Merge branch 'develop' into nord_develop

Author: Denys Rudchenko

CHANGELOG.md

@@ -1,3 +1,39 @@
+0.74.0-beta11
+=============
+* Framework improvements:
+    * Improved component Bookmarks component in scope of Enhanced Data Grids on CMS
+    * Improved component Advanced Filtering component in scope of Enhanced Data Grids on CMS
+* Fixed bugs:
+    * Fixed an issue where incorrect keys in REST request body allowed the request to go through successfully
+    * Fixed an issue where interceptors were Generated with Invalid __wakeup() 
+    * Fixed an issue where redirect on the current page was not working in certain conditions
+    * Fixed an issue where first store could not be selected on frontend
+    * Fixed an issue with performance toolkit category creation
+    * Fixed an issue when columns 'Interval', 'Price Rule' had incorrect values in Coupon Usage report
+    * Fixed an issue where fatal error occured on Abandoned Carts report grid
+    * Fixed an issue where it was not possible to add product to shopping cart if Use Secure URLs in Frontend = Yes
+    * Fixed an issue where email was not required during Guest Checkout 
+    * Fixed broken ability to skip reindex in `bin/magento setup:performance:generate-fixtures` command
+    * Fixed an issue where `bin/magento indexer:reindex` command failed after `bin/magento setup:di:compile` was run
+    * Fixed bug with broken JS i18n
+    * Fixed an issue with wrong value at created_at updated_at fields after quote* save
+    * Fixed an issue where customer could not be created in backend after adding Image type attribute
+    * Fixed Sales InvoiceItem and Order data interfaces implementation
+    * Fixed an issue with performance toolkit medium profile
+    * Fixed an issue where Excel Formula Injection via CSV/XML export
+    * Fixed an issue where it was not possible to open the Customers page in backend
+    * Fixed an issue with internal server error after clicking Continue on Billing information
+    * Fixed an issue where it was not possible to place order with Fedex shipping method
+* Various changes:
+    * Magento Centinel Removal
+    * Removed ability to have multi-statement queries
+* Test coverage:
+    * Unit tests coverage
+    * Covered php code by unit tests after new checkout implementation
+* Github issues:
+    * [#424](https://github.com/magento/magento2/issues/424) -- Combine tier pricing messages into block sentences
+    * [#1300](https://github.com/magento/magento2/issues/1300), [#1311](https://github.com/magento/magento2/issues/1311), [#1313](https://github.com/magento/magento2/issues/1313) -- Creating product error with startdate
+
 0.74.0-beta10
 =============
 * Framework improvements:

Gruntfile.js

@@ -68,12 +68,17 @@ module.exports = function (grunt) {
             'less:luma',
             'less:backend'
         ],
+
         /**
          * Documentation
          */
         documentation: [
+            'replace:documentation',
             'less:documentation',
             'styledocco:documentation',
+            'usebanner:documentationCss',
+            'usebanner:documentationLess',
+            'usebanner:documentationHtml',
             'clean:var',
             'clean:pub'
         ],
@@ -82,12 +87,6 @@ module.exports = function (grunt) {
             'mage-minify:legacy'
         ],
 
-        'documentation-banners': [
-            'usebanner:documentationCss',
-            'usebanner:documentationLess',
-            'usebanner:documentationHtml'
-        ],
-
         spec: function (theme) {
             var runner = require('./dev/tests/js/jasmine/spec_runner');
 

app/code/Magento/AdminNotification/composer.json

@@ -3,15 +3,15 @@
     "description": "N/A",
     "require": {
         "php": "~5.5.0|~5.6.0",
-        "magento/module-store": "0.74.0-beta10",
-        "magento/module-backend": "0.74.0-beta10",
-        "magento/module-media-storage": "0.74.0-beta10",
-        "magento/framework": "0.74.0-beta10",
+        "magento/module-store": "0.74.0-beta11",
+        "magento/module-backend": "0.74.0-beta11",
+        "magento/module-media-storage": "0.74.0-beta11",
+        "magento/framework": "0.74.0-beta11",
         "lib-libxml": "*",
         "magento/magento-composer-installer": "*"
     },
     "type": "magento2-module",
-    "version": "0.74.0-beta10",
+    "version": "0.74.0-beta11",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/Authorization/composer.json

@@ -3,12 +3,12 @@
     "description": "Authorization module provides access to Magento ACL functionality.",
     "require": {
         "php": "~5.5.0|~5.6.0",
-        "magento/module-backend": "0.74.0-beta10",
-        "magento/framework": "0.74.0-beta10",
+        "magento/module-backend": "0.74.0-beta11",
+        "magento/framework": "0.74.0-beta11",
         "magento/magento-composer-installer": "*"
     },
     "type": "magento2-module",
-    "version": "0.74.0-beta10",
+    "version": "0.74.0-beta11",
     "license": [
         "OSL-3.0",
         "AFL-3.0"

app/code/Magento/Backend/App/AbstractAction.php

@@ -22,6 +22,11 @@ abstract class AbstractAction extends \Magento\Framework\App\Action\Action
      */
     const SESSION_NAMESPACE = 'adminhtml';
 
