vendor/shopware/core/Checkout/Customer/Subscriber/CustomerTokenSubscriber.php line 42

  1. <?php declare(strict_types=1);
  3. namespace Shopware\Core\Checkout\Customer\Subscriber;
  5. use Shopware\Core\Checkout\Customer\CustomerEvents;
  6. use Shopware\Core\Framework\DataAbstractionLayer\EntityWriteResult;
  7. use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityDeletedEvent;
  8. use Shopware\Core\Framework\DataAbstractionLayer\Event\EntityWrittenEvent;
  9. use Shopware\Core\Framework\Log\Package;
  10. use Shopware\Core\PlatformRequest;
  11. use Shopware\Core\System\SalesChannel\Context\SalesChannelContextPersister;
  12. use Shopware\Core\System\SalesChannel\SalesChannelContext;
  13. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  14. use Symfony\Component\HttpFoundation\RequestStack;
  16. /**
  17.  * @internal
  18.  */
  19. #[Package('customer-order')]
  20. class CustomerTokenSubscriber implements EventSubscriberInterface
  21. {
  22.     /**
  23.      * @internal
  24.      */
  25.     public function __construct(
  26.         private readonly SalesChannelContextPersister $contextPersister,
  27.         private readonly RequestStack $requestStack
  28.     ) {
  29.     }
  31.     /**
  32.      * @return array<string, string|array{0: string, 1: int}|list<array{0: string, 1?: int}>>
  33.      */
  34.     public static function getSubscribedEvents(): array
  35.     {
  36.         return [
  37.             CustomerEvents::CUSTOMER_WRITTEN_EVENT => 'onCustomerWritten',
  38.             CustomerEvents::CUSTOMER_DELETED_EVENT => 'onCustomerDeleted',
  39.         ];
  40.     }
  42.     public function onCustomerWritten(EntityWrittenEvent $event): void
  43.     {
  44.         foreach ($event->getWriteResults() as $writeResult) {
  45.             if ($writeResult->getOperation() !== EntityWriteResult::OPERATION_UPDATE) {
  46.                 continue;
  47.             }
  49.             $payload $writeResult->getPayload();
  50.             if (!$this->customerCredentialsChanged($payload)) {
  51.                 continue;
  52.             }
  54.             $customerId $payload['id'];
  55.             $newToken $this->invalidateUsingSession($customerId);
  57.             if ($newToken) {
  58.                 $this->contextPersister->revokeAllCustomerTokens($customerId$newToken);
  59.             } else {
  60.                 $this->contextPersister->revokeAllCustomerTokens($customerId);
  61.             }
  62.         }
  63.     }
  65.     public function onCustomerDeleted(EntityDeletedEvent $event): void
  66.     {
  67.         foreach ($event->getIds() as $customerId) {
  68.             $this->contextPersister->revokeAllCustomerTokens($customerId);
  69.         }
  70.     }
  72.     /**
  73.      * @param array<string, mixed> $payload
  74.      */
  75.     private function customerCredentialsChanged(array $payload): bool
  76.     {
  77.         return isset($payload['password']);
  78.     }
  80.     private function invalidateUsingSession(string $customerId): ?string
  81.     {
  82.         $master $this->requestStack->getMainRequest();
  84.         if (!$master) {
  85.             return null;
  86.         }
  88.         // Is not a storefront request
  89.         if (!$master->attributes->has(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT)) {
  90.             return null;
  91.         }
  93.         /** @var SalesChannelContext $context */
  94.         $context $master->attributes->get(PlatformRequest::ATTRIBUTE_SALES_CHANNEL_CONTEXT_OBJECT);
  96.         // Not loggedin skip
  97.         if ($context->getCustomer() === null) {
  98.             return null;
  99.         }
  101.         // The written customer is not the same as logged-in. We don't modify the user session
  102.         if ($context->getCustomer()->getId() !== $customerId) {
  103.             return null;
  104.         }
  106.         $token $context->getToken();
  108.         $newToken $this->contextPersister->replace($token$context);
  110.         $context->assign([
  111.             'token' => $newToken,
  112.         ]);
  114.         if (!$master->hasSession()) {
  115.             return null;
  116.         }
  118.         $session $master->getSession();
  119.         $session->migrate();
  120.         $session->set('sessionId'$session->getId());
  122.         $session->set(PlatformRequest::HEADER_CONTEXT_TOKEN$newToken);
  123.         $master->headers->set(PlatformRequest::HEADER_CONTEXT_TOKEN$newToken);
  125.         return $newToken;
  126.     }
  127. }