Skip to content

Commit

Permalink
Merge pull request #342 from magento-extensibility/MAGETWO-38635-prs
Browse files Browse the repository at this point in the history
[Extensibility] Magetwo 38635 prs
  • Loading branch information
He, Joan(johe) committed Jan 28, 2016
2 parents 03ec736 + 0bc11e1 commit 01141f4
Show file tree
Hide file tree
Showing 82 changed files with 6,803 additions and 21 deletions.
6 changes: 3 additions & 3 deletions app/code/Magento/Backend/etc/adminhtml/system.xml
Original file line number Diff line number Diff line change
Expand Up @@ -414,16 +414,16 @@
</group>
<group id="security" translate="label" type="text" sortOrder="35" showInDefault="1" showInWebsite="0" showInStore="0">
<label>Security</label>
<field id="use_form_key" translate="label" type="select" sortOrder="1" showInDefault="1" showInWebsite="0" showInStore="0">
<field id="use_form_key" translate="label" type="select" sortOrder="10" showInDefault="1" showInWebsite="0" showInStore="0">
<label>Add Secret Key to URLs</label>
<source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
<backend_model>Magento\Config\Model\Config\Backend\Admin\Usesecretkey</backend_model>
</field>
<field id="use_case_sensitive_login" translate="label" type="select" sortOrder="1" showInDefault="1" showInWebsite="0" showInStore="0">
<field id="use_case_sensitive_login" translate="label" type="select" sortOrder="20" showInDefault="1" showInWebsite="0" showInStore="0">
<label>Login is Case Sensitive</label>
<source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
</field>
<field id="session_lifetime" translate="label comment" sortOrder="3" showInDefault="1" showInWebsite="0" showInStore="0">
<field id="session_lifetime" translate="label comment" sortOrder="30" showInDefault="1" showInWebsite="0" showInStore="0">
<label>Admin Session Lifetime (seconds)</label>
<comment>Values less than 60 are ignored.</comment>
<validate>validate-digits</validate>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,12 @@
use Magento\Framework\App\Action\Context;
use Magento\Framework\Escaper;
use Magento\Framework\Exception\NoSuchEntityException;
use Magento\Framework\Exception\SecurityViolationException;

/**
* ForgotPasswordPost controller
* @SuppressWarnings(PHPMD.CouplingBetweenObjects)
*/
class ForgotPasswordPost extends \Magento\Customer\Controller\AbstractAccount
{
/** @var AccountManagementInterface */
Expand Down Expand Up @@ -66,8 +71,11 @@ public function execute()
$email,
AccountManagement::EMAIL_RESET
);
} catch (NoSuchEntityException $e) {
} catch (NoSuchEntityException $exception) {
// Do nothing, we don't want anyone to use this action to determine which email accounts are registered.
} catch (SecurityViolationException $exception) {
$this->messageManager->addErrorMessage($exception->getMessage());
return $resultRedirect->setPath('*/*/forgotpassword');
} catch (\Exception $exception) {
$this->messageManager->addExceptionMessage(
$exception,
Expand Down
44 changes: 44 additions & 0 deletions app/code/Magento/Security/Block/Adminhtml/Js/Checker.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
<?php
/**
* Copyright © 2015 Magento. All rights reserved.
* See COPYING.txt for license details.
*/
namespace Magento\Security\Block\Adminhtml\Js;

/**
* Block Session Checker
*/
class Checker extends \Magento\Backend\Block\Template
{
/**
* @var \Magento\Framework\Json\EncoderInterface
*/
protected $jsonEncoder;

/**
* @param \Magento\Backend\Block\Template\Context $context
* @param \Magento\Framework\Json\EncoderInterface $jsonEncoder
*/
public function __construct(
\Magento\Backend\Block\Template\Context $context,
\Magento\Framework\Json\EncoderInterface $jsonEncoder
) {
parent::__construct($context);
$this->jsonEncoder = $jsonEncoder;
}

/**
* Retrieve session checker data in JSON format
*
* @return string
*/
public function getSessionCheckerJson()
{
return $this->jsonEncoder->encode(
[
'requestUrl' => $this->getUrl('security/session/check'),
'redirectUrl' => $this->getUrl('adminhtml/')
]
);
}
}
85 changes: 85 additions & 0 deletions app/code/Magento/Security/Block/Adminhtml/Session/Activity.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,85 @@
<?php
/**
* Copyright © 2015 Magento. All rights reserved.
* See COPYING.txt for license details.
*/
namespace Magento\Security\Block\Adminhtml\Session;

/**
* Block Session Activity
*/
class Activity extends \Magento\Backend\Block\Template
{
/**
* @var \Magento\Security\Helper\SecurityConfig
*/
protected $securityConfig;

/**
* @var \Magento\Security\Model\AdminSessionsManager
*/
protected $sessionsManager;

