vendor/shopware/core/Checkout/Customer/Subscriber/CustomerTokenSubscriber.php line 69

Open in your IDE?
  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Checkout\Customer\Subscriber;
  5. use Shopware\Core\Checkout\Customer\CustomerEvents;
  6. use Shopware\Core\Framework\DataAbstractionLayer\EntityWriteResult;
  7. use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityDeletedEvent;
  8. use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityWrittenEvent;
  9. use Shopware\Core\PlatformRequest;
  10. use Shopware\Core\System\SalesChannel\Context\SalesChannelContextPersister;
  11. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  12. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  13. use Symfony\Component\HttpFoundation\RequestStack;
  15. /**
  16.  * @deprecated tag:v6.5.0 - reason:becomes-internal - EventSubscribers will become internal in v6.5.0
  17.  */
  18. class CustomerTokenSubscriber implements EventSubscriberInterface
  19. {
  20.     private SalesChannelContextPersister $contextPersister;
  22.     private RequestStack $requestStack;
  24.     /**
  25.      * @internal
  26.      */
  27.     public function __construct(
  28.         SalesChannelContextPersister $contextPersister,
  29.         RequestStack $requestStack
  30.     ) {
  31.         $this->contextPersister $contextPersister;
  32.         $this->requestStack $requestStack;
  33.     }
  35.     /**
  36.      * @return array<string, string|array{0: string, 1: int}|list<array{0: string, 1?: int}>>
  37.      */
  38.     public static function getSubscribedEvents()
  39.     {
  40.         return [
  41.             CustomerEvents::CUSTOMER_WRITTEN_EVENT => 'onCustomerWritten',
  42.             CustomerEvents::CUSTOMER_DELETED_EVENT => 'onCustomerDeleted',
  43.         ];
  44.     }
  46.     public function onCustomerWritten(EntityWrittenEvent $event): void
  47.     {
  48.         foreach ($event->getWriteResults() as $writeResult) {
  49.             if ($writeResult->getOperation() !== EntityWriteResult::OPERATION_UPDATE) {
  50.                 continue;
  51.             }
  53.             $payload $writeResult->getPayload();
  54.             if (!$this->customerCredentialsChanged($payload)) {
  55.                 continue;
  56.             }
  58.             $customerId $payload['id'];
  59.             $newToken $this->invalidateUsingSession($customerId);
  61.             if ($newToken) {
  62.                 $this->contextPersister->revokeAllCustomerTokens($customerId$newToken);
  63.             } else {
  64.                 $this->contextPersister->revokeAllCustomerTokens($customerId);
  65.             }
  66.         }
  67.     }
  69.     public function onCustomerDeleted(EntityDeletedEvent $event): void
  70.     {
  71.         foreach ($event->getIds() as $customerId) {
  72.             $this->contextPersister->revokeAllCustomerTokens($customerId);
  73.         }
  74.     }
  76.     /**
  77.      * @param array<string, mixed> $payload
  78.      */
  79.     private function customerCredentialsChanged(array $payload): bool
  80.     {
  81.         return isset($payload['password']);
  82.     }
  84.     private function invalidateUsingSession(string $customerId): ?string
  85.     {
  86.         $master $this->requestStack->getMainRequest();
  88.         if (!$master) {
  89.             return null;
  90.         }
  92.         // Is not a storefront request
  93.         if (!$master->attributes->has(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT)) {
  94.             return null;
  95.         }
  97.         /** @var SalesChannelContext $context */
  98.         $context $master->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT);
  100.         // Not loggedin skip
  101.         if ($context->getCustomer() === null) {
  102.             return null;
  103.         }
  105.         // The written customer is not the same as logged-in. We don't modify the user session
  106.         if ($context->getCustomer()->getId() !== $customerId) {
  107.             return null;
  108.         }
  110.         $token $context->getToken();
  112.         $newToken $this->contextPersister->replace($token$context);
  114.         $context->assign([
  115.             'token' => $newToken,
  116.         ]);
  118.         if (!$master->hasSession()) {
  119.             return null;
  120.         }
  122.         $session $master->getSession();
  123.         $session->migrate();
  124.         $session->set('sessionId'$session->getId());
  126.         $session->set(PlatformRequest::HEADER_CONTEXT_TOKEN$newToken);
  127.         $master->headers->set(PlatformRequest::HEADER_CONTEXT_TOKEN$newToken);
  129.         return $newToken;
  130.     }
  131. }