Merge remote-tracking branch 'commerce/2.4-develop' into PWA-1654

Author: amolina-adobe

app/code/Magento/AdvancedPricingImportExport/Controller/Adminhtml/Export/GetFilter.php

@@ -34,8 +34,8 @@ public function execute()
                 /** @var $export \Magento\ImportExport\Model\Export */
                 $export = $this->_objectManager->create(\Magento\ImportExport\Model\Export::class);
                 $export->setData($data);
-                $attrFilterBlock->prepareCollection(
-                    $export->filterAttributeCollection($export->getEntityAttributeCollection())
+                $export->filterAttributeCollection(
+                    $attrFilterBlock->prepareCollection($export->getEntityAttributeCollection())
                 );
                 return $resultLayout;
             } catch (\Exception $e) {

app/code/Magento/Analytics/Test/Mftf/Test/AdminAdvancedReportingButtonTest.xml

@@ -9,14 +9,12 @@
         xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
     <test name="AdminAdvancedReportingButtonTest">
         <annotations>
-            <stories value="AdvancedReporting"/>
-            <title value="AdvancedReportingButtonTest"/>
-            <description value="Test log in to AdvancedReporting and tests AdvancedReportingButtonTest"/>
-            <testCaseId value="MC-14800"/>
-            <skip>
-                <issueId value="MC-14800" />
-            </skip>
+            <features value="Analytics"/>
+            <stories value="Advanced Reporting"/>
+            <title value="Assert the Advanced Reporting page is opened by dashboard link"/>
+            <description value="Check the ability to navigate to the Advanced Reporting page through the Advanced Reporting button on the dashboard"/>
             <severity value="CRITICAL"/>
+            <testCaseId value="MC-28376"/>
             <group value="analytics"/>
             <group value="mtf_migrated"/>
         </annotations>

app/code/Magento/Backend/App/Action/Plugin/Authentication.php

@@ -225,8 +225,10 @@ protected function _redirectIfNeededAfterLogin(\Magento\Framework\App\RequestInt
 
         // Checks, whether secret key is required for admin access or request uri is explicitly set
         if ($this->_url->useSecretKey()) {
-            $requestParts = explode('/', trim($request->getRequestUri(), '/'), 2);
-            $requestUri = $this->_url->getUrl(array_pop($requestParts));
+            $requestParts = explode('/', trim($request->getRequestUri(), '/'), 3);
+            $baseUrlPath = trim(parse_url($this->backendUrl->getBaseUrl(), PHP_URL_PATH), '/');
+            $routeIndex = empty($baseUrlPath) ? 0 : 1;
+            $requestUri = $this->_url->getUrl($requestParts[$routeIndex]);
         } elseif ($request) {
             $requestUri = $request->getRequestUri();
         }

app/code/Magento/Backend/Block/Dashboard/Bar.php

@@ -5,6 +5,7 @@
  */
 namespace Magento\Backend\Block\Dashboard;
 
+use Magento\Directory\Model\Currency;
 use Magento\Store\Model\Store;
 
 /**
@@ -20,10 +21,15 @@ class Bar extends \Magento\Backend\Block\Dashboard\AbstractDashboard
     protected $_totals = [];
 
     /**
-     * @var \Magento\Directory\Model\Currency|null
+     * @var Currency|null
      */
     protected $_currentCurrencyCode = null;
 
+    /**
+     * @var Currency
+     */
+    private $_currency;
+
     /**
      * Get totals
      *
@@ -67,7 +73,7 @@ public function format($price)
     /**
      * Setting currency model
      *
-     * @param \Magento\Directory\Model\Currency $currency
+     * @param Currency $currency
      * @return void
      */
     public function setCurrency($currency)
@@ -78,7 +84,7 @@ public function setCurrency($currency)
     /**
      * Retrieve currency model if not set then return currency model for current store
      *
-     * @return \Magento\Directory\Model\Currency
+     * @return Currency
      * @SuppressWarnings(PHPMD.RequestAwareBlockMethod)
      */
     public function getCurrency()

app/code/Magento/Backend/Controller/Adminhtml/Auth/Login.php

@@ -1,13 +1,17 @@
 <?php
 /**
- *
  * Copyright © Magento, Inc. All rights reserved.
  * See COPYING.txt for license details.
  */
 namespace Magento\Backend\Controller\Adminhtml\Auth;
 
