Skip to content

Commit

Permalink
Merge pull request #5417 from magento-engcom/2.4-develop-engcom-deliv…
Browse files Browse the repository at this point in the history 
…ery-prs

[Magento Community Engineering] Community Contributions
  • Loading branch information
@lenaorobei
lenaorobei authored Mar 3, 2020
2 parents e38ccf4 + 991e779 commit 5a9fcab
Show file tree
Hide file tree
Showing 44 changed files with 1,632 additions and 785 deletions.
254 changes: 140 additions & 114 deletions app/code/Magento/Backend/App/AbstractAction.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,11 +3,26 @@
* Copyright © Magento, Inc. All rights reserved.
* See COPYING.txt for license details.
*/

namespace Magento\Backend\App;

use Magento\Backend\App\Action\Context;
use Magento\Backend\Helper\Data as BackendHelper;
use Magento\Backend\Model\Auth;
use Magento\Backend\Model\Session;
use Magento\Backend\Model\UrlInterface;
use Magento\Framework\App\RequestInterface;
use Magento\Framework\AuthorizationInterface;
use Magento\Framework\Data\Form\FormKey\Validator as FormKeyValidator;
use Magento\Framework\Locale\ResolverInterface;
use Magento\Framework\View\Element\AbstractBlock;

/**
* Generic backend controller
*
* @deprecated Use \Magento\Framework\App\ActionInterface
*
* phpcs:disable Magento2.Classes.AbstractApi
* @api
* @SuppressWarnings(PHPMD.NumberOfChildren)
* @SuppressWarnings(PHPMD.CouplingBetweenObjects)
Expand Down Expand Up @@ -45,32 +60,32 @@ abstract class AbstractAction extends \Magento\Framework\App\Action\Action
protected $_sessionNamespace = self::SESSION_NAMESPACE;

/**
* @var \Magento\Backend\Helper\Data
* @var BackendHelper
*/
protected $_helper;

/**
* @var \Magento\Backend\Model\Session
* @var Session
*/
protected $_session;

/**
* @var \Magento\Framework\AuthorizationInterface
* @var AuthorizationInterface
*/
protected $_authorization;

/**
* @var \Magento\Backend\Model\Auth
* @var Auth
*/
protected $_auth;

/**
* @var \Magento\Backend\Model\UrlInterface
* @var UrlInterface
*/
protected $_backendUrl;

/**
* @var \Magento\Framework\Locale\ResolverInterface
* @var ResolverInterface
*/
protected $_localeResolver;

Expand All @@ -80,14 +95,14 @@ abstract class AbstractAction extends \Magento\Framework\App\Action\Action
protected $_canUseBaseUrl;

/**
* @var \Magento\Framework\Data\Form\FormKey\Validator
* @var FormKeyValidator
*/
protected $_formKeyValidator;

/**
* @param \Magento\Backend\App\Action\Context $context
* @param Context $context
*/
public function __construct(Action\Context $context)
public function __construct(Context $context)
{
parent::__construct($context);
$this->_authorization = $context->getAuthorization();
Expand All @@ -101,6 +116,95 @@ public function __construct(Action\Context $context)
}

/**
* Dispatches the Action
*
* @param RequestInterface $request
* @return \Magento\Framework\App\ResponseInterface
*/
public function dispatch(RequestInterface $request)
{
if ($request->isDispatched() && $request->getActionName() !== 'denied' && !$this->_isAllowed()) {
$this->_response->setStatusHeader(403, '1.1', 'Forbidden');
if (!$this->_auth->isLoggedIn()) {
return $this->_redirect('*/auth/login');
}

$this->_view->loadLayout(['default', 'adminhtml_denied'], true, true, false);
$this->_view->renderLayout();
$this->_request->setDispatched(true);

return $this->_response;
}

if ($this->_isUrlChecked()) {
$this->_actionFlag->set('', self::FLAG_IS_URLS_CHECKED, true);
}

$this->_processLocaleSettings();

