public function testUseSecretKey() { $this->_model->setNoSecret(true); $this->assertFalse($this->_model->useSecretKey()); $this->_model->setNoSecret(false); $this->assertTrue($this->_model->useSecretKey()); }
/** * Check url keys. If non valid - redirect * * @return bool */ public function _processUrlKeys() { $_isValidFormKey = true; $_isValidSecretKey = true; $_keyErrorMsg = ''; if ($this->_auth->isLoggedIn()) { if ($this->getRequest()->isPost()) { $_isValidFormKey = $this->_formKeyValidator->validate($this->getRequest()); $_keyErrorMsg = __('Invalid Form Key. Please refresh the page.'); } elseif ($this->_backendUrl->useSecretKey()) { $_isValidSecretKey = $this->_validateSecretKey(); $_keyErrorMsg = __('You entered an invalid Secret Key. Please refresh the page.'); } } if (!$_isValidFormKey || !$_isValidSecretKey) { $this->_actionFlag->set('', self::FLAG_NO_DISPATCH, true); $this->_actionFlag->set('', self::FLAG_NO_POST_DISPATCH, true); if ($this->getRequest()->getQuery('isAjax', false) || $this->getRequest()->getQuery('ajax', false)) { $this->getResponse()->representJson($this->_objectManager->get('Magento\\Framework\\Json\\Helper\\Data')->jsonEncode(['error' => true, 'message' => $_keyErrorMsg])); } else { $this->_redirect($this->_backendUrl->getStartupPageUrl()); } return false; } return true; }
/** * Process of configuring of current auth storage when login was performed * * @return \Magento\Backend\Model\Auth\Session */ public function processLogin() { if ($this->getUser()) { $this->regenerateId(); if ($this->_backendUrl->useSecretKey()) { $this->_backendUrl->renewSecretUrls(); } $this->setIsFirstPageAfterLogin(true); $this->setAcl($this->_aclBuilder->getAcl()); $this->setUpdatedAt(time()); } return $this; }
/** * Checks, whether Magento requires redirection after successful admin login, and redirects user, if needed * * @param \Magento\Framework\App\RequestInterface $request * @return bool */ protected function _redirectIfNeededAfterLogin(\Magento\Framework\App\RequestInterface $request) { $requestUri = null; // Checks, whether secret key is required for admin access or request uri is explicitly set if ($this->_url->useSecretKey()) { $requestUri = $this->_url->getUrl('*/*/*', ['_current' => true]); } elseif ($request) { $requestUri = $request->getRequestUri(); } if (!$requestUri) { return false; } $this->_response->setRedirect($requestUri); $this->_actionFlag->set('', \Magento\Framework\App\ActionInterface::FLAG_NO_DISPATCH, true); return true; }