Merge branch '2.4.3-develop' into cia-2.4.3-bugfixes-4222021

Author: admanesachin

app/code/Magento/AdvancedPricingImportExport/Controller/Adminhtml/Export/GetFilter.php

@@ -34,8 +34,8 @@ public function execute()
                 /** @var $export \Magento\ImportExport\Model\Export */
                 $export = $this->_objectManager->create(\Magento\ImportExport\Model\Export::class);
                 $export->setData($data);
-                $attrFilterBlock->prepareCollection(
-                    $export->filterAttributeCollection($export->getEntityAttributeCollection())
+                $export->filterAttributeCollection(
+                    $attrFilterBlock->prepareCollection($export->getEntityAttributeCollection())
                 );
                 return $resultLayout;
             } catch (\Exception $e) {

app/code/Magento/Analytics/Test/Mftf/Test/AdminAdvancedReportingButtonTest.xml

@@ -9,14 +9,12 @@
         xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
     <test name="AdminAdvancedReportingButtonTest">
         <annotations>
-            <stories value="AdvancedReporting"/>
-            <title value="AdvancedReportingButtonTest"/>
-            <description value="Test log in to AdvancedReporting and tests AdvancedReportingButtonTest"/>
-            <testCaseId value="MC-14800"/>
-            <skip>
-                <issueId value="MC-14800" />
-            </skip>
+            <features value="Analytics"/>
+            <stories value="Advanced Reporting"/>
+            <title value="Assert the Advanced Reporting page is opened by dashboard link"/>
+            <description value="Check the ability to navigate to the Advanced Reporting page through the Advanced Reporting button on the dashboard"/>
             <severity value="CRITICAL"/>
+            <testCaseId value="MC-28376"/>
             <group value="analytics"/>
             <group value="mtf_migrated"/>
         </annotations>

app/code/Magento/Backend/App/Action/Plugin/Authentication.php

@@ -225,8 +225,10 @@ protected function _redirectIfNeededAfterLogin(\Magento\Framework\App\RequestInt
 
         // Checks, whether secret key is required for admin access or request uri is explicitly set
         if ($this->_url->useSecretKey()) {
-            $requestParts = explode('/', trim($request->getRequestUri(), '/'), 2);
-            $requestUri = $this->_url->getUrl(array_pop($requestParts));
+            $requestParts = explode('/', trim($request->getRequestUri(), '/'), 3);
+            $baseUrlPath = trim(parse_url($this->backendUrl->getBaseUrl(), PHP_URL_PATH), '/');
+            $routeIndex = empty($baseUrlPath) ? 0 : 1;
+            $requestUri = $this->_url->getUrl($requestParts[$routeIndex]);
         } elseif ($request) {
             $requestUri = $request->getRequestUri();
         }

app/code/Magento/Backend/Controller/Adminhtml/Auth/Login.php

@@ -1,13 +1,17 @@
 <?php
 /**
- *
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\Backend\Controller\Adminhtml\Auth;
 
+use Magento\Backend\App\Area\FrontNameResolver;
+use Magento\Backend\App\BackendAppList;
+use Magento\Backend\Model\UrlFactory;
 use Magento\Framework\App\Action\HttpGetActionInterface as HttpGet;
 use Magento\Framework\App\Action\HttpPostActionInterface as HttpPost;
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\App\Request\Http;
 
 /**
  * @api
@@ -20,18 +24,50 @@ class Login extends \Magento\Backend\Controller\Adminhtml\Auth implements HttpGe
      */
     protected $resultPageFactory;
 
+    /**
+     * @var FrontNameResolver
+     */
+    private $frontNameResolver;
+
+    /**
+     * @var BackendAppList
+     */
+    private $backendAppList;
+
+    /**
+     * @var UrlFactory
+     */
+    private $backendUrlFactory;
+
+    /**
+     * @var Http
+     */
+    private $http;
+
     /**
      * Constructor
      *
      * @param \Magento\Backend\App\Action\Context $context
      * @param \Magento\Framework\View\Result\PageFactory $resultPageFactory
+     * @param FrontNameResolver|null $frontNameResolver
+     * @param BackendAppList|null $backendAppList
+     * @param UrlFactory|null $backendUrlFactory
+     * @param Http|null $http
      */
     public function __construct(
         \Magento\Backend\App\Action\Context $context,
-        \Magento\Framework\View\Result\PageFactory $resultPageFactory
+        \Magento\Framework\View\Result\PageFactory $resultPageFactory,
+        FrontNameResolver $frontNameResolver = null,
+        BackendAppList $backendAppList = null,
+        UrlFactory $backendUrlFactory = null,
+        Http $http = null
     ) {
         $this->resultPageFactory = $resultPageFactory;
         parent::__construct($context);
+        $this->frontNameResolver = $frontNameResolver ?? ObjectManager::getInstance()->get(FrontNameResolver::class);
+        $this->backendAppList = $backendAppList ?? ObjectManager::getInstance()->get(BackendAppList::class);
+        $this->backendUrlFactory = $backendUrlFactory ?? ObjectManager::getInstance()->get(UrlFactory::class);
+        $this->http = $http ?? ObjectManager::getInstance()->get(Http::class);
     }
 
