Merge pull request #183 from magento-ogre/MAGETWO-45420-custom-Admin-URL-with-https-is-enabled-with-errors

[Ogres] Bugfixes

Author: mazhalai

app/code/Magento/Backend/App/Action/Plugin/Authentication.php

@@ -63,6 +63,11 @@ class Authentication
      */
     protected $resultRedirectFactory;
 
+    /**
+     * @var \Magento\Framework\Data\Form\FormKey\Validator
+     */
+    protected $formKeyValidator;
+
     /**
      * @param \Magento\Backend\Model\Auth $auth
      * @param \Magento\Backend\Model\UrlInterface $url
@@ -72,6 +77,7 @@ class Authentication
      * @param \Magento\Backend\Model\UrlInterface $backendUrl
      * @param \Magento\Framework\Controller\Result\RedirectFactory $resultRedirectFactory
      * @param \Magento\Backend\App\BackendAppList $backendAppList
+     * @param \Magento\Framework\Data\Form\FormKey\Validator $formKeyValidator
      */
     public function __construct(
         \Magento\Backend\Model\Auth $auth,
@@ -81,7 +87,8 @@ public function __construct(
         \Magento\Framework\Message\ManagerInterface $messageManager,
         \Magento\Backend\Model\UrlInterface $backendUrl,
         \Magento\Framework\Controller\Result\RedirectFactory $resultRedirectFactory,
-        \Magento\Backend\App\BackendAppList $backendAppList
+        \Magento\Backend\App\BackendAppList $backendAppList,
+        \Magento\Framework\Data\Form\FormKey\Validator $formKeyValidator
     ) {
         $this->_auth = $auth;
         $this->_url = $url;
@@ -91,11 +98,12 @@ public function __construct(
         $this->backendUrl = $backendUrl;
         $this->resultRedirectFactory = $resultRedirectFactory;
         $this->backendAppList = $backendAppList;
+        $this->formKeyValidator = $formKeyValidator;
     }
 
     /**
      * @param \Magento\Backend\App\AbstractAction $subject
-     * @param callable $proceed
+     * @param \Closure $proceed
      * @param \Magento\Framework\App\RequestInterface $request
      *
      * @return mixed
@@ -144,8 +152,17 @@ public function aroundDispatch(
     protected function _processNotLoggedInUser(\Magento\Framework\App\RequestInterface $request)
     {
         $isRedirectNeeded = false;
-        if ($request->getPost('login') && $this->_performLogin($request)) {
-            $isRedirectNeeded = $this->_redirectIfNeededAfterLogin($request);
+        if ($request->getPost('login')) {
+            if ($this->formKeyValidator->validate($request)) {
+                if ($this->_performLogin($request)) {
+                    $isRedirectNeeded = $this->_redirectIfNeededAfterLogin($request);
+                }
+            } else {
+                $this->_actionFlag->set('', \Magento\Framework\App\ActionInterface::FLAG_NO_DISPATCH, true);
+                $this->_response->setRedirect($this->_url->getCurrentUrl());
+                $this->messageManager->addError(__('Invalid Form Key. Please refresh the page.'));
+                $isRedirectNeeded = true;
+            }
         }
         if (!$isRedirectNeeded && !$request->isForwarded()) {
             if ($request->getParam('isIframe')) {

app/code/Magento/Backend/App/Area/FrontNameResolver.php

@@ -19,6 +19,10 @@ class FrontNameResolver implements \Magento\Framework\App\Area\FrontNameResolver
 
     const XML_PATH_CUSTOM_ADMIN_PATH = 'admin/url/custom_path';
 
+    const XML_PATH_USE_CUSTOM_ADMIN_URL = 'admin/url/use_custom';
+
+    const XML_PATH_CUSTOM_ADMIN_URL = 'admin/url/custom';
+
     /**
      * Backend area code
      */
@@ -89,7 +93,11 @@ public function getFrontName($checkHost = false)
      */
     public function isHostBackend()
     {
-        $backendUrl = $this->scopeConfig->getValue(Store::XML_PATH_UNSECURE_BASE_URL, ScopeInterface::SCOPE_STORE);
+        if ($this->scopeConfig->getValue(self::XML_PATH_USE_CUSTOM_ADMIN_URL, ScopeInterface::SCOPE_STORE)) {
+            $backendUrl = $this->scopeConfig->getValue(self::XML_PATH_CUSTOM_ADMIN_URL, ScopeInterface::SCOPE_STORE);
+        } else {
+            $backendUrl = $this->scopeConfig->getValue(Store::XML_PATH_UNSECURE_BASE_URL, ScopeInterface::SCOPE_STORE);
+        }
         $host = isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : '';
         return stripos($this->getHostWithPort($backendUrl), $host) !== false;
     }

app/code/Magento/Backend/Block/Dashboard/Graph.php

@@ -214,13 +214,16 @@ public function getChartUrl($directUrl = true)
             true
         );
 