+use Magento\Backend\App\Area\FrontNameResolver;
+use Magento\Backend\App\BackendAppList;
+use Magento\Backend\Model\UrlFactory;
 use Magento\Framework\App\Action\HttpGetActionInterface as HttpGet;
 use Magento\Framework\App\Action\HttpPostActionInterface as HttpPost;
+use Magento\Framework\App\ObjectManager;
+use Magento\Framework\App\Request\Http;
 
 /**
  * @api
@@ -20,18 +24,50 @@ class Login extends \Magento\Backend\Controller\Adminhtml\Auth implements HttpGe
      */
     protected $resultPageFactory;
 
+    /**
+     * @var FrontNameResolver
+     */
+    private $frontNameResolver;
+
+    /**
+     * @var BackendAppList
+     */
+    private $backendAppList;
+
+    /**
+     * @var UrlFactory
+     */
+    private $backendUrlFactory;
+
+    /**
+     * @var Http
+     */
+    private $http;
+
     /**
      * Constructor
      *
      * @param \Magento\Backend\App\Action\Context $context
      * @param \Magento\Framework\View\Result\PageFactory $resultPageFactory
+     * @param FrontNameResolver|null $frontNameResolver
+     * @param BackendAppList|null $backendAppList
+     * @param UrlFactory|null $backendUrlFactory
+     * @param Http|null $http
      */
     public function __construct(
         \Magento\Backend\App\Action\Context $context,
-        \Magento\Framework\View\Result\PageFactory $resultPageFactory
+        \Magento\Framework\View\Result\PageFactory $resultPageFactory,
+        FrontNameResolver $frontNameResolver = null,
+        BackendAppList $backendAppList = null,
+        UrlFactory $backendUrlFactory = null,
+        Http $http = null
     ) {
         $this->resultPageFactory = $resultPageFactory;
         parent::__construct($context);
+        $this->frontNameResolver = $frontNameResolver ?? ObjectManager::getInstance()->get(FrontNameResolver::class);
+        $this->backendAppList = $backendAppList ?? ObjectManager::getInstance()->get(BackendAppList::class);
+        $this->backendUrlFactory = $backendUrlFactory ?? ObjectManager::getInstance()->get(UrlFactory::class);
+        $this->http = $http ?? ObjectManager::getInstance()->get(Http::class);
     }
 
     /**
@@ -49,7 +85,8 @@ public function execute()
         }
 
         $requestUrl = $this->getRequest()->getUri();
-        if (!$requestUrl->isValid()) {
+
+        if (!$requestUrl->isValid() || !$this->isValidBackendUri()) {
             return $this->getRedirect($this->getUrl('*'));
         }
 
@@ -69,4 +106,26 @@ private function getRedirect($path)
         $resultRedirect->setPath($path);
         return $resultRedirect;
     }
+
+    /**
+     * Verify if correct backend uri requested.
+     *
+     * @return bool
+     */
+    private function isValidBackendUri(): bool
+    {
+        $requestUri = $this->getRequest()->getRequestUri();
+        $backendApp = $this->backendAppList->getCurrentApp();
+        $baseUrl = parse_url($this->backendUrlFactory->create()->getBaseUrl(), PHP_URL_PATH);
+        if (!$backendApp) {
+            $backendFrontName = $this->frontNameResolver->getFrontName();
+        } else {
+            //In case of application authenticating through the admin login, the script name should be removed
+            //from the path, because application has own script.
+            $baseUrl = $this->http->getUrlNoScript($baseUrl);
+            $backendFrontName = $backendApp->getCookiePath();
+        }
+
+        return strpos($requestUri, $baseUrl . $backendFrontName) === 0;
+    }
 }

app/code/Magento/Backend/Controller/Adminhtml/Dashboard/RefreshStatistics.php

@@ -6,25 +6,33 @@
 
 namespace Magento\Backend\Controller\Adminhtml\Dashboard;
 
+use Magento\Backend\App\Action\Context;
 use Magento\Framework\App\Action\HttpPostActionInterface;
+use Magento\Framework\Stdlib\DateTime\Filter\Date;
 use Magento\Reports\Controller\Adminhtml\Report\Statistics;
+use Psr\Log\LoggerInterface;
 
