MC-35812: Overriding CreatePost can automatically confirm a customer

Author: mastiuhin-olexandr

app/code/Magento/Customer/Model/AccountManagement.php

@@ -977,7 +977,6 @@ protected function sendEmailConfirmation(CustomerInterface $customer, $redirectU
                 $templateType = self::NEW_ACCOUNT_EMAIL_REGISTERED_NO_PASSWORD;
             }
             $this->getEmailNotification()->newAccount($customer, $templateType, $redirectUrl, $customer->getStoreId());
-            $customer->setConfirmation(null);
         } catch (MailException $e) {
             // If we are not able to send a new account email, this should be ignored
             $this->logger->critical($e);
@@ -1615,37 +1614,6 @@ private function getEmailNotification()
         }
     }
 
-    /**
-     * Destroy all active customer sessions by customer id (current session will not be destroyed).
-     *
-     * Customer sessions which should be deleted are collecting from the "customer_visitor" table considering
-     * configured session lifetime.
-     *
-     * @param string|int $customerId
-     * @return void
-     */
-    private function destroyCustomerSessions($customerId)
-    {
-        $this->sessionManager->regenerateId();
-        $sessionLifetime = $this->scopeConfig->getValue(
-            \Magento\Framework\Session\Config::XML_PATH_COOKIE_LIFETIME,
-            \Magento\Store\Model\ScopeInterface::SCOPE_STORE
-        );
-        $dateTime = $this->dateTimeFactory->create();
-        $activeSessionsTime = $dateTime->setTimestamp($dateTime->getTimestamp() - $sessionLifetime)
-            ->format(DateTime::DATETIME_PHP_FORMAT);
-        /** @var \Magento\Customer\Model\ResourceModel\Visitor\Collection $visitorCollection */
-        $visitorCollection = $this->visitorCollectionFactory->create();
-        $visitorCollection->addFieldToFilter('customer_id', $customerId);
-        $visitorCollection->addFieldToFilter('last_visit_at', ['from' => $activeSessionsTime]);
-        $visitorCollection->addFieldToFilter('session_id', ['neq' => $this->sessionManager->getSessionId()]);
-        /** @var \Magento\Customer\Model\Visitor $visitor */
-        foreach ($visitorCollection->getItems() as $visitor) {
-            $sessionId = $visitor->getSessionId();
-            $this->saveHandler->destroy($sessionId);
-        }
-    }
-
     /**
      * Set ignore_validation_flag for reset password flow to skip unnecessary address and customer validation
      *

app/code/Magento/Customer/Model/AccountManagementApi.php

@@ -0,0 +1,31 @@
+<?php
+/**
+ * Copyright © Magento, Inc. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Customer\Model;
+
+use Magento\Customer\Api\Data\CustomerInterface;
+
+/**
+ * Account Management service implementation for external API access.
+ * Handle various customer account actions.
+ *
+ * @SuppressWarnings(PHPMD.CookieAndSessionMisuse)
+ */
+class AccountManagementApi extends AccountManagement
+{
+    /**
+     * @inheritDoc
+     *
+     * Override createAccount method to unset confirmation attribute for security purposes.
+     */
+    public function createAccount(CustomerInterface $customer, $password = null, $redirectUrl = '')
+    {
+        $customer = parent::createAccount($customer, $password, $redirectUrl);
+        $customer->setConfirmation(null);
+
+        return $customer;
+    }
+}

app/code/Magento/Customer/etc/graphql/di.xml

@@ -16,4 +16,6 @@
             </argument>
         </arguments>
     </type>
+    <preference for="Magento\Customer\Api\AccountManagementInterface"
+                type="Magento\Customer\Model\AccountManagementApi" />
 </config>

app/code/Magento/Customer/etc/webapi_rest/di.xml

@@ -31,4 +31,6 @@
             </argument>
         </arguments>
     </type>
+    <preference for="Magento\Customer\Api\AccountManagementInterface"
+                type="Magento\Customer\Model\AccountManagementApi" />
 </config>

app/code/Magento/Customer/etc/webapi_soap/di.xml

@@ -18,4 +18,6 @@
             </argument>
         </arguments>
     </type>
+    <preference for="Magento\Customer\Api\AccountManagementInterface"
+                type="Magento\Customer\Model\AccountManagementApi" />
 </config>