+    /**
+     * Authorization level of a basic admin session
+     */
+    const ADMIN_RESOURCE = 'Magento_Backend::admin';
+
     /**
      * Array of actions which can be processed without secret key validation
      *
@@ -97,7 +102,7 @@ public function __construct(Action\Context $context)
      */
     protected function _isAllowed()
     {
-        return true;
+        return $this->_authorization->isAllowed(self::ADMIN_RESOURCE);
     }
 
     /**
@@ -228,14 +233,10 @@ public function dispatch(\Magento\Framework\App\RequestInterface $request)
      */
     protected function _isUrlChecked()
     {
-        return !$this->_actionFlag->get(
-            '',
-            self::FLAG_IS_URLS_CHECKED
-        ) && !$this->getRequest()->getParam(
-            'forwarded'
-        ) && !$this->_getSession()->getIsUrlNotice(
-            true
-        ) && !$this->_canUseBaseUrl;
+        return !$this->_actionFlag->get('', self::FLAG_IS_URLS_CHECKED)
+        && !$this->getRequest()->isForwarded()
+        && !$this->_getSession()->getIsUrlNotice(true)
+        && !$this->_canUseBaseUrl;
     }
 
     /**

app/code/Magento/Backend/App/Action/Plugin/Authentication.php

@@ -147,46 +147,25 @@ protected function _processNotLoggedInUser(\Magento\Framework\App\RequestInterfa
         if ($request->getPost('login') && $this->_performLogin($request)) {
             $isRedirectNeeded = $this->_redirectIfNeededAfterLogin($request);
         }
-        if (!$isRedirectNeeded && !$request->getParam('forwarded')) {
+        if (!$isRedirectNeeded && !$request->isForwarded()) {
             if ($request->getParam('isIframe')) {
-                $request->setParam(
-                    'forwarded',
-                    true
-                )->setRouteName(
-                    'adminhtml'
-                )->setControllerName(
-                    'auth'
-                )->setActionName(
-                    'deniedIframe'
-                )->setDispatched(
-                    false
-                );
+                $request->setForwarded(true)
+                    ->setRouteName('adminhtml')
+                    ->setControllerName('auth')
+                    ->setActionName('deniedIframe')
+                    ->setDispatched(false);
             } elseif ($request->getParam('isAjax')) {
-                $request->setParam(
-                    'forwarded',
-                    true
-                )->setRouteName(
-                    'adminhtml'
-                )->setControllerName(
-                    'auth'
-                )->setActionName(
-                    'deniedJson'
-                )->setDispatched(
-                    false
-                );
+                $request->setForwarded(true)
+                    ->setRouteName('adminhtml')
+                    ->setControllerName('auth')
+                    ->setActionName('deniedJson')
+                    ->setDispatched(false);
             } else {
-                $request->setParam(
-                    'forwarded',
-                    true
-                )->setRouteName(
-                    'adminhtml'
-                )->setControllerName(
-                    'auth'
-                )->setActionName(
-                    'login'
-                )->setDispatched(
-                    false
-                );
+                $request->setForwarded(true)
+                    ->setRouteName('adminhtml')
+                    ->setControllerName('auth')
+                    ->setActionName('login')
+                    ->setDispatched(false);
             }
         }
     }

app/code/Magento/Backend/Block/Dashboard.php

@@ -31,15 +31,22 @@ protected function _prepareLayout()
 
         $this->addChild('sales', 'Magento\Backend\Block\Dashboard\Sales');
 
-        if ($this->_scopeConfig->getValue(self::XML_PATH_ENABLE_CHARTS, \Magento\Store\Model\ScopeInterface::SCOPE_STORE)) {
+        $isChartEnabled = $this->_scopeConfig->getValue(
+            self::XML_PATH_ENABLE_CHARTS,
+            \Magento\Store\Model\ScopeInterface::SCOPE_STORE
+        );
+        if ($isChartEnabled) {
             $block = $this->getLayout()->createBlock('Magento\Backend\Block\Dashboard\Diagrams');
         } else {
             $block = $this->getLayout()->createBlock(
                 'Magento\Backend\Block\Template'
             )->setTemplate(
                 'dashboard/graph/disabled.phtml'
             )->setConfigUrl(
-                $this->getUrl('adminhtml/system_config/edit', ['section' => 'admin'])
+                $this->getUrl(
+                    'adminhtml/system_config/edit',
+                    ['section' => 'admin', '_fragment' => 'admin_dashboard-link']
+                )
             );
         }
         $this->setChild('diagrams', $block);

