Inheritance diagram for Authentication:

Public Member Functions
	__construct (CustomerRepositoryInterface $customerRepository, CustomerRegistry $customerRegistry, ConfigInterface $backendConfig, \Magento\Framework\Stdlib\DateTime $dateTime, Encryptor $encryptor)

	processAuthenticationFailure ($customerId)

	unlock ($customerId)

	isLocked ($customerId)

	authenticate ($customerId, $password)

Data Fields
const	LOCKOUT_THRESHOLD_PATH = 'customer/password/lockout_threshold'

const	MAX_FAILURES_PATH = 'customer/password/lockout_failures'

Protected Member Functions
	getLockThreshold ()

	getMaxFailures ()

Protected Attributes
	$customerRegistry

	$backendConfig

	$dateTime

	$encryptor

	$customerRepository

Detailed Description

Class Authentication @SuppressWarnings(PHPMD.CouplingBetweenObjects)

Definition at line 20 of file Authentication.php.

Constructor & Destructor Documentation

◆ __construct()

__construct	(	CustomerRepositoryInterface	$customerRepository,
		CustomerRegistry	$customerRegistry,
		ConfigInterface	$backendConfig,
		\Magento\Framework\Stdlib\DateTime	$dateTime,
		Encryptor	$encryptor
	)

Parameters

CustomerRepositoryInterface	$customerRepository
CustomerRegistry	$customerRegistry
ConfigInterface	$backendConfig
\Magento\Framework\Stdlib\DateTime	$dateTime
Encryptor	$encryptor

Definition at line 71 of file Authentication.php.

       {
         $this->customerRepository = $customerRepository;
         $this->customerRegistry = $customerRegistry;
         $this->backendConfig = $backendConfig;
         $this->dateTime = $dateTime;
         $this->encryptor = $encryptor;
     }

Member Function Documentation

◆ authenticate()

authenticate	(	$customerId,
		$password
	)

{Authenticate customer

Parameters

int	$customerId
string	$password

Returns: boolean

Exceptions

InvalidEmailOrPasswordException
UserLockedException

}

Implements AuthenticationInterface.

Definition at line 166 of file Authentication.php.

     {
         $customerSecure = $this->customerRegistry->retrieveSecureData($customerId);
         $hash = $customerSecure->getPasswordHash();
         if (!$this->encryptor->validateHash($password, $hash)) {
             $this->processAuthenticationFailure($customerId);
             if ($this->isLocked($customerId)) {
                 throw new UserLockedException(__('The account is locked.'));
             }
             throw new InvalidEmailOrPasswordException(__('Invalid login or password.'));
         }
         return true;
     }

◆ getLockThreshold()

getLockThreshold ( )

protected

Get lock threshold

Returns: int

Definition at line 139 of file Authentication.php.

     {
         return $this->backendConfig->getValue(self::LOCKOUT_THRESHOLD_PATH) * 60;
     }

◆ getMaxFailures()

getMaxFailures ( )

protected

Get max failures

Returns: int

Definition at line 149 of file Authentication.php.

     {
         return $this->backendConfig->getValue(self::MAX_FAILURES_PATH);
     }

◆ isLocked()

isLocked ( $customerId )

{Check if a customer is locked

Parameters

int $customerId

Returns: boolean

}

Implements AuthenticationInterface.

Definition at line 157 of file Authentication.php.

     {
         $currentCustomer = $this->customerRegistry->retrieve($customerId);
         return $currentCustomer->isCustomerLocked();
     }

◆ processAuthenticationFailure()

processAuthenticationFailure ( $customerId )

{Process customer authentication failure

Parameters

int $customerId

Returns: void

}

Implements AuthenticationInterface.

Definition at line 88 of file Authentication.php.

     {
         $now = new \DateTime();
         $lockThreshold = $this->getLockThreshold();
         $maxFailures =  $this->getMaxFailures();
         $customerSecure = $this->customerRegistry->retrieveSecureData($customerId);
 
         if (!($lockThreshold && $maxFailures)) {
             return;
         }
         $failuresNum = (int)$customerSecure->getFailuresNum() + 1;
 
         $firstFailureDate = $customerSecure->getFirstFailure();
         if ($firstFailureDate) {
             $firstFailureDate = new \DateTime($firstFailureDate);
         }
 
         $lockThreshInterval = new \DateInterval('PT' . $lockThreshold . 'S');
         $lockExpires = $customerSecure->getLockExpires();
         $lockExpired = ($lockExpires !== null) && ($now > new \DateTime($lockExpires));
         // set first failure date when this is the first failure or the lock is expired
         if (1 === $failuresNum || !$firstFailureDate || $lockExpired) {
             $customerSecure->setFirstFailure($this->dateTime->formatDate($now));
             $failuresNum = 1;
             $customerSecure->setLockExpires(null);
             // otherwise lock customer
         } elseif ($failuresNum >= $maxFailures) {
             $customerSecure->setLockExpires($this->dateTime->formatDate($now->add($lockThreshInterval)));
         }
 
         $customerSecure->setFailuresNum($failuresNum);
         $this->getCustomerAuthUpdate()->saveAuth($customerId);
     }

◆ unlock()

unlock ( $customerId )

{Unlock customer

Parameters

int $customerId

Returns: void

}

Implements AuthenticationInterface.

Definition at line 125 of file Authentication.php.

     {
         $customerSecure = $this->customerRegistry->retrieveSecureData($customerId);
         $customerSecure->setFailuresNum(0);
         $customerSecure->setFirstFailure(null);
         $customerSecure->setLockExpires(null);
         $this->getCustomerAuthUpdate()->saveAuth($customerId);
     }

Field Documentation

◆ $backendConfig

$backendConfig

protected

Definition at line 42 of file Authentication.php.

◆ $customerRegistry

$customerRegistry

protected

Definition at line 35 of file Authentication.php.

◆ $customerRepository

$customerRepository

protected

Definition at line 57 of file Authentication.php.

◆ $dateTime

$dateTime

protected

Definition at line 47 of file Authentication.php.

◆ $encryptor

$encryptor

protected

Definition at line 52 of file Authentication.php.

◆ LOCKOUT_THRESHOLD_PATH

const LOCKOUT_THRESHOLD_PATH = 'customer/password/lockout_threshold'

Configuration path to customer lockout threshold

Definition at line 25 of file Authentication.php.

◆ MAX_FAILURES_PATH

const MAX_FAILURES_PATH = 'customer/password/lockout_failures'

Configuration path to customer max login failures number

Definition at line 30 of file Authentication.php.

The documentation for this class was generated from the following file:

vendor/magento/module-customer/Model/Authentication.php

Public Member Functions

Data Fields

Protected Member Functions

Protected Attributes

Detailed Description

Constructor & Destructor Documentation

◆ __construct()

Member Function Documentation

◆ authenticate()

◆ getLockThreshold()

◆ getMaxFailures()

◆ isLocked()

◆ processAuthenticationFailure()

◆ unlock()

Field Documentation

◆ $backendConfig

◆ $customerRegistry

◆ $customerRepository

◆ $dateTime

◆ $encryptor

◆ LOCKOUT_THRESHOLD_PATH

◆ MAX_FAILURES_PATH