-        $dateStart->setTimezone(new \DateTimeZone($timezoneLocal));
-        $dateEnd->setTimezone(new \DateTimeZone($timezoneLocal));
+        if ($this->getDataHelper()->getParam('period') == '24h') {
+            $dateStart->setTimezone(new \DateTimeZone($timezoneLocal));
+            $dateEnd->setTimezone(new \DateTimeZone($timezoneLocal));
+            $dateEnd->modify('-1 hour');
+        }
 
         $dates = [];
         $datas = [];
 
-        while ($dateStart < $dateEnd) {
+        while ($dateStart <= $dateEnd) {
             switch ($this->getDataHelper()->getParam('period')) {
                 case '7d':
                 case '1m':
@@ -398,7 +401,11 @@ public function getChartUrl($directUrl = true)
                                     break;
                                 case '7d':
                                 case '1m':
-                                    $this->_axisLabels[$idx][$_index] = $this->_localeDate->formatDateTime($period);
+                                    $this->_axisLabels[$idx][$_index] = $this->_localeDate->formatDateTime(
+                                        $period,
+                                        \IntlDateFormatter::SHORT,
+                                        \IntlDateFormatter::NONE
+                                    );
                                     break;
                                 case '1y':
                                 case '2y':

app/code/Magento/Backend/Controller/Adminhtml/Auth/Login.php

@@ -38,11 +38,30 @@ public function execute()
             if ($this->_auth->getAuthStorage()->isFirstPageAfterLogin()) {
                 $this->_auth->getAuthStorage()->setIsFirstPageAfterLogin(true);
             }
-            /** @var \Magento\Backend\Model\View\Result\Redirect $resultRedirect */
-            $resultRedirect = $this->resultRedirectFactory->create();
-            $resultRedirect->setPath($this->_backendUrl->getStartupPageUrl());
-            return $resultRedirect;
+            return $this->getRedirect($this->_backendUrl->getStartupPageUrl());
         }
-        return $this->resultPageFactory->create();
+
+        $requestUrl = $this->getRequest()->getUri();
+        $backendUrl = $this->getUrl('*');
+        // redirect according to rewrite rule
+        if ($requestUrl != $backendUrl) {
+            return $this->getRedirect($backendUrl);
+        } else {
+            return $this->resultPageFactory->create();
+        }
+    }
+
+    /**
+     * Get redirect response
+     *
+     * @param string $path
+     * @return \Magento\Backend\Model\View\Result\Redirect
+     */
+    private function getRedirect($path)
+    {
+        /** @var \Magento\Backend\Model\View\Result\Redirect $resultRedirect */
+        $resultRedirect = $this->resultRedirectFactory->create();
+        $resultRedirect->setPath($path);
+        return $resultRedirect;
     }
 }

app/code/Magento/Backend/Test/Unit/App/Area/FrontNameResolverTest.php

@@ -84,18 +84,37 @@ public function testIfCustomPathNotUsed()
     }
 
     /**
-     * @param $url
-     * @param $host
+     * @param string $url
+     * @param string $host
+     * @param string $useCustomAdminUrl
+     * @param string $customAdminUrl
+     * @param string $expectedValue
      * @dataProvider hostsDataProvider
      */
-    public function testIsHostBackend($url, $host, $expectedValue)
+    public function testIsHostBackend($url, $host, $useCustomAdminUrl, $customAdminUrl, $expectedValue)
     {
-        $backendUrl = $url;
         $_SERVER['HTTP_HOST'] = $host;
-        $this->scopeConfigMock->expects($this->once())
+        $this->scopeConfigMock->expects($this->exactly(2))
             ->method('getValue')
-            ->with(Store::XML_PATH_UNSECURE_BASE_URL, ScopeInterface::SCOPE_STORE)
-            ->willReturn($backendUrl);
+            ->will(
+                $this->returnValueMap(
+                    [
+                        [Store::XML_PATH_UNSECURE_BASE_URL, ScopeInterface::SCOPE_STORE, null, $url],
+                        [
+                            FrontNameResolver::XML_PATH_USE_CUSTOM_ADMIN_URL,
+                            ScopeInterface::SCOPE_STORE,
+                            null,
+                            $useCustomAdminUrl
+                        ],
+                        [
+                            FrontNameResolver::XML_PATH_CUSTOM_ADMIN_URL,
+                            ScopeInterface::SCOPE_STORE,
+                            null,
+                            $customAdminUrl
+                        ],
+                    ]
+                )
+            );
         $this->assertEquals($this->model->isHostBackend(), $expectedValue);
     }
 