 /**
  * Refresh Dashboard statistics action.
  */
 class RefreshStatistics extends Statistics implements HttpPostActionInterface
 {
     /**
-     * @param \Magento\Backend\App\Action\Context $context
-     * @param \Magento\Framework\Stdlib\DateTime\Filter\Date $dateFilter
+     * @var LoggerInterface
+     */
+    private $logger;
+
+    /**
+     * @param Context $context
+     * @param Date $dateFilter
      * @param array $reportTypes
-     * @param \Psr\Log\LoggerInterface $logger
+     * @param LoggerInterface $logger
      */
     public function __construct(
-        \Magento\Backend\App\Action\Context $context,
-        \Magento\Framework\Stdlib\DateTime\Filter\Date $dateFilter,
+        Context $context,
+        Date $dateFilter,
         array $reportTypes,
-        \Psr\Log\LoggerInterface $logger
+        LoggerInterface $logger
     ) {
         parent::__construct($context, $dateFilter, $reportTypes);
         $this->logger = $logger;

app/code/Magento/Backend/Model/Menu/Config.php

@@ -63,6 +63,11 @@ class Config
      */
     protected $_appState;
 
+    /**
+     * @var Builder
+     */
+    private $_menuBuilder;
+
     /**
      * @param \Magento\Backend\Model\Menu\Builder $menuBuilder
      * @param \Magento\Backend\Model\Menu\AbstractDirector $menuDirector

app/code/Magento/Backend/Test/Mftf/Data/AdminWebConfigData.xml

@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<entities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:noNamespaceSchemaLocation="urn:magento:mftf:DataGenerator/etc/dataProfileSchema.xsd">
+    <entity name="AdminEnableUrlRewritesConfigData">
+        <data key="path">web/seo/use_rewrites</data>
+        <data key="value">1</data>
+    </entity>
+    <entity name="AdminDisableUrlRewritesConfigData">
+        <data key="path">web/seo/use_rewrites</data>
+        <data key="value">0</data>
+    </entity>
+</entities>

app/code/Magento/Backend/Test/Mftf/Data/SystemUploadConfigurationConfigData.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+<entities xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+          xsi:noNamespaceSchemaLocation="urn:magento:mftf:DataGenerator/etc/dataProfileSchema.xsd">
+    <entity name="SystemUploadConfigurationMaxWidth">
+        <data key="path">system/upload_configuration/max_width</data>
+        <data key="value">1920</data>
+    </entity>
+    <entity name="SystemUploadConfigurationMaxHeight">
+        <data key="path">system/upload_configuration/max_height</data>
+        <data key="value">1200</data>
+    </entity>
+</entities>

app/code/Magento/Backend/Test/Mftf/Test/AdminLoginSuccessfulWithRewritesDisabledTest.xml

@@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<tests xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
+    <test name="AdminLoginSuccessfulWithRewritesDisabledTest">
+        <annotations>
+            <features value="Backend"/>
+            <stories value="Login on the Admin Login page"/>
+            <title
+                value="Admin should be able to log into the Magento Admin backend successfully if url rewrites are disabled"/>
+            <description
+                value="Admin should be able to log into the Magento Admin backend successfully if url rewrites are disabled"/>
+            <severity value="CRITICAL"/>
+            <group value="example"/>
+            <group value="login"/>
+        </annotations>
+
+        <before>
+            <magentoCLI command="config:set {{AdminDisableUrlRewritesConfigData.path}} {{AdminDisableUrlRewritesConfigData.value}}" stepKey="disableUrlRewrites"/>
+        </before>
+        <after>
+            <magentoCLI command="config:set {{AdminEnableUrlRewritesConfigData.path}} {{AdminEnableUrlRewritesConfigData.value}}" stepKey="enableUrlRewrites"/>
+        </after>
+
+        <actionGroup ref="AdminLoginActionGroup" stepKey="loginAsAdmin"/>
+        <actionGroup ref="AssertAdminSuccessLoginActionGroup" stepKey="assertLoggedIn"/>
+        <actionGroup ref="AdminLogoutActionGroup" stepKey="logoutFromAdmin"/>
+    </test>
+</tests>