/**
* Disabled form security in order to prevent exit from the app
* @magentoConfigFixture current_store admin/security/session_lifetime 59
*/
public function testIsLoggedInWithIgnoredLifetime()
{
$this->_auth->login(\Magento\TestFramework\Bootstrap::ADMIN_NAME, \Magento\TestFramework\Bootstrap::ADMIN_PASSWORD);
$this->assertTrue($this->_model->isLoggedIn());
$this->_model->setUpdatedAt(time() - 101);
$this->assertTrue($this->_model->isLoggedIn());
}
/**
* Match provided request and if matched - return corresponding controller
*
* @param \Magento\Framework\App\RequestInterface $request
* @return \Magento\Framework\App\Action\Action|null
*/
public function match(\Magento\Framework\App\RequestInterface $request)
{
// if URL has VDE prefix
if (!$this->_designEditorHelper->isVdeRequest($request)) {
return null;
}
// user must be logged in admin area
if (!$this->_session->isLoggedIn()) {
return null;
}
// prepare request to imitate
$this->_prepareVdeRequest($request);
/**
* Deprecated line of code was here which should be adopted if needed:
* $this->_urlRewriteService->applyRewrites($request);
*/
// match routers
$controller = null;
$routers = $this->_getMatchedRouters();
/** @var $router \Magento\Framework\App\RouterInterface */
foreach ($routers as $router) {
/** @var $controller \Magento\Framework\App\Action\AbstractAction */
$controller = $router->match($request);
if ($controller) {
$this->_state->update(\Magento\Framework\App\Area::AREA_FRONTEND, $request);
break;
}
}
// set inline translation mode
$this->_designEditorHelper->setTranslationMode($request);
return $controller;
}
/**
* Predispath admin action controller
*
* @param \Magento\Framework\Event\Observer $observer
* @return void
*/
public function execute(\Magento\Framework\Event\Observer $observer)
{
if ($this->backendAuthSession->isLoggedIn()) {
$feedModel = $this->feedFactory->create();
$feedModel->checkUpdate();
}
}
/**
* @dataProvider loginDataProvider
*/
public function testIsLoggedIn($loggedIn)
{
if ($loggedIn) {
$this->auth->login(\Magento\TestFramework\Bootstrap::ADMIN_NAME, \Magento\TestFramework\Bootstrap::ADMIN_PASSWORD);
}
$this->assertEquals($loggedIn, $this->authSession->isLoggedIn());
}
/**
* Predispath admin action controller
*
* @param \Magento\Framework\Event\Observer $observer
* @return void
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
public function execute(\Magento\Framework\Event\Observer $observer)
{
if ($this->_backendAuthSession->isLoggedIn()) {
$feedModel = $this->_feedFactory->create();
/* @var $feedModel \Magento\AdminNotification\Model\Feed */
$feedModel->checkUpdate();
}
}
public function testIsLoggedInPositive()
{
$lifetime = 900;
$user = $this->getMock('Magento\\User\\Model\\User', ['getId', '__wakeup'], [], '', false);
$user->expects($this->once())->method('getId')->will($this->returnValue(1));
$this->session->setUpdatedAt(time() + $lifetime);
// Emulate just updated session
$this->storage->expects($this->any())->method('getUser')->will($this->returnValue($user));
$this->config->expects($this->once())->method('getValue')->with(\Magento\Backend\Model\Auth\Session::XML_PATH_SESSION_LIFETIME)->will($this->returnValue($lifetime));
$this->assertTrue($this->session->isLoggedIn());
}
/**
* Adds New Relic custom parameters per adminhtml request for current admin user, if applicable
*
* @param Observer $observer
* @return void
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
public function execute(Observer $observer)
{
if ($this->config->isNewRelicEnabled()) {
if ($this->backendAuthSession->isLoggedIn()) {
$user = $this->backendAuthSession->getUser();
