vendor/shopware/core/Checkout/Customer/Subscriber/CustomerTokenSubscriber.php line 40

  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Checkout\Customer\Subscriber;
  5. use Shopware\Core\Checkout\Customer\CustomerEvents;
  6. use Shopware\Core\Framework\DataAbstractionLayer\EntityWriteResult;
  7. use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityDeletedEvent;
  8. use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityWrittenEvent;
  9. use Shopware\Core\Framework\Log\Package;
  10. use Shopware\Core\PlatformRequest;
  11. use Shopware\Core\System\SalesChannel\Context\SalesChannelContextPersister;
  12. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  13. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  14. use Symfony\Component\HttpFoundation\RequestStack;
  16. /**
  17.  * @internal
  18.  */
  19. #[Package('customer-order')]
  20. class CustomerTokenSubscriber implements EventSubscriberInterface
  21. {
  22.     /**
  23.      * @internal
  24.      */
  25.     public function __construct(private readonly SalesChannelContextPersister $contextPersister, private readonly RequestStack $requestStack)
  26.     {
  27.     }
  29.     /**
  30.      * @return array<string, string|array{0: string, 1: int}|list<array{0: string, 1?: int}>>
  31.      */
  32.     public static function getSubscribedEvents(): array
  33.     {
  34.         return [
  35.             CustomerEvents::CUSTOMER_WRITTEN_EVENT => 'onCustomerWritten',
  36.             CustomerEvents::CUSTOMER_DELETED_EVENT => 'onCustomerDeleted',
  37.         ];
  38.     }
  40.     public function onCustomerWritten(EntityWrittenEvent $event): void
  41.     {
  42.         foreach ($event->getWriteResults() as $writeResult) {
  43.             if ($writeResult->getOperation() !== EntityWriteResult::OPERATION_UPDATE) {
  44.                 continue;
  45.             }
  47.             $payload $writeResult->getPayload();
  48.             if (!$this->customerCredentialsChanged($payload)) {
  49.                 continue;
  50.             }
  52.             $customerId $payload['id'];
  53.             $newToken $this->invalidateUsingSession($customerId);
  55.             if ($newToken) {
  56.                 $this->contextPersister->revokeAllCustomerTokens($customerId$newToken);
  57.             } else {
  58.                 $this->contextPersister->revokeAllCustomerTokens($customerId);
  59.             }
  60.         }
  61.     }
  63.     public function onCustomerDeleted(EntityDeletedEvent $event): void
  64.     {
  65.         foreach ($event->getIds() as $customerId) {
  66.             $this->contextPersister->revokeAllCustomerTokens($customerId);
  67.         }
  68.     }
  70.     /**
  71.      * @param array<string, mixed> $payload
  72.      */
  73.     private function customerCredentialsChanged(array $payload): bool
  74.     {
  75.         return isset($payload['password']);
  76.     }
  78.     private function invalidateUsingSession(string $customerId): ?string
  79.     {
  80.         $master $this->requestStack->getMainRequest();
  82.         if (!$master) {
  83.             return null;
  84.         }
  86.         // Is not a storefront request
  87.         if (!$master->attributes->has(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT)) {
  88.             return null;
  89.         }
  91.         /** @var SalesChannelContext $context */
  92.         $context $master->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT);
  94.         // Not loggedin skip
  95.         if ($context->getCustomer() === null) {
  96.             return null;
  97.         }
  99.         // The written customer is not the same as logged-in. We don't modify the user session
  100.         if ($context->getCustomer()->getId() !== $customerId) {
  101.             return null;
  102.         }
  104.         $token $context->getToken();
  106.         $newToken $this->contextPersister->replace($token$context);
  108.         $context->assign([
  109.             'token' => $newToken,
  110.         ]);
  112.         if (!$master->hasSession()) {
  113.             return null;
  114.         }
  116.         $session $master->getSession();
  117.         $session->migrate();
  118.         $session->set('sessionId'$session->getId());
  120.         $session->set(PlatformRequest::HEADER_CONTEXT_TOKEN$newToken);
  121.         $master->headers->set(PlatformRequest::HEADER_CONTEXT_TOKEN$newToken);
  123.         return $newToken;
  124.     }
  125. }