/**
* @var \Magento\Security\Model\ResourceModel\AdminSessionInfo\CollectionFactory
*/
protected $sessionsInfoCollection;

/**
* @param \Magento\Backend\Block\Template\Context $context
* @param \Magento\Security\Helper\SecurityConfig $securityConfig
* @param \Magento\Security\Model\AdminSessionsManager $sessionsManager
*/
public function __construct(
\Magento\Backend\Block\Template\Context $context,
\Magento\Security\Helper\SecurityConfig $securityConfig,
\Magento\Security\Model\AdminSessionsManager $sessionsManager
) {
parent::__construct($context);
$this->securityConfig = $securityConfig;
$this->sessionsManager = $sessionsManager;
}

/**
* @return \Magento\Security\Model\ResourceModel\AdminSessionInfo\Collection
*/
public function getSessionInfoCollection()
{
if (null === $this->sessionsInfoCollection) {
$this->sessionsInfoCollection = $this->sessionsManager->getSessionsForCurrentUser();
}
return $this->sessionsInfoCollection;
}

/**
* @return bool
*/
public function areMultipleSessionsActive()
{
return count($this->getSessionInfoCollection()) > 1;
}

/**
* @return string
*/
public function getRemoteIp()
{
return $this->securityConfig->getRemoteIp(false);
}

/**
* Retrieve formatting datatime
*
* @param string $time
* @return string
*/
public function formatDateTime($time)
{
$time = new \DateTime($time);
return $this->_localeDate->formatDateTime(
$time,
\IntlDateFormatter::MEDIUM,
\IntlDateFormatter::MEDIUM
);
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
<?php
/**
* Copyright © 2015 Magento. All rights reserved.
* See COPYING.txt for license details.
*/
namespace Magento\Security\Controller\Adminhtml\Session;

/**
* Admin session activity
*/
class Activity extends \Magento\Backend\App\Action
{
/**
* @return void
*/
public function execute()
{
$this->_view->loadLayout();
$this->_view->getPage()->getConfig()->getTitle()->prepend(__('Account Activity'));
$this->_view->renderLayout();
}
}
55 changes: 55 additions & 0 deletions app/code/Magento/Security/Controller/Adminhtml/Session/Check.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,55 @@
<?php
/**
* Copyright © 2015 Magento. All rights reserved.
* See COPYING.txt for license details.
*/
namespace Magento\Security\Controller\Adminhtml\Session;

use Magento\Backend\App\Action\Context;
use Magento\Framework\Controller\Result\JsonFactory;
use Magento\Security\Model\AdminSessionsManager;

/**
* Ajax Admin session checker
*/
class Check extends \Magento\Backend\App\Action
{
/**
* @var JsonFactory
*/
protected $jsonFactory;

/**
* @var AdminSessionsManager
*/
protected $sessionsManager;

/**
* Check constructor.
* @param Context $context
* @param JsonFactory $jsonFactory
* @param AdminSessionsManager $sessionsManager
*/
public function __construct(
Context $context,
JsonFactory $jsonFactory,
AdminSessionsManager $sessionsManager
) {
parent::__construct($context);
$this->jsonFactory = $jsonFactory;
$this->sessionsManager = $sessionsManager;
}

/**
* @return \Magento\Framework\Controller\ResultInterface
*/
public function execute()
{
/** @var \Magento\Framework\Controller\Result\Json $resultJson */
return $this->jsonFactory->create()->setData(
[
'isActive' => $this->sessionsManager->getCurrentSession()->isActive()
]
);
}
}
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
<?php
/**
* Copyright © 2015 Magento. All rights reserved.
* See COPYING.txt for license details.
*/
namespace Magento\Security\Controller\Adminhtml\Session;

use Magento\Backend\App\Action\Context;
use Magento\Security\Model\AdminSessionsManager;

/**
* Admin session logout all
*/
class LogoutAll extends \Magento\Backend\App\Action
{
/**
* @var AdminSessionsManager
*/
protected $sessionsManager;

/**
* Check constructor.
* @param Context $context
* @param AdminSessionsManager $sessionsManager
*/
public function __construct(
Context $context,
AdminSessionsManager $sessionsManager
) {
parent::__construct($context);
$this->sessionsManager = $sessionsManager;
}

/**
* @return void
*/
public function execute()
{
try {
$this->sessionsManager->logoutOtherUserSessions();
$this->messageManager->addSuccess(__('All other open sessions for this account were terminated.'));
} catch (\Magento\Framework\Exception\LocalizedException $e) {
$this->messageManager->addError($e->getMessage());
} catch (\Exception $e) {
$this->messageManager->addException($e, __("We couldn't logout because of an error."));
}
$this->_redirect('*/*/activity');
}
}
Loading

0 comments on commit 01141f4

Please sign in to comment.