diff --git a/vendor/magento/module-security/Model/AdminSessionInfo.php b/vendor/magento/module-security/Model/AdminSessionInfo.php index c14d399e98c..b0347fdbc3a 100644 --- a/vendor/magento/module-security/Model/AdminSessionInfo.php +++ b/vendor/magento/module-security/Model/AdminSessionInfo.php @@ -47,6 +47,7 @@ class AdminSessionInfo extends \Magento\Framework\Model\AbstractModel /** * All other open sessions were terminated * @since 100.1.0 + * @var bool */ protected $isOtherSessionsTerminated = false; @@ -133,10 +134,10 @@ class AdminSessionInfo extends \Magento\Framework\Model\AbstractModel $currentTime = $this->dateTime->gmtTimestamp(); $lastUpdatedTime = $this->getUpdatedAt(); if (!is_numeric($lastUpdatedTime)) { - $lastUpdatedTime = strtotime($lastUpdatedTime); + $lastUpdatedTime = $lastUpdatedTime === null ? 0 : strtotime($lastUpdatedTime); } - return $lastUpdatedTime <= ($currentTime - $lifetime) ? true : false; + return $lastUpdatedTime <= ($currentTime - $lifetime); } /** diff --git a/vendor/magento/module-security/Model/AdminSessionsManager.php b/vendor/magento/module-security/Model/AdminSessionsManager.php index 154760eb835..e6b7a076e1c 100644 --- a/vendor/magento/module-security/Model/AdminSessionsManager.php +++ b/vendor/magento/module-security/Model/AdminSessionsManager.php @@ -7,7 +7,10 @@ declare(strict_types=1); namespace Magento\Security\Model; +use Magento\Backend\Model\Auth\Session; use Magento\Framework\HTTP\PhpEnvironment\RemoteAddress; +use Magento\Framework\Stdlib\DateTime; +use Magento\Security\Model\ResourceModel\AdminSessionInfo\Collection; use Magento\Security\Model\ResourceModel\AdminSessionInfo\CollectionFactory; /** @@ -15,6 +18,7 @@ use Magento\Security\Model\ResourceModel\AdminSessionInfo\CollectionFactory; * * @api * @since 100.1.0 + * @SuppressWarnings(PHPMD.CookieAndSessionMisuse) */ class AdminSessionsManager { @@ -35,7 +39,7 @@ class AdminSessionsManager protected $securityConfig; /** - * @var \Magento\Backend\Model\Auth\Session + * @var Session * @since 100.1.0 */ protected $authSession; @@ -73,12 +77,14 @@ class AdminSessionsManager * * Means that after session was prolonged * all other prolongs will be ignored within this period + * + * @var int */ private $maxIntervalBetweenConsecutiveProlongs = 60; /** * @param ConfigInterface $securityConfig - * @param \Magento\Backend\Model\Auth\Session $authSession + * @param Session $authSession * @param AdminSessionInfoFactory $adminSessionInfoFactory * @param CollectionFactory $adminSessionInfoCollectionFactory * @param \Magento\Framework\Stdlib\DateTime\DateTime $dateTime @@ -86,7 +92,7 @@ class AdminSessionsManager */ public function __construct( ConfigInterface $securityConfig, - \Magento\Backend\Model\Auth\Session $authSession, + Session $authSession, \Magento\Security\Model\AdminSessionInfoFactory $adminSessionInfoFactory, \Magento\Security\Model\ResourceModel\AdminSessionInfo\CollectionFactory $adminSessionInfoCollectionFactory, \Magento\Framework\Stdlib\DateTime\DateTime $dateTime, @@ -138,7 +144,7 @@ class AdminSessionsManager $this->getCurrentSession()->setData( 'updated_at', date( - \Magento\Framework\Stdlib\DateTime::DATETIME_PHP_FORMAT, + DateTime::DATETIME_PHP_FORMAT, $this->authSession->getUpdatedAt() ) ); @@ -204,7 +210,7 @@ class AdminSessionsManager case AdminSessionInfo::LOGGED_OUT_BY_LOGIN: $reasonMessage = __( 'Someone logged into this account from another device or browser.' - .' Your current session is terminated.' + . ' Your current session is terminated.' ); break; case AdminSessionInfo::LOGGED_OUT_MANUALLY: @@ -241,7 +247,7 @@ class AdminSessionsManager /** * Get sessions for current user * - * @return \Magento\Security\Model\ResourceModel\AdminSessionInfo\Collection + * @return Collection * @since 100.1.0 */ public function getSessionsForCurrentUser() @@ -314,7 +320,9 @@ class AdminSessionsManager } /** - * @return \Magento\Security\Model\ResourceModel\AdminSessionInfo\Collection + * Retrieve new instance of admin session info collection + * + * @return Collection * @since 100.1.0 */ protected function createAdminSessionInfoCollection() @@ -323,24 +331,27 @@ class AdminSessionsManager } /** - * Calculates diff between now and last session updated_at - * and decides whether new prolong must be triggered or not + * Calculates diff between now and last session updated_at and decides whether new prolong must be triggered or not * * This is done to limit amount of session prolongs and updates to database * within some period of time - X * X - is calculated in getIntervalBetweenConsecutiveProlongs() * - * @see getIntervalBetweenConsecutiveProlongs() * @return bool + * @see getIntervalBetweenConsecutiveProlongs() */ private function lastProlongIsOldEnough() { - $lastProlongTimestamp = strtotime($this->getCurrentSession()->getUpdatedAt()); + $lastUpdatedTime = $this->getCurrentSession()->getUpdatedAt(); + if ($lastUpdatedTime === null || is_numeric($lastUpdatedTime)) { + $lastUpdatedTime = "now"; + } + $lastProlongTimestamp = strtotime($lastUpdatedTime); $nowTimestamp = $this->authSession->getUpdatedAt(); $diff = $nowTimestamp - $lastProlongTimestamp; - return (float) $diff > $this->getIntervalBetweenConsecutiveProlongs(); + return (float)$diff > $this->getIntervalBetweenConsecutiveProlongs(); } /** @@ -354,7 +365,7 @@ class AdminSessionsManager */ private function getIntervalBetweenConsecutiveProlongs() { - return (float) max( + return (float)max( 1, min( 4 * log((float)$this->securityConfig->getAdminSessionLifetime()),