From df20ae184f493825627219cadb0e3f0f0e5c6947 Mon Sep 17 00:00:00 2001
From: Aapo Kiiso <aapo@lamia.fi>
Date: Tue, 17 Nov 2020 15:12:33 +0200
Subject: [PATCH 1/5] Allow backend login without redirect

---
 .../Magento/Backend/Controller/Adminhtml/Auth/Login.php     | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/app/code/Magento/Backend/Controller/Adminhtml/Auth/Login.php b/app/code/Magento/Backend/Controller/Adminhtml/Auth/Login.php
index 1de77c810f316..18de812b2fa9d 100644
--- a/app/code/Magento/Backend/Controller/Adminhtml/Auth/Login.php
+++ b/app/code/Magento/Backend/Controller/Adminhtml/Auth/Login.php
@@ -48,12 +48,6 @@ public function execute()
             return $this->getRedirect($this->_backendUrl->getStartupPageUrl());
         }
 
-        $requestUrl = $this->getRequest()->getUri();
-        $backendUrl = $this->getUrl('*');
-        // redirect according to rewrite rule
-        if ($requestUrl != $backendUrl) {
-            return $this->getRedirect($backendUrl);
-        }
         return $this->resultPageFactory->create();
     }
 

From 760a4e362ec11ffaec8e317c16fbea9e5557de45 Mon Sep 17 00:00:00 2001
From: Aapo Kiiso <aapo@lamia.fi>
Date: Wed, 9 Dec 2020 08:53:52 +0200
Subject: [PATCH 2/5] Fix test to check that login form is visible after admin
 expiration

---
 .../Test/Mftf/Test/AdminNavigateWhileUserExpiredTest.xml        | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/code/Magento/Security/Test/Mftf/Test/AdminNavigateWhileUserExpiredTest.xml b/app/code/Magento/Security/Test/Mftf/Test/AdminNavigateWhileUserExpiredTest.xml
index dc88ad9d2cbf1..4996992c70245 100644
--- a/app/code/Magento/Security/Test/Mftf/Test/AdminNavigateWhileUserExpiredTest.xml
+++ b/app/code/Magento/Security/Test/Mftf/Test/AdminNavigateWhileUserExpiredTest.xml
@@ -48,7 +48,7 @@
         <wait time="120" stepKey="waitForUserToExpire"/>
         <actionGroup ref="AdminOpenCustomersGridActionGroup" stepKey="navigateToCustomers"/>
         <!-- Confirm that user is logged out -->
-        <seeInCurrentUrl url="{{AdminLoginPage.url}}" stepKey="seeAdminLoginUrl"/>
+        <seeElement selector="{{AdminLoginFormSection.loginBlock}}" stepKey="assertAdminLoginPageIsAvailable"/>
 
         <!-- Delete created user -->
         <actionGroup ref="AdminLoginActionGroup" stepKey="loginAsAdmin"/>

From 73ef59b9e0a3a1f7ada74bdd00f7168d7106ace1 Mon Sep 17 00:00:00 2001
From: "vadim.malesh" <engcom-vendorworker-charlie@adobe.com>
Date: Fri, 18 Dec 2020 16:43:36 +0200
Subject: [PATCH 3/5] magento/magento2#30950 allow login without redirect when
 using a secret key

---
 app/code/Magento/Backend/App/Action/Plugin/Authentication.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/code/Magento/Backend/App/Action/Plugin/Authentication.php b/app/code/Magento/Backend/App/Action/Plugin/Authentication.php
index 4b25e9921e404..519db00d6439d 100644
--- a/app/code/Magento/Backend/App/Action/Plugin/Authentication.php
+++ b/app/code/Magento/Backend/App/Action/Plugin/Authentication.php
@@ -225,7 +225,8 @@ protected function _redirectIfNeededAfterLogin(\Magento\Framework\App\RequestInt
 