app/code/Magento/Backend/Controller/Adminhtml/Index/GlobalSearch.php

@@ -48,7 +48,7 @@ public function execute()
             $items[] = [
                 'id' => 'error',
                 'type' => __('Error'),
-                'name' => __('Access Denied'),
+                'name' => __('Access Denied.'),
                 'description' => __('You need more permissions to do this.'),
             ];
         } else {

app/code/Magento/Backend/Model/Auth.php

@@ -145,7 +145,7 @@ public function getCredentialStorage()
     public function login($username, $password)
     {
         if (empty($username) || empty($password)) {
-            self::throwException(__('Please correct the user name or password.'));
+            self::throwException(__('You did not sign in correctly or your account is temporarily disabled.'));
         }
 
         try {
@@ -162,7 +162,7 @@ public function login($username, $password)
             }
 
             if (!$this->getAuthStorage()->getUser()) {
-                self::throwException(__('Please correct the user name or password.'));
+                self::throwException(__('You did not sign in correctly or your account is temporarily disabled.'));
             }
         } catch (PluginAuthenticationException $e) {
             $this->_eventManager->dispatch(
@@ -175,7 +175,9 @@ public function login($username, $password)
                 'backend_auth_user_login_failed',
                 ['user_name' => $username, 'exception' => $e]
             );
-            self::throwException(__($e->getMessage()? : 'Please correct the user name or password.'));
+            self::throwException(
+                __($e->getMessage()? : 'You did not sign in correctly or your account is temporarily disabled.')
+            );
         }
     }
 

app/code/Magento/Backend/Test/Unit/App/Action/Plugin/AuthenticationTest.php

@@ -84,4 +84,78 @@ public function testAroundDispatchProlongStorage()
 
         $this->assertEquals($expectedResult, $this->plugin->aroundDispatch($subject, $proceed, $request));
     }
+
+    /**
+     * Calls aroundDispatch to access protected method _processNotLoggedInUser
+     *
+     * Data provider supplies different possibilities of request parameters and properties
+     * @dataProvider processNotLoggedInUserDataProvider
+     */
+    public function testProcessNotLoggedInUser($isIFrameParam, $isAjaxParam, $isForwardedFlag)
+    {
+        $subject = $this->getMockBuilder('Magento\Backend\Controller\Adminhtml\Index')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $request = $this->getMockBuilder('Magento\Framework\App\Request\Http')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $storage = $this->getMockBuilder('Magento\Backend\Model\Auth\Session')
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        // Stubs to control the flow of execution in aroundDispatch
+        $this->auth->expects($this->any())->method('getAuthStorage')->will($this->returnValue($storage));
+        $request->expects($this->once())->method('getActionName')->will($this->returnValue('non/open/action/name'));
+        $this->auth->expects($this->any())->method('getUser')->willReturn(false);
+        $this->auth->expects($this->once())->method('isLoggedIn')->will($this->returnValue(false));
+        $request->expects($this->any())->method('getPost')->willReturn(false);
+
+        // Test cases and expectations based on provided data
+        $request->expects($this->once())->method('isForwarded')->willReturn($isForwardedFlag);
+        $getParamCalls = 0;
+        $actionName = '';
+
+        // If forwarded flag is set, getParam never gets called
+        if (!$isForwardedFlag) {
+            if ($isIFrameParam) {
+                $getParamCalls = 1;
+                $actionName = 'deniedIframe';
+            } else if ($isAjaxParam) {
+                $getParamCalls = 2;
+                $actionName = 'deniedJson';
+            } else {
+                $getParamCalls = 2;
+                $actionName = 'login';
+            }
+        }
+
+        $requestParams = [
+            ['isIframe', null, $isIFrameParam],
+            ['isAjax', null, $isAjaxParam]
+        ];
+
+        $setterCalls = $isForwardedFlag ? 0 : 1;
+        $request->expects($this->exactly($getParamCalls))->method('getParam')->willReturnMap($requestParams);
+        $request->expects($this->exactly($setterCalls))->method('setForwarded')->with(true)->willReturnSelf();
+        $request->expects($this->exactly($setterCalls))->method('setRouteName')->with('adminhtml')->willReturnSelf();
+        $request->expects($this->exactly($setterCalls))->method('setControllerName')->with('auth')->willReturnSelf();
+        $request->expects($this->exactly($setterCalls))->method('setActionName')->with($actionName)->willReturnSelf();
+        $request->expects($this->exactly($setterCalls))->method('setDispatched')->with(false)->willReturnSelf();
+
+        $expectedResult = 'expectedResult';
+        $proceed = function ($request) use ($expectedResult) {
+            return $expectedResult;
+        };
+        $this->assertEquals($expectedResult, $this->plugin->aroundDispatch($subject, $proceed, $request));
+    }
+
+    public function processNotLoggedInUserDataProvider()
+    {
+        return [
+            'iFrame' => [true, false, false],
+            'Ajax' => [false, true, false],
+            'Neither iFrame nor Ajax' => [false, false, false],
+            'Forwarded request' => [true, true, true]
+        ];
+    }
 }