Merge pull request #342 from magento-extensibility/MAGETWO-38635-prs

[Extensibility] Magetwo 38635 prs

Author: He, Joan(johe)

app/code/Magento/Backend/etc/adminhtml/system.xml

@@ -414,16 +414,16 @@
             </group>
             <group id="security" translate="label" type="text" sortOrder="35" showInDefault="1" showInWebsite="0" showInStore="0">
                 <label>Security</label>
-                <field id="use_form_key" translate="label" type="select" sortOrder="1" showInDefault="1" showInWebsite="0" showInStore="0">
+                <field id="use_form_key" translate="label" type="select" sortOrder="10" showInDefault="1" showInWebsite="0" showInStore="0">
                     <label>Add Secret Key to URLs</label>
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                     <backend_model>Magento\Config\Model\Config\Backend\Admin\Usesecretkey</backend_model>
                 </field>
-                <field id="use_case_sensitive_login" translate="label" type="select" sortOrder="1" showInDefault="1" showInWebsite="0" showInStore="0">
+                <field id="use_case_sensitive_login" translate="label" type="select" sortOrder="20" showInDefault="1" showInWebsite="0" showInStore="0">
                     <label>Login is Case Sensitive</label>
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                 </field>
-                <field id="session_lifetime" translate="label comment" sortOrder="3" showInDefault="1" showInWebsite="0" showInStore="0">
+                <field id="session_lifetime" translate="label comment" sortOrder="30" showInDefault="1" showInWebsite="0" showInStore="0">
                     <label>Admin Session Lifetime (seconds)</label>
                     <comment>Values less than 60 are ignored.</comment>
                     <validate>validate-digits</validate>

app/code/Magento/Customer/Controller/Account/ForgotPasswordPost.php

@@ -12,7 +12,12 @@
 use Magento\Framework\App\Action\Context;
 use Magento\Framework\Escaper;
 use Magento\Framework\Exception\NoSuchEntityException;
+use Magento\Framework\Exception\SecurityViolationException;
 
+/**
+ * ForgotPasswordPost controller
+ * @SuppressWarnings(PHPMD.CouplingBetweenObjects)
+ */
 class ForgotPasswordPost extends \Magento\Customer\Controller\AbstractAccount
 {
     /** @var AccountManagementInterface */
@@ -66,8 +71,11 @@ public function execute()
                     $email,
                     AccountManagement::EMAIL_RESET
                 );
-            } catch (NoSuchEntityException $e) {
+            } catch (NoSuchEntityException $exception) {
                 // Do nothing, we don't want anyone to use this action to determine which email accounts are registered.
+            } catch (SecurityViolationException $exception) {
+                $this->messageManager->addErrorMessage($exception->getMessage());
+                return $resultRedirect->setPath('*/*/forgotpassword');
             } catch (\Exception $exception) {
                 $this->messageManager->addExceptionMessage(
                     $exception,

app/code/Magento/Security/Block/Adminhtml/Js/Checker.php

@@ -0,0 +1,44 @@
+<?php
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Security\Block\Adminhtml\Js;
+
+/**
+ * Block Session Checker
+ */
+class Checker extends \Magento\Backend\Block\Template
+{
+    /**
+     * @var \Magento\Framework\Json\EncoderInterface
+     */
+    protected $jsonEncoder;
+
+    /**
+     * @param \Magento\Backend\Block\Template\Context $context
+     * @param \Magento\Framework\Json\EncoderInterface $jsonEncoder
+     */
+    public function __construct(
+        \Magento\Backend\Block\Template\Context $context,
+        \Magento\Framework\Json\EncoderInterface $jsonEncoder
+    ) {
+        parent::__construct($context);
+        $this->jsonEncoder = $jsonEncoder;
+    }
+
+    /**
+     * Retrieve session checker data in JSON format
+     *
+     * @return string
+     */
+    public function getSessionCheckerJson()
+    {
+        return $this->jsonEncoder->encode(
+            [
+                'requestUrl' => $this->getUrl('security/session/check'),
+                'redirectUrl' => $this->getUrl('adminhtml/')
+            ]
+        );
+    }
+}