         // Checks, whether secret key is required for admin access or request uri is explicitly set
         if ($this->_url->useSecretKey()) {
-            $requestUri = $this->_url->getUrl('*/*/*', ['_current' => true]);
+            $requestParts = explode('/', trim($request->getRequestUri(), '/'), 2);
+            $requestUri = $this->_url->getUrl(array_pop($requestParts));
         } elseif ($request) {
             $requestUri = $request->getRequestUri();
         }

From 217c32c91a960a28f648efe9653fc3517af65779 Mon Sep 17 00:00:00 2001
From: "vadim.malesh" <engcom-vendorworker-charlie@adobe.com>
Date: Mon, 21 Dec 2020 13:54:58 +0200
Subject: [PATCH 4/5] redirect to backend if request uri isn't valid

---
 app/code/Magento/Backend/Controller/Adminhtml/Auth/Login.php | 5 +++++
 app/code/Magento/User/Controller/Adminhtml/User/Save.php     | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/app/code/Magento/Backend/Controller/Adminhtml/Auth/Login.php b/app/code/Magento/Backend/Controller/Adminhtml/Auth/Login.php
index 18de812b2fa9d..16be2cf1343eb 100644
--- a/app/code/Magento/Backend/Controller/Adminhtml/Auth/Login.php
+++ b/app/code/Magento/Backend/Controller/Adminhtml/Auth/Login.php
@@ -48,6 +48,11 @@ public function execute()
             return $this->getRedirect($this->_backendUrl->getStartupPageUrl());
         }
 
+        $requestUrl = $this->getRequest()->getUri();
+        if (!$requestUrl->isValid()) {
+            return $this->getRedirect($this->getUrl('*'));
+        }
+
         return $this->resultPageFactory->create();
     }
 
diff --git a/app/code/Magento/User/Controller/Adminhtml/User/Save.php b/app/code/Magento/User/Controller/Adminhtml/User/Save.php
index 521c09f7b7707..72024a85bef13 100644
--- a/app/code/Magento/User/Controller/Adminhtml/User/Save.php
+++ b/app/code/Magento/User/Controller/Adminhtml/User/Save.php
@@ -105,7 +105,7 @@ public function execute()
             $this->getSecurityCookie()->setLogoutReasonCookie(
                 \Magento\Security\Model\AdminSessionsManager::LOGOUT_REASON_USER_LOCKED
             );
-            $this->_redirect('adminhtml/*/');
+            $this->_redirect('*');
         } catch (NotificationExceptionInterface $exception) {
             $this->messageManager->addErrorMessage($exception->getMessage());
         } catch (\Magento\Framework\Exception\AuthenticationException $e) {

From 6e3b5b09fc4208c6a0545b70a0c2c8771f491744 Mon Sep 17 00:00:00 2001
From: "vadim.malesh" <engcom-vendorworker-charlie@adobe.com>
Date: Mon, 21 Dec 2020 13:56:25 +0200
Subject: [PATCH 5/5] added a comment to prevent bic

---
 .../Test/Mftf/Test/AdminNavigateWhileUserExpiredTest.xml         | 1 +
 1 file changed, 1 insertion(+)

diff --git a/app/code/Magento/Security/Test/Mftf/Test/AdminNavigateWhileUserExpiredTest.xml b/app/code/Magento/Security/Test/Mftf/Test/AdminNavigateWhileUserExpiredTest.xml
index 4996992c70245..c7bfdd8bb9e98 100644
--- a/app/code/Magento/Security/Test/Mftf/Test/AdminNavigateWhileUserExpiredTest.xml
+++ b/app/code/Magento/Security/Test/Mftf/Test/AdminNavigateWhileUserExpiredTest.xml
@@ -48,6 +48,7 @@
         <wait time="120" stepKey="waitForUserToExpire"/>
         <actionGroup ref="AdminOpenCustomersGridActionGroup" stepKey="navigateToCustomers"/>
         <!-- Confirm that user is logged out -->
+        <comment userInput="Comment is added to preserve the step key for backward compatibility" stepKey="seeAdminLoginUrl"/>
         <seeElement selector="{{AdminLoginFormSection.loginBlock}}" stepKey="assertAdminLoginPageIsAvailable"/>
 
         <!-- Delete created user -->