vendor/shopware/core/Checkout/Customer/Subscriber/CustomerTokenSubscriber.php line 71

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Checkout\Customer\Subscriber;
  5. use Shopware\Core\Checkout\Customer\CustomerEvents;
  6. use Shopware\Core\Framework\DataAbstractionLayer\EntityWriteResult;
  7. use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityDeletedEvent;
  8. use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityWrittenEvent;
  9. use Shopware\Core\Framework\Log\Package;
  10. use Shopware\Core\PlatformRequest;
  11. use Shopware\Core\System\SalesChannel\Context\SalesChannelContextPersister;
  12. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  13. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  14. use Symfony\Component\HttpFoundation\RequestStack;
  16. /**
  17.  * @deprecated tag:v6.5.0 - reason:becomes-internal - EventSubscribers will become internal in v6.5.0
  18.  */
  19. #[Package('customer-order')]
  20. class CustomerTokenSubscriber implements EventSubscriberInterface
  21. {
  22.     private SalesChannelContextPersister $contextPersister;
  24.     private RequestStack $requestStack;
  26.     /**
  27.      * @internal
  28.      */
  29.     public function __construct(
  30.         SalesChannelContextPersister $contextPersister,
  31.         RequestStack $requestStack
  32.     ) {
  33.         $this->contextPersister $contextPersister;
  34.         $this->requestStack $requestStack;
  35.     }
  37.     /**
  38.      * @return array<string, string|array{0: string, 1: int}|list<array{0: string, 1?: int}>>
  39.      */
  40.     public static function getSubscribedEvents()
  41.     {
  42.         return [
  43.             CustomerEvents::CUSTOMER_WRITTEN_EVENT => 'onCustomerWritten',
  44.             CustomerEvents::CUSTOMER_DELETED_EVENT => 'onCustomerDeleted',
  45.         ];
  46.     }
  48.     public function onCustomerWritten(EntityWrittenEvent $event): void
  49.     {
  50.         foreach ($event->getWriteResults() as $writeResult) {
  51.             if ($writeResult->getOperation() !== EntityWriteResult::OPERATION_UPDATE) {
  52.                 continue;
  53.             }
  55.             $payload $writeResult->getPayload();
  56.             if (!$this->customerCredentialsChanged($payload)) {
  57.                 continue;
  58.             }
  60.             $customerId $payload['id'];
  61.             $newToken $this->invalidateUsingSession($customerId);
  63.             if ($newToken) {
  64.                 $this->contextPersister->revokeAllCustomerTokens($customerId$newToken);
  65.             } else {
  66.                 $this->contextPersister->revokeAllCustomerTokens($customerId);
  67.             }
  68.         }
  69.     }
  71.     public function onCustomerDeleted(EntityDeletedEvent $event): void
  72.     {
  73.         foreach ($event->getIds() as $customerId) {
  74.             $this->contextPersister->revokeAllCustomerTokens($customerId);
  75.         }
  76.     }
  78.     /**
  79.      * @param array<string, mixed> $payload
  80.      */
  81.     private function customerCredentialsChanged(array $payload): bool
  82.     {
  83.         return isset($payload['password']);
  84.     }
  86.     private function invalidateUsingSession(string $customerId): ?string
  87.     {
  88.         $master $this->requestStack->getMainRequest();
  90.         if (!$master) {
  91.             return null;
  92.         }
  94.         // Is not a storefront request
  95.         if (!$master->attributes->has(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT)) {
  96.             return null;
  97.         }
  99.         /** @var SalesChannelContext $context */
  100.         $context $master->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT);
  102.         // Not loggedin skip
  103.         if ($context->getCustomer() === null) {
  104.             return null;
  105.         }
  107.         // The written customer is not the same as logged-in. We don't modify the user session
  108.         if ($context->getCustomer()->getId() !== $customerId) {
  109.             return null;
  110.         }
  112.         $token $context->getToken();
  114.         $newToken $this->contextPersister->replace($token$context);
  116.         $context->assign([
  117.             'token' => $newToken,
  118.         ]);
  120.         if (!$master->hasSession()) {
  121.             return null;
  122.         }
  124.         $session $master->getSession();
  125.         $session->migrate();
  126.         $session->set('sessionId'$session->getId());
  128.         $session->set(PlatformRequest::HEADER_CONTEXT_TOKEN$newToken);
  129.         $master->headers->set(PlatformRequest::HEADER_CONTEXT_TOKEN$newToken);
  131.         return $newToken;
  132.     }
  133. }