@@ -105,31 +124,57 @@ public function hostsDataProvider()
             'withoutPort' => [
                 'url' => 'http://magento2.loc/',
                 'host' => 'magento2.loc',
+                'useCustomAdminUrl' => '0',
+                'customAdminUrl' => '',
                 'expectedValue' => true
             ],
             'withPort' => [
                 'url' => 'http://magento2.loc:8080/',
                 'host' => 'magento2.loc:8080',
+                'useCustomAdminUrl' => '0',
+                'customAdminUrl' => '',
                 'expectedValue' => true
             ],
             'withStandartPortInUrlWithoutPortInHost' => [
                 'url' => 'http://magento2.loc:80/',
                 'host' => 'magento2.loc',
+                'useCustomAdminUrl' => '0',
+                'customAdminUrl' => '',
                 'expectedValue' => true
             ],
             'withoutStandartPortInUrlWithPortInHost' => [
                 'url' => 'https://magento2.loc/',
                 'host' => 'magento2.loc:443',
+                'useCustomAdminUrl' => '0',
+                'customAdminUrl' => '',
                 'expectedValue' => true
             ],
             'differentHosts' => [
                 'url' => 'http://m2.loc/',
                 'host' => 'magento2.loc',
+                'useCustomAdminUrl' => '0',
+                'customAdminUrl' => '',
                 'expectedValue' => false
             ],
             'differentPortsOnOneHost' => [
                 'url' => 'http://magento2.loc/',
                 'host' => 'magento2.loc:8080',
+                'useCustomAdminUrl' => '0',
+                'customAdminUrl' => '',
+                'expectedValue' => false
+            ],
+            'withCustomAdminUrl' => [
+                'url' => 'http://magento2.loc/',
+                'host' => 'myhost.loc',
+                'useCustomAdminUrl' => '1',
+                'customAdminUrl' => 'https://myhost.loc/',
+                'expectedValue' => true
+            ],
+            'withCustomAdminUrlWrongHost' => [
+                'url' => 'http://magento2.loc/',
+                'host' => 'SomeOtherHost.loc',
+                'useCustomAdminUrl' => '1',
+                'customAdminUrl' => 'https://myhost.loc/',
                 'expectedValue' => false
             ]
         ];

app/code/Magento/CatalogUrlRewrite/Model/CategoryUrlPathGenerator.php

@@ -61,7 +61,7 @@ public function __construct(
      */
     public function getUrlPath($category)
     {
-        if ($category->getParentId() == Category::TREE_ROOT_ID) {
+        if (in_array($category->getParentId(), [Category::ROOT_CATEGORY_ID, Category::TREE_ROOT_ID])) {
             return '';
         }
         $path = $category->getUrlPath();
@@ -87,7 +87,7 @@ public function getUrlPath($category)
      */
     protected function isNeedToGenerateUrlPathForParent($category)
     {
-        return $category->getLevel() >= self::MINIMAL_CATEGORY_LEVEL_FOR_PROCESSING;
+        return $category->isObjectNew() || $category->getLevel() >= self::MINIMAL_CATEGORY_LEVEL_FOR_PROCESSING;
     }
 
     /**

app/code/Magento/CatalogUrlRewrite/Test/Unit/Model/CategoryUrlPathGeneratorTest.php

@@ -96,9 +96,9 @@ public function getUrlPathDataProvider()
         $noGenerationLevel = CategoryUrlPathGenerator::MINIMAL_CATEGORY_LEVEL_FOR_PROCESSING - 1;
         return [
             [Category::TREE_ROOT_ID, 'url-path', $noGenerationLevel, '', false, false, ''],
-            ['parent_id', 'url-path', $noGenerationLevel, '', false, false, 'url-path'],
-            ['parent_id', 'url-path', $noGenerationLevel, 'url-key', true, false, 'url-key'],
-            ['parent_id', 'url-path', $noGenerationLevel, 'url-key', false, true, 'url-key'],
+            [13, 'url-path', $noGenerationLevel, '', false, false, 'url-path'],
+            [13, 'url-path', $noGenerationLevel, 'url-key', true, false, 'url-key'],
+            [13, 'url-path', $noGenerationLevel, 'url-key', false, true, 'url-key'],
         ];
     }
 