     /**
@@ -49,7 +85,8 @@ public function execute()
         }
 
         $requestUrl = $this->getRequest()->getUri();
-        if (!$requestUrl->isValid()) {
+
+        if (!$requestUrl->isValid() || !$this->isValidBackendUri()) {
             return $this->getRedirect($this->getUrl('*'));
         }
 
@@ -69,4 +106,26 @@ private function getRedirect($path)
         $resultRedirect->setPath($path);
         return $resultRedirect;
     }
+
+    /**
+     * Verify if correct backend uri requested.
+     *
+     * @return bool
+     */
+    private function isValidBackendUri(): bool
+    {
+        $requestUri = $this->getRequest()->getRequestUri();
+        $backendApp = $this->backendAppList->getCurrentApp();
+        $baseUrl = parse_url($this->backendUrlFactory->create()->getBaseUrl(), PHP_URL_PATH);
+        if (!$backendApp) {
+            $backendFrontName = $this->frontNameResolver->getFrontName();
+        } else {
+            //In case of application authenticating through the admin login, the script name should be removed
+            //from the path, because application has own script.
+            $baseUrl = $this->http->getUrlNoScript($baseUrl);
+            $backendFrontName = $backendApp->getCookiePath();
+        }
+
+        return strpos($requestUri, $baseUrl . $backendFrontName) === 0;
+    }
 }

app/code/Magento/Backend/Test/Mftf/Data/AdminWebConfigData.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<entities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:noNamespaceSchemaLocation="urn:magento:mftf:DataGenerator/etc/dataProfileSchema.xsd">
+    <entity name="AdminEnableUrlRewritesConfigData">
+        <data key="path">web/seo/use_rewrites</data>
+        <data key="value">1</data>
+    </entity>
+    <entity name="AdminDisableUrlRewritesConfigData">
+        <data key="path">web/seo/use_rewrites</data>
+        <data key="value">0</data>
+    </entity>
+</entities>

app/code/Magento/Backend/Test/Mftf/Data/SystemUploadConfigurationConfigData.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+<entities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:noNamespaceSchemaLocation="urn:magento:mftf:DataGenerator/etc/dataProfileSchema.xsd">
+    <entity name="SystemUploadConfigurationMaxWidth">
+        <data key="path">system/upload_configuration/max_width</data>
+        <data key="value">1920</data>
+    </entity>
+    <entity name="SystemUploadConfigurationMaxHeight">
+        <data key="path">system/upload_configuration/max_height</data>
+        <data key="value">1200</data>
+    </entity>
+</entities>

app/code/Magento/Backend/Test/Mftf/Test/AdminLoginSuccessfulWithRewritesDisabledTest.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<tests xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
+    <test name="AdminLoginSuccessfulWithRewritesDisabledTest">
+        <annotations>
+            <features value="Backend"/>
+            <stories value="Login on the Admin Login page"/>
+            <title
+                value="Admin should be able to log into the Magento Admin backend successfully if url rewrites are disabled"/>
+            <description
+                value="Admin should be able to log into the Magento Admin backend successfully if url rewrites are disabled"/>
+            <severity value="CRITICAL"/>
+            <group value="example"/>
+            <group value="login"/>
+        </annotations>
+
+        <before>
+            <magentoCLI command="config:set {{AdminDisableUrlRewritesConfigData.path}} {{AdminDisableUrlRewritesConfigData.value}}" stepKey="disableUrlRewrites"/>
+        </before>
+        <after>
+            <magentoCLI command="config:set {{AdminEnableUrlRewritesConfigData.path}} {{AdminEnableUrlRewritesConfigData.value}}" stepKey="enableUrlRewrites"/>
+        </after>
+
+        <actionGroup ref="AdminLoginActionGroup" stepKey="loginAsAdmin"/>
+        <actionGroup ref="AssertAdminSuccessLoginActionGroup" stepKey="assertLoggedIn"/>
+        <actionGroup ref="AdminLogoutActionGroup" stepKey="logoutFromAdmin"/>
+    </test>
+</tests>