// Need to preload isFirstPageAfterLogin (see https://github.com/magento/magento2/issues/15510)
if ($this->_auth->isLoggedIn()) {
$this->_auth->getAuthStorage()->isFirstPageAfterLogin();
}

return parent::dispatch($request);
}

/**
* Check url keys. If non valid - redirect
*
* @return bool
*
* @see \Magento\Backend\App\Request\BackendValidator for default request validation.
*/
public function _processUrlKeys()
{
$_isValidFormKey = true;
$_isValidSecretKey = true;
$_keyErrorMsg = '';
if ($this->_auth->isLoggedIn()) {
if ($this->getRequest()->isPost()) {
$_isValidFormKey = $this->_formKeyValidator->validate($this->getRequest());
$_keyErrorMsg = __('Invalid Form Key. Please refresh the page.');
} elseif ($this->_backendUrl->useSecretKey()) {
$_isValidSecretKey = $this->_validateSecretKey();
$_keyErrorMsg = __('You entered an invalid Secret Key. Please refresh the page.');
}
}
if (!$_isValidFormKey || !$_isValidSecretKey) {
$this->_actionFlag->set('', self::FLAG_NO_DISPATCH, true);
$this->_actionFlag->set('', self::FLAG_NO_POST_DISPATCH, true);
if ($this->getRequest()->getQuery('isAjax', false) || $this->getRequest()->getQuery('ajax', false)) {
$this->getResponse()->representJson(
$this->_objectManager->get(
\Magento\Framework\Json\Helper\Data::class
)->jsonEncode(
['error' => true, 'message' => $_keyErrorMsg]
)
);
} else {
$this->_redirect($this->_backendUrl->getStartupPageUrl());
}
return false;
}
return true;
}

/**
* Generate url by route and parameters
*
* @param string $route
* @param array $params
* @return string
*/
public function getUrl($route = '', $params = [])
{
return $this->_helper->getUrl($route, $params);
}

/**
* Determines whether current user is allowed to access Action
*
* @return bool
*/
protected function _isAllowed()
Expand All @@ -119,6 +223,8 @@ protected function _getSession()
}

/**
* Returns instantiated Message\ManagerInterface.
*
* @return \Magento\Framework\Message\ManagerInterface
*/
protected function getMessageManager()
Expand Down Expand Up @@ -146,6 +252,8 @@ protected function _setActiveMenu($itemId)
}

/**
* Adds element to Breadcrumbs block
*
* @param string $label
* @param string $title
* @param string|null $link
Expand All @@ -158,79 +266,51 @@ protected function _addBreadcrumb($label, $title, $link = null)
}

/**
* @param \Magento\Framework\View\Element\AbstractBlock $block
* Adds block to `content` block
*
* @param AbstractBlock $block
* @return $this
*/
protected function _addContent(\Magento\Framework\View\Element\AbstractBlock $block)
protected function _addContent(AbstractBlock $block)
{
return $this->_moveBlockToContainer($block, 'content');
}

/**
* @param \Magento\Framework\View\Element\AbstractBlock $block
* Moves Block to `left` container
*
* @param AbstractBlock $block
* @return $this
*/
protected function _addLeft(\Magento\Framework\View\Element\AbstractBlock $block)
protected function _addLeft(AbstractBlock $block)
{
return $this->_moveBlockToContainer($block, 'left');
}

/**
* @param \Magento\Framework\View\Element\AbstractBlock $block
* Adds Block to `js` container
*
* @param AbstractBlock $block
* @return $this
*/
protected function _addJs(\Magento\Framework\View\Element\AbstractBlock $block)
protected function _addJs(AbstractBlock $block)
{
return $this->_moveBlockToContainer($block, 'js');
}

/**
* Set specified block as an anonymous child to specified container
*
* The block will be moved to the container from previous parent after all other elements
* Set specified block as an anonymous child to specified container.
*
* @param \Magento\Framework\View\Element\AbstractBlock $block
* @param AbstractBlock $block
* @param string $containerName
* @return $this
*/
private function _moveBlockToContainer(\Magento\Framework\View\Element\AbstractBlock $block, $containerName)
private function _moveBlockToContainer(AbstractBlock $block, $containerName)
{
$this->_view->getLayout()->setChild($containerName, $block->getNameInLayout(), '');
return $this;
}

/**
* @param \Magento\Framework\App\RequestInterface $request
* @return \Magento\Framework\App\ResponseInterface
*/
public function dispatch(\Magento\Framework\App\RequestInterface $request)
{
if ($request->isDispatched() && $request->getActionName() !== 'denied' && !$this->_isAllowed()) {
$this->_response->setStatusHeader(403, '1.1', 'Forbidden');
if (!$this->_auth->isLoggedIn()) {
return $this->_redirect('*/auth/login');
}
$this->_view->loadLayout(['default', 'adminhtml_denied'], true, true, false);
$this->_view->renderLayout();
$this->_request->setDispatched(true);

return $this->_response;
}

if ($this->_isUrlChecked()) {
$this->_actionFlag->set('', self::FLAG_IS_URLS_CHECKED, true);
}

