Step 1. Magento\User\Observer\Backend\AuthObserver::_checkExpiredPassword()
It produces the «It’s time to change your password. » message:
/**
* Check whether the latest password is expired
* Side-effect can be when passwords were changed with different lifetime configuration settings
*
* @param array $latestPassword
* @return void
*/
private function _checkExpiredPassword($latestPassword)
{
if ($latestPassword && $this->observerConfig->_isLatestPasswordExpired($latestPassword)) {
if ($this->observerConfig->isPasswordChangeForced()) {
$message = __('It\'s time to change your password.');
} else {
$myAccountUrl = $this->url->getUrl('adminhtml/system_account/');
$message = __('It\'s time to <a href="%1">change your password</a>.', $myAccountUrl);
}
$this->messageManager->addNoticeMessage($message);
$message = $this->messageManager->getMessages()->getLastAddedMessage();
if ($message) {
$message->setIdentifier('magento_user_password_expired')->setIsSticky(true);
$this->authSession->setPciAdminUserIsPasswordExpired(true);
}
}
}
Step 2. Magento\User\Model\Backend\Config\ObserverConfig::_isLatestPasswordExpired()
Step 3A. Magento\User\Model\Backend\Config\ObserverConfig::getAdminPasswordLifetime()
Step 3B. Magento\User\Model\ResourceModel\User::getLatestPassword()
The backend passwords are stored in the admin_passwords database’s table.expires field (of the admin_passwords table) contains a non-zero value.
/**
* Get latest password for specified user id
* Possible false positive when password was changed several times with different lifetime configuration
*
* @param int $userId
* @return array
*/
public function getLatestPassword($userId)
{
return $this->getConnection()->fetchRow(
$this->getConnection()
->select()
->from($this->getTable('admin_passwords'))
->where('user_id = :user_id')
->order('password_id ' . \Magento\Framework\DB\Select::SQL_DESC)
->limit(1),
[':user_id' => $userId]
);
}
