,
         \Magento\Framework\Event\ManagerInterface $eventManager,
         \Magento\Framework\App\Http\Context $httpContext,
         CustomerRepositoryInterface $customerRepository,
@@ -176,6 +179,10 @@ public function __construct(
         $this->customerRepository = $customerRepository;
         $this->_eventManager = $eventManager;
         $this->_httpContext = $httpContext;
+        $this->groupManagement = $groupManagement;
+        $this->response = $response;
+        $this->accountConfirmation = $accountConfirmation ?: ObjectManager::getInstance()
+            ->get(AccountConfirmation::class);
         parent::__construct(
             $request,
             $sidResolver,
@@ -187,10 +194,6 @@ public function __construct(
             $cookieMetadataFactory,
             $appState
         );
-        $this->groupManagement = $groupManagement;
-        $this->response = $response;
-        $this->accountConfirmation = $accountConfirmation ?: ObjectManager::getInstance()
-            ->get(AccountConfirmation::class);
         $this->_eventManager->dispatch('customer_session_init', ['customer_session' => $this]);
     }
 
@@ -510,6 +513,7 @@ public function logout()
      *
      * @param   bool|null $loginUrl
      * @return  bool
+     * @throws \Magento\Framework\Exception\SessionException
      */
     public function authenticate($loginUrl = null)
     {

app/code/Magento/Customer/Model/Session/SessionCleaner.php

@@ -8,14 +8,14 @@
 namespace Magento\Customer\Model\Session;
 
 use Magento\Customer\Api\SessionCleanerInterface;
+use Magento\Customer\Model\ResourceModel\Customer as CustomerResourceModel;
+use Magento\Customer\Model\ResourceModel\Visitor as VisitorResourceModel;
 use Magento\Customer\Model\ResourceModel\Visitor\CollectionFactory as VisitorCollectionFactory;
 use Magento\Framework\App\Config\ScopeConfigInterface;
+use Magento\Framework\App\ObjectManager;
 use Magento\Framework\Intl\DateTimeFactory;
-use Magento\Framework\Session\Config;
 use Magento\Framework\Session\SaveHandlerInterface;
 use Magento\Framework\Session\SessionManagerInterface;
-use Magento\Framework\Stdlib\DateTime;
-use Magento\Store\Model\ScopeInterface;
 
 /**
  * Deletes all session data which relates to customer, including current session data.
@@ -50,46 +50,57 @@ class SessionCleaner implements SessionCleanerInterface
     private $saveHandler;
 
     /**
-     * @inheritdoc
+     * @var CustomerResourceModel
+     */
+    private $customerResourceModel;
+
+    /**
+     * @var VisitorResourceModel
+     */
+    private $visitorResourceModel;
+
+    /**
+     * @param ScopeConfigInterface $scopeConfig
+     * @param DateTimeFactory $dateTimeFactory
+     * @param VisitorCollectionFactory $visitorCollectionFactory
+     * @param SessionManagerInterface $sessionManager
+     * @param SaveHandlerInterface $saveHandler
+     * @param CustomerResourceModel|null $customerResourceModel
+     * @param VisitorResourceModel|null $visitorResourceModel
      */
     public function __construct(
         ScopeConfigInterface $scopeConfig,
         DateTimeFactory $dateTimeFactory,
         VisitorCollectionFactory $visitorCollectionFactory,
         SessionManagerInterface $sessionManager,
-        SaveHandlerInterface $saveHandler
+        SaveHandlerInterface $saveHandler,
+        CustomerResourceModel $customerResourceModel = null,
+        VisitorResourceModel $visitorResourceModel = null
     ) {
         $this->scopeConfig = $scopeConfig;
         $this->dateTimeFactory = $dateTimeFactory;
         $this->visitorCollectionFactory = $visitorCollectionFactory;
         $this->sessionManager = $sessionManager;
         $this->saveHandler = $saveHandler;
+        $this->customerResourceModel = $customerResourceModel
+            ?: ObjectManager::getInstance()->get(CustomerResourceModel::class);
+
+        $this->visitorResourceModel = $visitorResourceModel
+            ?: ObjectManager::getInstance()->get(VisitorResourceModel::class);
     }
 
     /**
      * @inheritdoc
      */
     public function clearFor(int $customerId): void
     {
-        $sessionLifetime = $this->scopeConfig->getValue(
-            Config::XML_PATH_COOKIE_LIFETIME,
-            ScopeInterface::SCOPE_STORE
-        );
         $dateTime = $this->dateTimeFactory->create();
-        $activeSessionsTime = $dateTime->setTimestamp($dateTime->getTimestamp() - $sessionLifetime)
-            ->format(DateTime::DATETIME_PHP_FORMAT);
-        /** @var \Magento\Customer\Model\ResourceModel\Visitor\Collection $visitorCollection */
-        $visitorCollection = $this->visitorCollectionFactory->create();
-        $visitorCollection->addFieldToFilter('customer_id', $customerId);
-        $visitorCollection->addFieldToFilter('last_visit_at', ['from' => $activeSessionsTime]);
-        $visitorCollection->addFieldToFilter('session_id', ['neq' => $this->sessionManager->getSessionId()]);
-
-        /** @var \Magento\Customer\Model\Visitor $visitor */
-        foreach ($visitorCollection->getItems() as $visitor) {
-            $sessionId = $visitor->getSessionId();
-            $this->sessionManager->start();
-            $this->saveHandler->destroy($sessionId);
-            $this->sessionManager->writeClose();
+        $timestamp = $dateTime->getTimestamp();
+        $this->customerResourceModel->updateSessionCutOff($customerId, $timestamp);
+        if ($this->sessionManager->getVisitorData() !== null) {
+            $visitorId = $this->sessionManager->getVisitorData()['visitor_id'];
+            $this->visitorResourceModel->updateCreatedAt((int) $visitorId, $timestamp + 1);
         }
     }
 }
+