Magento Extensions Rating 2024
Magento 2 Documentation  2.3
Documentation for Magento 2 CMS v2.3 (December 2018)
SecurityManager.php
Go to the documentation of this file.
1 <?php
6 namespace Magento\Security\Model;
7 
8 use Magento\Framework\Exception\SecurityViolationException;
9 use Magento\Framework\HTTP\PhpEnvironment\RemoteAddress;
10 use Magento\Security\Model\SecurityChecker\SecurityCheckerInterface;
11 
20 class SecurityManager
21 {
25  const SECURITY_CONTROL_RECORDS_LIFE_TIME = 86400;
26 
31  protected $securityConfig;
32 
37  protected $passwordResetRequestEventFactory;
38 
43  protected $passwordResetRequestEventCollectionFactory;
44 
49  protected $securityCheckers;
50 
54  private $eventManager;
55 
59  private $dateTime;
60 
64  private $remoteAddress;
65 
78  public function __construct(
79  ConfigInterface $securityConfig,
80  \Magento\Security\Model\PasswordResetRequestEventFactory $passwordResetRequestEventFactory,
81  ResourceModel\PasswordResetRequestEvent\CollectionFactory $passwordResetRequestEventCollectionFactory,
82  \Magento\Framework\Event\ManagerInterface $eventManager,
83  \Magento\Framework\Stdlib\DateTime\DateTime $dateTime,
84  RemoteAddress $remoteAddress,
85  $securityCheckers = []
86  ) {
87  $this->securityConfig = $securityConfig;
88  $this->passwordResetRequestEventFactory = $passwordResetRequestEventFactory;
89  $this->passwordResetRequestEventCollectionFactory = $passwordResetRequestEventCollectionFactory;
90  $this->securityCheckers = $securityCheckers;
91  $this->eventManager = $eventManager;
92  $this->dateTime = $dateTime;
93  $this->remoteAddress = $remoteAddress;
94 
95  foreach ($this->securityCheckers as $checker) {
96  if (!($checker instanceof SecurityCheckerInterface)) {
97  throw new \Magento\Framework\Exception\LocalizedException(
98  __('Incorrect Security Checker class. It has to implement SecurityCheckerInterface')
99  );
100  }
101  }
102  }
103 
114  public function performSecurityCheck($requestType, $accountReference = null, $longIp = null)
115  {
116  if (null === $longIp) {
117  $longIp = $this->remoteAddress->getRemoteAddress();
118  }
119  foreach ($this->securityCheckers as $checker) {
120  $checker->check($requestType, $accountReference, $longIp);
121  }
122 
123  $this->createNewPasswordResetRequestEventRecord($requestType, $accountReference, $longIp);
124 
125  return $this;
126  }
127 
134  public function cleanExpiredRecords()
135  {
136  $this->passwordResetRequestEventCollectionFactory->create()->deleteRecordsOlderThen(
137  $this->dateTime->gmtTimestamp() - self::SECURITY_CONTROL_RECORDS_LIFE_TIME
138  );
139 
140  return $this;
141  }
142 
152  protected function createNewPasswordResetRequestEventRecord($requestType, $accountReference, $longIp)
153  {
155  $passwordResetRequestEvent = $this->passwordResetRequestEventFactory->create();
156  $passwordResetRequestEvent->setRequestType($requestType)
157  ->setAccountReference($accountReference)
158  ->setIp($longIp)
159  ->save();
160 
161  return $passwordResetRequestEvent;
162  }
163 }
Magento\Security\Model\SecurityManager\performSecurityCheck
performSecurityCheck($requestType, $accountReference=null, $longIp=null)
Definition: SecurityManager.php:114
Magento\Security\Model\SecurityManager\__construct
__construct(ConfigInterface $securityConfig, \Magento\Security\Model\PasswordResetRequestEventFactory $passwordResetRequestEventFactory, ResourceModel\PasswordResetRequestEvent\CollectionFactory $passwordResetRequestEventCollectionFactory, \Magento\Framework\Event\ManagerInterface $eventManager, \Magento\Framework\Stdlib\DateTime\DateTime $dateTime, RemoteAddress $remoteAddress, $securityCheckers=[])
Definition: SecurityManager.php:78
__
__()
Definition: __.php:13
$dateTime
$dateTime
Definition: order_from_past.php:11