Beispiel #1
0
 /**
  * Disabled form security in order to prevent exit from the app
  * @magentoConfigFixture current_store admin/security/session_lifetime 59
  */
 public function testIsLoggedInWithIgnoredLifetime()
 {
     $this->_model->login(\Magento\TestFramework\Bootstrap::ADMIN_NAME, \Magento\TestFramework\Bootstrap::ADMIN_PASSWORD);
     $this->assertTrue($this->_model->isLoggedIn());
     $this->_model->getAuthStorage()->setUpdatedAt(time() - 101);
     $this->assertTrue($this->_model->isLoggedIn());
 }
Beispiel #2
0
 /**
  * @param \Magento\Backend\App\AbstractAction $subject
  * @param callable $proceed
  * @param \Magento\Framework\App\RequestInterface $request
  *
  * @return mixed
  * @SuppressWarnings(PHPMD.UnusedFormalParameter)
  */
 public function aroundDispatch(\Magento\Backend\App\AbstractAction $subject, \Closure $proceed, \Magento\Framework\App\RequestInterface $request)
 {
     $requestedActionName = $request->getActionName();
     if (in_array($requestedActionName, $this->_openActions)) {
         $request->setDispatched(true);
     } else {
         if ($this->_auth->getUser()) {
             $this->_auth->getUser()->reload();
         }
         if (!$this->_auth->isLoggedIn()) {
             $this->_processNotLoggedInUser($request);
         } else {
             $this->_auth->getAuthStorage()->prolong();
             $backendApp = null;
             if ($request->getParam('app')) {
                 $backendApp = $this->backendAppList->getCurrentApp();
             }
             if ($backendApp) {
                 $resultRedirect = $this->resultRedirectFactory->create();
                 $baseUrl = \Magento\Framework\App\Request\Http::getUrlNoScript($this->backendUrl->getBaseUrl());
                 $baseUrl = $baseUrl . $backendApp->getStartupPage();
                 return $resultRedirect->setUrl($baseUrl);
             }
         }
     }
     $this->_auth->getAuthStorage()->refreshAcl();
     return $proceed($request);
 }
Beispiel #3
0
 /**
  * Check url keys. If non valid - redirect
  *
  * @return bool
  */
 public function _processUrlKeys()
 {
     $_isValidFormKey = true;
     $_isValidSecretKey = true;
     $_keyErrorMsg = '';
     if ($this->_auth->isLoggedIn()) {
         if ($this->getRequest()->isPost()) {
             $_isValidFormKey = $this->_formKeyValidator->validate($this->getRequest());
             $_keyErrorMsg = __('Invalid Form Key. Please refresh the page.');
         } elseif ($this->_backendUrl->useSecretKey()) {
             $_isValidSecretKey = $this->_validateSecretKey();
             $_keyErrorMsg = __('You entered an invalid Secret Key. Please refresh the page.');
         }
     }
     if (!$_isValidFormKey || !$_isValidSecretKey) {
         $this->_actionFlag->set('', self::FLAG_NO_DISPATCH, true);
         $this->_actionFlag->set('', self::FLAG_NO_POST_DISPATCH, true);
         if ($this->getRequest()->getQuery('isAjax', false) || $this->getRequest()->getQuery('ajax', false)) {
             $this->getResponse()->representJson($this->_objectManager->get('Magento\\Framework\\Json\\Helper\\Data')->jsonEncode(['error' => true, 'message' => $_keyErrorMsg]));
         } else {
             $this->_redirect($this->_backendUrl->getStartupPageUrl());
         }
         return false;
     }
     return true;
 }
Beispiel #4
0
 /**
  * @param \Magento\Backend\App\AbstractAction $subject
  * @param callable $proceed
  * @param \Magento\Framework\App\RequestInterface $request
  *
  * @return mixed
  * @SuppressWarnings(PHPMD.UnusedFormalParameter)
  */
 public function aroundDispatch(\Magento\Backend\App\AbstractAction $subject, \Closure $proceed, \Magento\Framework\App\RequestInterface $request)
 {
     $requestedActionName = $request->getActionName();
     if (in_array($requestedActionName, $this->_openActions)) {
         $request->setDispatched(true);
     } else {
         if ($this->_auth->getUser()) {
             $this->_auth->getUser()->reload();
         }
         if (!$this->_auth->isLoggedIn()) {
             $this->_processNotLoggedInUser($request);
         } else {
             $this->_auth->getAuthStorage()->prolong();
         }
     }
     $this->_auth->getAuthStorage()->refreshAcl();
     return $proceed($request);
 }
Beispiel #5
0
 /**
  * {@inheritdoc}
  */
 public function isLoggedIn()
 {
     $pluginInfo = $this->pluginList->getNext($this->subjectType, 'isLoggedIn');
     if (!$pluginInfo) {
         return parent::isLoggedIn();
     } else {
         return $this->___callPlugins('isLoggedIn', func_get_args(), $pluginInfo);
     }
 }
Beispiel #6
0
 /**
  * Disabled form security in order to prevent exit from the app
  * @magentoAdminConfigFixture admin/security/session_lifetime 100
  */
 public function testIsLoggedIn()
 {
     $this->_model->login(\Magento\TestFramework\Bootstrap::ADMIN_NAME, \Magento\TestFramework\Bootstrap::ADMIN_PASSWORD);
     $this->assertTrue($this->_model->isLoggedIn());
 }