Magento 2: How to lock/unlock customers

Question

Seems that Magento hasn't this functionality, maybe it's not so useful but I need to.

For locking a customer I mean preventing them of using their account. He can't be able of login, it has to be like this account doesn't exist.

Even from admin panel, if the customer is locked, orders can not be placed for it.

I was searching but I found anything, seems I the only one who needs this? :(

I see that in the DDBB customer_entity there is a field named is_active but seems it does anything.

Then I found the functionality of blocking the account for introducing multiple times incorrect password. I thought about using this, like when I want to block some customer, I fake that. But it's not the best proper way to do that... Also the msg error will be something like "You introduced so many times..." and this is not good.

EDIT
I decided to create an extensionAttribute field on customer_entity. Then a plugin: Magento\Customer\Api\AccountManagementInterface with the method: afterAuthenticate preventing the login if the field is set to block the customer.

So this is working fine, now the problem is with the customers that are already logged in. If you set the field to block it, the session doesn't finish.

How can I solve this? I was thinking about: if you login and then deletes the customer, when you refresh the page, it finishes the session. How it detects that? I want to intercept this method and check my field too. With this, the problem will be solved.

Answer 1

I solved by this way:

Created an observer on this method: <event name="controller_action_predispatch">

And the function only needs to check my user field.

public function execute(\Magento\Framework\Event\Observer $observer)
{
    if (isset($this->customerSession->getCustomer()->getData()["locked"]) && $this->customerSession->getCustomer()->getData()["locked"] == self::LOCKED) {
        $this->customerSession->logout();
        $this->responseFactory->create()->setRedirect('/')->sendResponse();
        die();
    }
}

But I'm a bit worried with the performance, I hope this line won't affect so much.

Answer 2

Instead of making a module or having to recode anything, I did it through phpmyadmin. When you go in your files, go to customer_entity

Go to the customer that you want to LOCK out of their account. Click edit and go to the part that says

failures_num

and I typed 10 because max failed attempts is only 3. Go down to

lock_expires

and use the calendar to choose the year you want the lock to expire. You have to be within a reasonable time for it to accept the date, like 10 years from now. SAVE

Then go to customer_grid_flat go down to

lock_expires

and put the same date as you did the other file. SAVE

DONE

Now the customer can't log in until you unlock it. Which if you choose to, you can do in the admin panel under their customer info.

---

Answer 3

Same like Jen's answer but via SQL:

n98-magerun2 db:console

update customer_entity set failures_num = 10, lock_expires = "2038-01-01 00:00:00"
    where entity_id = TYPE_CUSTOMER_ID_HERE ;

update customer_entity set failures_num = 10, lock_expires = "2038-01-01 00:00:00"
    where entity_id = TYPE_CUSTOMER_ID_HERE ;

In many systems you can lock only until Y2K38, because of the Year 2038 problem.

Answer 4

I have created a file run outside to unlock customer post here if anyone needs this. https://github.com/magepow/magento-2-programmatically/blob/master/unLockCustomer.php