-
Notifications
You must be signed in to change notification settings - Fork 967
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
NEXT-8593 - Customer impersonation #3713
base: trunk
Are you sure you want to change the base?
NEXT-8593 - Customer impersonation #3713
Conversation
…and perform the login
…lain what it is exactly doing
…/allow-admin-customer-login
…/allow-admin-customer-login
|
@sobyte Looks good to me thanks |
@shyim Can you have a look at this? Would be happy to see this merged 💯 |
@sobyte thanks for the PR. Is it ready for review? We will most likely do that next week as much of the team is away. |
Yes, I think so. I've implemented the requested changes from @shyim of #3278 and added additional changes. I will try to fix the remaining errors in the pipeline as soon as possible, but that shouldn't block your review, does it? |
@sobyte yep that's fine, just didn't want to prematurely review a large piece of work if it was still a wip :) |
|
||
$newToken = $restoredCart->getToken(); | ||
|
||
$event = new CustomerLoginEvent($context, $customer, $newToken); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@sobyte @AydinHassan
Do you think we should/could also add a new "AsCustomerLoginEvent" here so that we can differentiate/track whether the login is triggered by a standard customer login or an admin customer login?
This would help create custom logic like an “Admin-Customer Login Log” to log when a user accesses a customer account.
To do this, it would also be nice to somehow get the user for whom the token was generated here to pass the admin user to this new event so that we can identify which user has logged into this customer account
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
or a flag inside the event?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe also the AccountService::loginById
method should be used to login the customer: https://github.com/shopware/shopware/blob/trunk/src/Core/Checkout/Customer/SalesChannel/AccountService.php#L93
As otherwise it would be possible to login to a customer, which is for example bound to a different sales channel. But in general I think it would be useful to have different events here (not sure if it would be sufficient to only have the customer id in that event).
#[Route(path: '/store-api/account/login/customer', name: 'store-api.account.login-as-customer', methods: ['POST'])] | ||
public function loginAsCustomer(RequestDataBag $data, SalesChannelContext $context): ContextTokenResponse | ||
{ | ||
// TODO: find better way to handle this |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You can use here the DataValidator which uses under the hood Symfony Validator
shopware/src/Core/Content/Newsletter/SalesChannel/NewsletterUnsubscribeRoute.php
Lines 91 to 92 in 66e2069
$definition = new DataValidationDefinition('newsletter_recipient.opt_out'); | |
$definition->add('email', new NotBlank(), new Email()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would also unify the error message when something is missing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We can pass the userId from the initial request to the final CustomerLoginEvent.
In the CustomerLoginEvent & CustomerBeforeLoginEvent we can add a new:
?string $userId = null
@sobyte to continue as fast as possible i extended your PR into #3727. |
1. Why is this change necessary?
This PR continues the work of #3278.
2. What does this change do, exactly?
See #3278
3. Describe each step to reproduce the issue or behaviour.
See #3278
4. Please link to the relevant issues (if any).
5. Checklist