app/code/Magento/Security/Block/Adminhtml/Session/Activity.php

@@ -0,0 +1,85 @@
+<?php
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Security\Block\Adminhtml\Session;
+
+/**
+ * Block Session Activity
+ */
+class Activity extends \Magento\Backend\Block\Template
+{
+    /**
+     * @var \Magento\Security\Helper\SecurityConfig
+     */
+    protected $securityConfig;
+
+    /**
+     * @var \Magento\Security\Model\AdminSessionsManager
+     */
+    protected $sessionsManager;
+
+    /**
+     * @var \Magento\Security\Model\ResourceModel\AdminSessionInfo\CollectionFactory
+     */
+    protected $sessionsInfoCollection;
+
+    /**
+     * @param \Magento\Backend\Block\Template\Context $context
+     * @param \Magento\Security\Helper\SecurityConfig $securityConfig
+     * @param \Magento\Security\Model\AdminSessionsManager $sessionsManager
+     */
+    public function __construct(
+        \Magento\Backend\Block\Template\Context $context,
+        \Magento\Security\Helper\SecurityConfig $securityConfig,
+        \Magento\Security\Model\AdminSessionsManager $sessionsManager
+    ) {
+        parent::__construct($context);
+        $this->securityConfig = $securityConfig;
+        $this->sessionsManager = $sessionsManager;
+    }
+
+    /**
+     * @return \Magento\Security\Model\ResourceModel\AdminSessionInfo\Collection
+     */
+    public function getSessionInfoCollection()
+    {
+        if (null === $this->sessionsInfoCollection) {
+            $this->sessionsInfoCollection = $this->sessionsManager->getSessionsForCurrentUser();
+        }
+        return $this->sessionsInfoCollection;
+    }
+
+    /**
+     * @return bool
+     */
+    public function areMultipleSessionsActive()
+    {
+        return count($this->getSessionInfoCollection()) > 1;
+    }
+
+    /**
+     * @return string
+     */
+    public function getRemoteIp()
+    {
+        return $this->securityConfig->getRemoteIp(false);
+    }
+
+    /**
+     * Retrieve formatting datatime
+     *
+     * @param   string $time
+     * @return  string
+     */
+    public function formatDateTime($time)
+    {
+        $time = new \DateTime($time);
+        return $this->_localeDate->formatDateTime(
+            $time,
+            \IntlDateFormatter::MEDIUM,
+            \IntlDateFormatter::MEDIUM
+        );
+    }
+}

app/code/Magento/Security/Controller/Adminhtml/Session/Activity.php

@@ -0,0 +1,22 @@
+<?php
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Security\Controller\Adminhtml\Session;
+
+/**
+ * Admin session activity
+ */
+class Activity extends \Magento\Backend\App\Action
+{
+    /**
+     * @return void
+     */
+    public function execute()
+    {
+        $this->_view->loadLayout();
+        $this->_view->getPage()->getConfig()->getTitle()->prepend(__('Account Activity'));
+        $this->_view->renderLayout();
+    }
+}

app/code/Magento/Security/Controller/Adminhtml/Session/Check.php

@@ -0,0 +1,55 @@
+<?php
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Security\Controller\Adminhtml\Session;
+
+use Magento\Backend\App\Action\Context;
+use Magento\Framework\Controller\Result\JsonFactory;
+use Magento\Security\Model\AdminSessionsManager;
+
+/**
+ * Ajax Admin session checker
+ */
+class Check extends \Magento\Backend\App\Action
+{
+    /**
+     * @var JsonFactory
+     */
+    protected $jsonFactory;
+
+    /**
+     * @var AdminSessionsManager
+     */
+    protected $sessionsManager;
+
+    /**
+     * Check constructor.
+     * @param Context $context
+     * @param JsonFactory $jsonFactory
+     * @param AdminSessionsManager $sessionsManager
+     */
+    public function __construct(
+        Context $context,
+        JsonFactory $jsonFactory,
+        AdminSessionsManager $sessionsManager
+    ) {
+        parent::__construct($context);
+        $this->jsonFactory = $jsonFactory;
+        $this->sessionsManager = $sessionsManager;
+    }
+
+    /**
+     * @return \Magento\Framework\Controller\ResultInterface
+     */
+    public function execute()
+    {
+        /** @var \Magento\Framework\Controller\Result\Json $resultJson */
+        return $this->jsonFactory->create()->setData(
+            [
+                'isActive' => $this->sessionsManager->getCurrentSession()->isActive()
+            ]
+        );
+    }
+}

app/code/Magento/Security/Controller/Adminhtml/Session/LogoutAll.php

@@ -0,0 +1,49 @@
+<?php
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Security\Controller\Adminhtml\Session;
+
+use Magento\Backend\App\Action\Context;
+use Magento\Security\Model\AdminSessionsManager;
+
+/**
+ * Admin session logout all
+ */
+class LogoutAll extends \Magento\Backend\App\Action
+{
+    /**
+     * @var AdminSessionsManager
+     */
+    protected $sessionsManager;
+
+    /**
+     * Check constructor.
+     * @param Context $context
+     * @param AdminSessionsManager $sessionsManager
+     */
+    public function __construct(
+        Context $context,
+        AdminSessionsManager $sessionsManager
+    ) {
+        parent::__construct($context);
+        $this->sessionsManager = $sessionsManager;
+    }
+
+    /**
+     * @return void
+     */
+    public function execute()
+    {
+        try {
+            $this->sessionsManager->logoutOtherUserSessions();
+            $this->messageManager->addSuccess(__('All other open sessions for this account were terminated.'));
+        } catch (\Magento\Framework\Exception\LocalizedException $e) {
+            $this->messageManager->addError($e->getMessage());
+        } catch (\Exception $e) {
+            $this->messageManager->addException($e, __("We couldn't logout because of an error."));
+        }
+        $this->_redirect('*/*/activity');
+    }
+}