$this->newRelicWrapper->addCustomParameter(Config::ADMIN_USER_ID, $user->getId());
$this->newRelicWrapper->addCustomParameter(Config::ADMIN_USER, $user->getUsername());
$this->newRelicWrapper->addCustomParameter(Config::ADMIN_NAME, $user->getFirstname() . ' ' . $user->getLastname());
}
}
}
/**
* Reports concurrent admins to the database reporting_users table
*
* @param Observer $observer
* @return void
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
public function execute(Observer $observer)
{
if ($this->config->isNewRelicEnabled()) {
if ($this->backendAuthSession->isLoggedIn()) {
$user = $this->backendAuthSession->getUser();
$jsonData = ['id' => $user->getId(), 'username' => $user->getUsername(), 'name' => $user->getFirstname() . ' ' . $user->getLastname()];
$modelData = ['type' => 'admin_activity', 'action' => $this->jsonEncoder->encode($jsonData)];
/** @var \Magento\NewRelicReporting\Model\Users $usersModel */
$usersModel = $this->usersFactory->create();
$usersModel->setData($modelData);
$usersModel->save();
}
}
}
/**
* Force admin to change password
*
* @param EventObserver $observer
* @return void
*/
public function execute(EventObserver $observer)
{
if (!$this->observerConfig->isPasswordChangeForced()) {
return;
}
if (!$this->authSession->isLoggedIn()) {
return;
}
$actionList = ['adminhtml_system_account_index', 'adminhtml_system_account_save', 'adminhtml_auth_logout'];
/** @var \Magento\Framework\App\Action\Action $controller */
$controller = $observer->getEvent()->getControllerAction();
/** @var \Magento\Framework\App\RequestInterface $request */
$request = $observer->getEvent()->getRequest();
if ($this->authSession->getPciAdminUserIsPasswordExpired()) {
if (!in_array($request->getFullActionName(), $actionList)) {
if ($this->authorization->isAllowed('Magento_Backend::myaccount')) {
$controller->getResponse()->setRedirect($this->url->getUrl('adminhtml/system_account/'));
$this->actionFlag->set('', \Magento\Framework\App\Action\Action::FLAG_NO_DISPATCH, true);
$this->actionFlag->set('', \Magento\Framework\App\Action\Action::FLAG_NO_POST_DISPATCH, true);
} else {
/*
* if admin password is expired and access to 'My Account' page is denied
* than we need to do force logout with error message
*/
$this->authSession->clearStorage();
$this->session->clearStorage();
$this->messageManager->addErrorMessage(__('Your password has expired; please contact your administrator.'));
$controller->getRequest()->setDispatched(false);
}
}
}
}
/**
* @covers \Magento\Backend\Controller\Adminhtml\Auth::logoutAction
* @magentoDbIsolation enabled
*/
public function testLogoutAction()
{
$this->_login();
$this->dispatch('backend/admin/auth/logout');
$this->assertRedirect($this->equalTo(\Magento\TestFramework\Helper\Bootstrap::getObjectManager()->get('Magento\\Backend\\Helper\\Data')->getHomePageUrl()));
$this->assertFalse($this->_session->isLoggedIn(), 'User is not logged out.');
}
public function testIsLoggedInPositive()
{
$user = $this->getMock('Magento\\User\\Model\\User', ['getId', '__wakeup'], [], '', false);
$user->expects($this->once())->method('getId')->will($this->returnValue(1));
$this->storage->expects($this->any())->method('getUser')->will($this->returnValue($user));
$this->assertTrue($this->session->isLoggedIn());
}
/**
* {@inheritdoc}
*/
public function isLoggedIn()
{
$pluginInfo = $this->pluginList->getNext($this->subjectType, 'isLoggedIn');
if (!$pluginInfo) {
return parent::isLoggedIn();
} else {
return $this->___callPlugins('isLoggedIn', func_get_args(), $pluginInfo);
}
}
protected function isBackendOrder()
{
return $this->backendAuthSession->isLoggedIn();
}
