move changes out of user and into security (#22833: Short-term admin accounts)

Author: lfolco

app/code/Magento/User/Api/Data/UserInterface.php

@@ -162,19 +162,4 @@ public function getInterfaceLocale();
      * @return $this
      */
     public function setInterfaceLocale($interfaceLocale);
-
-    /**
-     * Get user expiration date.
-     *
-     * @return string
-     */
-    public function getExpiresAt();
-
-    /**
-     * Set user expiration date.
-     *
-     * @param string $expiresAt
-     * @return $this
-     */
-    public function setExpiresAt($expiresAt);
 }

app/code/Magento/User/Block/User/Edit/Tab/Main.php

@@ -169,7 +169,7 @@ protected function _prepareForm()
                 ]
             );
         }
-
+        // TODO: use store time and convert to GMT
         $baseFieldset->addField(
             'expires_at',
             'date',

app/code/Magento/User/Cron/DisableExpiredUsers.php

@@ -13,7 +13,6 @@
  */
 class Collection extends \Magento\Framework\Model\ResourceModel\Db\Collection\AbstractCollection
 {
-
     /**
      * Define resource model
      *
@@ -28,6 +27,7 @@ protected function _construct()
      * Collection Init Select
      *
      * @return $this
+     * @since 101.1.0
      */
     protected function _initSelect()
     {
@@ -42,22 +42,4 @@ protected function _initSelect()
             ['role_name']
         );
     }
-
-    /**
-     * Filter for expired, active users.
-     *
-     * @param string $now
-     * @return $this
-     */
-    public function addActiveExpiredUsersFilter($now = null)
-    {
-        if ($now === null) {
-            $now = new \DateTime();
-            $now->format('Y-m-d H:i:s');
-        }
-        $this->addFieldToFilter('expires_at', ['lt' => $now])
-            ->addFieldToFilter('is_active', 1);
-
-        return $this;
-    }
 }

app/code/Magento/User/Model/ResourceModel/User/Collection.php

@@ -115,12 +115,12 @@ class User extends AbstractModel implements StorageInterface, UserInterface
     protected $_encryptor;
 
     /**
-     * @deprecated
+     * @deprecated 101.1.0
      */
     protected $_transportBuilder;
 
     /**
-     * @deprecated
+     * @deprecated 101.1.0
      */
     protected $_storeManager;
 
@@ -140,7 +140,7 @@ class User extends AbstractModel implements StorageInterface, UserInterface
     private $notificator;
 
     /**
-     * @deprecated
+     * @deprecated 101.1.0
      */
     private $deploymentConfig;
 
@@ -212,14 +212,9 @@ protected function _construct()
      * Removing dependencies and leaving only entity's properties.
      *
      * @return string[]
-     *
-     * @SuppressWarnings(PHPMD.SerializationAware)
-     * @deprecated Do not use PHP serialization.
      */
     public function __sleep()
     {
-        trigger_error('Using PHP serialization is deprecated', E_USER_DEPRECATED);
-
         $properties = parent::__sleep();
         return array_diff(
             $properties,
@@ -245,14 +240,9 @@ public function __sleep()
      * Restoring required objects after serialization.
      *
      * @return void
-     *
-     * @SuppressWarnings(PHPMD.SerializationAware)
-     * @deprecated Do not use PHP serialization.
      */
     public function __wakeup()
     {
-        trigger_error('Using PHP serialization is deprecated', E_USER_DEPRECATED);
-
         parent::__wakeup();
         $objectManager = \Magento\Framework\App\ObjectManager::getInstance();
         $this->serializer = $objectManager->get(Json::class);
@@ -322,10 +312,6 @@ protected function _getValidationRulesBeforeSave()
                 $this->validationRules->addPasswordConfirmationRule($validator, $this->getPasswordConfirmation());
             }
         }
-
-        if (!empty($this->getExpiresAt())) {
-            $this->validationRules->addExpiresAtRule($validator);
-        }
         return $validator;
     }
 
@@ -420,10 +406,6 @@ public function getRoles()
      */
     public function getRole()
     {
-        if ($this->getData('extracted_role')) {
-            $this->_role = $this->getData('extracted_role');
-            $this->unsetData('extracted_role');
-        }
         if (null === $this->_role) {
             $this->_role = $this->_roleFactory->create();
             $roles = $this->getRoles();
@@ -459,7 +441,7 @@ public function roleUserExists()
     /**
      * Send email with reset password confirmation link.
      *
-     * @deprecated
+     * @deprecated 101.1.0
      * @see NotificatorInterface::sendForgotPassword()
      *
      * @return $this
@@ -539,7 +521,7 @@ protected function createChangesDescriptionString()
      * @throws NotificationExceptionInterface
      * @return $this
      * @since 100.1.0
-     * @deprecated
+     * @deprecated 101.1.0
      * @see NotificatorInterface::sendUpdated()
      * @SuppressWarnings(PHPMD.UnusedFormalParameter)
      */
@@ -921,22 +903,6 @@ public function setInterfaceLocale($interfaceLocale)
         return $this->setData('interface_locale', $interfaceLocale);
     }
 