@@ -110,7 +110,7 @@ public function getUrlPathWithParentDataProvider()
         $requireGenerationLevel = CategoryUrlPathGenerator::MINIMAL_CATEGORY_LEVEL_FOR_PROCESSING;
         $noGenerationLevel = CategoryUrlPathGenerator::MINIMAL_CATEGORY_LEVEL_FOR_PROCESSING - 1;
         return [
-            ['url-key', false, $requireGenerationLevel, 'parent_id', 'parent-path', 'parent-path/url-key'],
+            ['url-key', false, $requireGenerationLevel, 13, 'parent-path', 'parent-path/url-key'],
             ['url-key', false, $requireGenerationLevel, Category::TREE_ROOT_ID, null, 'url-key'],
             ['url-key', true, $noGenerationLevel, Category::TREE_ROOT_ID, null, 'url-key'],
         ];
@@ -136,7 +136,7 @@ public function testGetUrlPathWithParent(
         $urlPath = null;
         $parentLevel = CategoryUrlPathGenerator::MINIMAL_CATEGORY_LEVEL_FOR_PROCESSING - 1;
         $this->category->expects($this->any())->method('getParentId')
-            ->will($this->returnValue('parent_id'));
+            ->will($this->returnValue(13));
         $this->category->expects($this->any())->method('getLevel')
             ->will($this->returnValue($level));
         $this->category->expects($this->any())->method('getUrlPath')->will($this->returnValue($urlPath));
@@ -152,7 +152,7 @@ public function testGetUrlPathWithParent(
         $parentCategory->expects($this->any())->method('dataHasChangedFor')
             ->will($this->returnValueMap([['url_key', false], ['path_ids', false]]));
 
-        $this->categoryRepository->expects($this->any())->method('get')->with('parent_id')
+        $this->categoryRepository->expects($this->any())->method('get')->with(13)
             ->will($this->returnValue($parentCategory));
 
         $this->assertEquals($result, $this->categoryUrlPathGenerator->getUrlPath($this->category));
@@ -205,7 +205,7 @@ public function testGetUrlPathWithSuffixWithoutStore()
         $result = 'url-path.html';
 
         $this->category->expects($this->any())->method('getStoreId')->will($this->returnValue($storeId));
-        $this->category->expects($this->once())->method('getParentId')->will($this->returnValue('parent_id'));
+        $this->category->expects($this->once())->method('getParentId')->will($this->returnValue(2));
         $this->category->expects($this->once())->method('getUrlPath')->will($this->returnValue($urlPath));
         $this->category->expects($this->exactly(2))->method('dataHasChangedFor')
             ->will($this->returnValueMap([['url_key', false], ['path_ids', false]]));

app/code/Magento/Rss/App/Action/Plugin/BackendAuthentication.php

@@ -48,6 +48,7 @@ class BackendAuthentication extends \Magento\Backend\App\Action\Plugin\Authentic
      * @param \Magento\Backend\Model\UrlInterface $backendUrl
      * @param \Magento\Framework\Controller\Result\RedirectFactory $resultRedirectFactory
      * @param \Magento\Backend\App\BackendAppList $backendAppList
+     * @param \Magento\Framework\Data\Form\FormKey\Validator $formKeyValidator
      * @param \Magento\Framework\HTTP\Authentication $httpAuthentication
      * @param \Psr\Log\LoggerInterface $logger
      * @param \Magento\Framework\AuthorizationInterface $authorization
@@ -63,6 +64,7 @@ public function __construct(
         \Magento\Backend\Model\UrlInterface $backendUrl,
         \Magento\Framework\Controller\Result\RedirectFactory $resultRedirectFactory,
         \Magento\Backend\App\BackendAppList $backendAppList,
+        \Magento\Framework\Data\Form\FormKey\Validator $formKeyValidator,
         \Magento\Framework\HTTP\Authentication $httpAuthentication,
         \Psr\Log\LoggerInterface $logger,
         \Magento\Framework\AuthorizationInterface $authorization,
@@ -80,7 +82,8 @@ public function __construct(
             $messageManager,
             $backendUrl,
             $resultRedirectFactory,
-            $backendAppList
+            $backendAppList,
+            $formKeyValidator
         );
     }
 

composer.json

@@ -223,7 +223,7 @@
             "Magento\\": "app/code/Magento/"
         },
         "psr-0": {
-            "_empty_": "app/code/"
+            "": "app/code/"
         },
         "files": [
             "app/etc/NonComposerComponentRegistration.php"

composer.lock

@@ -63,10 +63,16 @@ public function __construct(CurlTransport $transport, DataInterface $configurati
      */
     protected function authorize()
     {
+        // Perform GET to backend url so form_key is set
+        $url = $_ENV['app_backend_url'];
+        $this->transport->write($url, [], CurlInterface::GET);
+        $this->read();
+
         $url = $_ENV['app_backend_url'] . $this->configuration->get('application/0/backendLoginUrl/0/value');
         $data = [
             'login[username]' => $this->configuration->get('application/0/backendLogin/0/value'),
             'login[password]' => $this->configuration->get('application/0/backendPassword/0/value'),
+            'form_key' => $this->formKey,
         ];
         $this->transport->write($url, $data, CurlInterface::POST);
         $response = $this->read();