NEXT-8593 - Customer impersonation

[sobyte]

1. Why is this change necessary?

This PR continues the work of #3278.

2. What does this change do, exactly?

See #3278

3. Describe each step to reproduce the issue or behaviour.

See #3278

4. Please link to the relevant issues (if any).

• NEXT-8593
• NEXT-8593 - Login as this customer (from administration) #878

5. Checklist

• I have rebased my changes to remove merge conflicts
• I have written tests and verified that they fail without my change
• I have created a changelog file with all necessary information about my changes
• I have written or adjusted the documentation according to my changes
• This change has comments for package types, values, functions, and non-obvious lines of code
• I have read the contribution requirements and fulfil them.

[CLAassistant]

All committers have signed the CLA.

[github-actions]

	Fails
🚫	You should not use the same commit message multiple times

	Warnings
⚠️	Please be kind and add unit tests for your new code in these files: src/Core/Checkout/Customer/Exception/InvalidLoginAsCustomerTokenException.php If you are sure everything is fine with your changes, you can resolve this warning. You can run `composer make:coverage` to generate dummy unit tests for files that are not covered

[ugurkankya]

@sobyte Looks good to me thanks

[ugurkankya]

@shyim Can you have a look at this? Would be happy to see this merged 💯

[AydinHassan]

@sobyte thanks for the PR. Is it ready for review? We will most likely do that next week as much of the team is away.

[sobyte]

@sobyte thanks for the PR. Is it ready for review? We will most likely do that next week as much of the team is away.

Yes, I think so. I've implemented the requested changes from @shyim of #3278 and added additional changes. I will try to fix the remaining errors in the pipeline as soon as possible, but that shouldn't block your review, does it?

[AydinHassan]

@sobyte yep that's fine, just didn't want to prematurely review a large piece of work if it was still a wip :)

[akf-bw]

@sobyte @AydinHassan
Do you think we should/could also add a new "AsCustomerLoginEvent" here so that we can differentiate/track whether the login is triggered by a standard customer login or an admin customer login?
This would help create custom logic like an “Admin-Customer Login Log” to log when a user accesses a customer account.

To do this, it would also be nice to somehow get the user for whom the token was generated here to pass the admin user to this new event so that we can identify which user has logged into this customer account

[shyim]

or a flag inside the event?

[aragon999]

Maybe also the AccountService::loginById method should be used to login the customer: https://github.com/shopware/shopware/blob/trunk/src/Core/Checkout/Customer/SalesChannel/AccountService.php#L93

As otherwise it would be possible to login to a customer, which is for example bound to a different sales channel. But in general I think it would be useful to have different events here (not sure if it would be sufficient to only have the customer id in that event).

[shyim]

You can use here the DataValidator which uses under the hood Symfony Validator

shopware/src/Core/Content/Newsletter/SalesChannel/NewsletterUnsubscribeRoute.php

Lines 91 to 92 in 66e2069

	$definition = new DataValidationDefinition('newsletter_recipient.opt_out');
	$definition->add('email', new NotBlank(), new Email());

[shyim]

This would also unify the error message when something is missing

[akf-bw]

We can pass the userId from the initial request to the final CustomerLoginEvent.
In the CustomerLoginEvent & CustomerBeforeLoginEvent we can add a new:
?string $userId = null

[akf-bw]

@sobyte to continue as fast as possible i extended your PR into #3727.
I added all the additional comments from @shyim & @aragon999 to the new PR & reworked some parts of it.
Also all tests are now fixed.