-    /**
-     * @inheritDoc
-     */
-    public function getExpiresAt()
-    {
-        return $this->_getData('expires_at');
-    }
-
-    /**
-     * @inheritDoc
-     */
-    public function setExpiresAt($expiresAt)
-    {
-        return $this->setData('expires_at', $expiresAt);
-    }
-
     /**
      * Security check for admin user
      *

app/code/Magento/User/Model/User.php

@@ -6,12 +6,10 @@
 
 namespace Magento\User\Model;
 
-use Magento\User\Model\Validator\ExpiresAt;
 use Magento\Framework\Validator\EmailAddress;
 use Magento\Framework\Validator\NotEmpty;
 use Magento\Framework\Validator\Regex;
 use Magento\Framework\Validator\StringLength;
-use Magento\Framework\App\ObjectManager;
 
 /**
  * Class for adding validation rules to an Admin user
@@ -25,20 +23,6 @@ class UserValidationRules
      * Minimum length of admin password
      */
     const MIN_PASSWORD_LENGTH = 7;
-    /**
-     * @var Validator\ExpiresAt|null
-     */
-    private $expiresValiator;
-
-    /**
-     * UserValidationRules constructor.
-     * @param Validator\ExpiresAt|null $expiresValiator
-     */
-    public function __construct(?ExpiresAt $expiresValiator = null)
-    {
-        $this->expiresValiator = $expiresValiator
-            ?: ObjectManager::getInstance()->get(ExpiresAt::class);
-    }
 
     /**
      * Adds validation rule for user first name, last name, username and email
@@ -141,36 +125,4 @@ public function addPasswordConfirmationRule(
         $validator->addRule($passwordConfirmation, 'password');
         return $validator;
     }
-
-    /**
-     * Adds validation rule for expiration date.
-     *
-     * @param \Magento\Framework\Validator\DataObject $validator
-     * @return \Magento\Framework\Validator\DataObject
-     * @throws \Zend_Validate_Exception
-     */
-    public function addExpiresAtRule(\Magento\Framework\Validator\DataObject $validator)
-    {
-        $dateValidator = new \Zend_Validate_Date(
-            [
-                'format' => \Magento\Framework\Stdlib\DateTime::DATETIME_INTERNAL_FORMAT,
-            ]
-        );
-        $dateValidator->setMessage(
-            __('"Expiration date" invalid type entered.'),
-            \Zend_Validate_Date::INVALID
-        );
-        $dateValidator->setMessage(
-            __('"Expiration date" is not a valid date.'),
-            \Zend_Validate_Date::INVALID_DATE
-        );
-        $dateValidator->setMessage(
-            __('"Expiration date" does not fit the required date format.'),
-            \Zend_Validate_Date::FALSEFORMAT
-        );
-        $validator->addRule($dateValidator, 'expires_at');
-        $validator->addRule($this->expiresValiator, 'expires_at');
-
-        return $validator;
-    }
 }

app/code/Magento/User/Model/UserValidationRules.php

@@ -7,11 +7,6 @@
 
 use Magento\User\Model\UserValidationRules;
 
-/**
- * Class UserValidationRulesTest
- *
- * @package Magento\User\Test\Unit\Model
- */
 class UserValidationRulesTest extends \PHPUnit\Framework\TestCase
 {
     /**
@@ -47,10 +42,4 @@ public function testAddPasswordConfirmationRule()
         $this->validator->expects($this->once())->method('addRule')->willReturn($this->validator);
         $this->assertSame($this->validator, $this->rules->addPasswordConfirmationRule($this->validator, ''));
     }
-
-    public function testAddExpiresAtRule()
-    {
-        $this->validator->expects($this->atMost(2))->method('addRule')->willReturn($this->validator);
-        $this->assertSame($this->validator, $this->rules->addExpiresAtRule($this->validator));
-    }
 }

app/code/Magento/User/Test/Unit/Model/UserValidationRulesTest.php

@@ -36,9 +36,7 @@
                 default="0" comment="Failure Number"/>
         <column xsi:type="timestamp" name="first_failure" on_update="false" nullable="true" comment="First Failure"/>
         <column xsi:type="timestamp" name="lock_expires" on_update="false" nullable="true"
-                comment="Expiration Lock Date"/>
-        <column xsi:type="timestamp" name="expires_at" on_update="false" nullable="true"
-                comment="User Expiration Date"/>
+                comment="Expiration Lock Dates"/>
         <constraint xsi:type="primary" referenceId="PRIMARY">
             <column name="user_id"/>
         </constraint>

app/code/Magento/User/etc/crontab.xml

@@ -19,8 +19,7 @@
             "interface_locale": true,
             "failures_num": true,
             "first_failure": true,
-            "lock_expires": true,
-            "expires_at": true
+            "lock_expires": true
         },
         "constraint": {
             "PRIMARY": true,
@@ -43,4 +42,4 @@
             "ADMIN_PASSWORDS_USER_ID_ADMIN_USER_USER_ID": true
         }
     }
-}
+}