$this->_processLocaleSettings();

// Need to preload isFirstPageAfterLogin (see https://github.com/magento/magento2/issues/15510)
if ($this->_auth->isLoggedIn()) {
$this->_auth->getAuthStorage()->isFirstPageAfterLogin();
}

return parent::dispatch($request);
}

/**
* Check whether url is checked
*
Expand All @@ -239,55 +319,13 @@ public function dispatch(\Magento\Framework\App\RequestInterface $request)
protected function _isUrlChecked()
{
return !$this->_actionFlag->get('', self::FLAG_IS_URLS_CHECKED)
&& !$this->getRequest()->isForwarded()
&& !$this->_getSession()->getIsUrlNotice(true)
&& !$this->_canUseBaseUrl;
}

/**
* Check url keys. If non valid - redirect
*
* @return bool
*
* @see \Magento\Backend\App\Request\BackendValidator for default
* request validation.
*/
public function _processUrlKeys()
{
$_isValidFormKey = true;
$_isValidSecretKey = true;
$_keyErrorMsg = '';
if ($this->_auth->isLoggedIn()) {
if ($this->getRequest()->isPost()) {
$_isValidFormKey = $this->_formKeyValidator->validate($this->getRequest());
$_keyErrorMsg = __('Invalid Form Key. Please refresh the page.');
} elseif ($this->_backendUrl->useSecretKey()) {
$_isValidSecretKey = $this->_validateSecretKey();
$_keyErrorMsg = __('You entered an invalid Secret Key. Please refresh the page.');
}
}
if (!$_isValidFormKey || !$_isValidSecretKey) {
$this->_actionFlag->set('', self::FLAG_NO_DISPATCH, true);
$this->_actionFlag->set('', self::FLAG_NO_POST_DISPATCH, true);
if ($this->getRequest()->getQuery('isAjax', false) || $this->getRequest()->getQuery('ajax', false)) {
$this->getResponse()->representJson(
$this->_objectManager->get(
\Magento\Framework\Json\Helper\Data::class
)->jsonEncode(
['error' => true, 'message' => $_keyErrorMsg]
)
);
} else {
$this->_redirect($this->_backendUrl->getStartupPageUrl());
}
return false;
}
return true;
&& !$this->getRequest()->isForwarded()
&& !$this->_getSession()->getIsUrlNotice(true)
&& !$this->_canUseBaseUrl;
}

/**
* Set session locale,
* process force locale set through url params
* Set session locale, process force locale set through url params
*
* @return $this
*/
Expand All @@ -309,8 +347,8 @@ protected function _processLocaleSettings()
* Set redirect into response
*
* @TODO MAGETWO-28356: Refactor controller actions to new ResultInterface
* @param string $path
* @param array $arguments
* @param string $path
* @param array $arguments
* @return \Magento\Framework\App\ResponseInterface
*/
protected function _redirect($path, $arguments = [])
Expand All @@ -333,19 +371,7 @@ protected function _redirect($path, $arguments = [])
protected function _forward($action, $controller = null, $module = null, array $params = null)
{
$this->_getSession()->setIsUrlNotice($this->_actionFlag->get('', self::FLAG_IS_URLS_CHECKED));
return parent::_forward($action, $controller, $module, $params);
}

/**
* Generate url by route and parameters
*
* @param string $route
* @param array $params
* @return string
*/
public function getUrl($route = '', $params = [])
{
return $this->_helper->getUrl($route, $params);
parent::_forward($action, $controller, $module, $params);
}

/**
Expand All @@ -359,7 +385,7 @@ protected function _validateSecretKey()
return true;
}

$secretKey = $this->getRequest()->getParam(\Magento\Backend\Model\UrlInterface::SECRET_KEY_PARAM_NAME, null);
$secretKey = $this->getRequest()->getParam(UrlInterface::SECRET_KEY_PARAM_NAME, null);
if (!$secretKey || $secretKey != $this->_backendUrl->getSecretKey()) {
return false;
}
Expand Down
Loading

0 comments on commit 5a9fcab

Please sign in to comment.