MAGETWO-45159: [ZAP-M2]: Cookie set without secure flag

Dale Sikkema · Dale Sikkema · commit 63f7e51bacff · 2015-11-11T18:16:10.000-06:00
diff --git a/app/code/Magento/Backend/Model/Session/AdminConfig.php b/app/code/Magento/Backend/Model/Session/AdminConfig.php
@@ -84,6 +84,7 @@ public function __construct(
         $adminPath = $this->extractAdminPath();
         $this->setCookiePath($adminPath);
         $this->setName($sessionName);
+        $this->setCookieSecure($this->_httpRequest->isSecure());
     }
 
     /**
diff --git a/app/code/Magento/Backend/Test/Unit/Model/Session/AdminConfigTest.php b/app/code/Magento/Backend/Test/Unit/Model/Session/AdminConfigTest.php
@@ -105,12 +105,13 @@ public function testSetCookiePathNonDefault()
     }
 
     /**
-     * Test for setting session name for admin
-     *
+     * Test for setting session name and secure_cookie for admin
      */
-    public function testSetSessionNameByConstructor()
+    public function testSetSessionSettingsByConstructor()
     {
         $sessionName = 'admin';
+        $secureRequest = true;
+        $this->requestMock->expects($this->once())->method('isSecure')->willReturn($secureRequest);
 
         $validatorMock = $this->getMockBuilder('Magento\Framework\Validator\ValidatorInterface')
             ->disableOriginalConstructor()
@@ -136,5 +137,6 @@ public function testSetSessionNameByConstructor()
             ]
         );
         $this->assertSame($sessionName, $adminConfig->getName());
+        $this->assertSame($secureRequest, $adminConfig->getCookieSecure());
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -84,6 +84,7 @@ public function __construct(`
`84`	`84`	`$adminPath = $this->extractAdminPath();`
`85`	`85`	`$this->setCookiePath($adminPath);`
`86`	`86`	`$this->setName($sessionName);`
	`87`	`+ $this->setCookieSecure($this->_httpRequest->isSecure());`
`87`	`88`	`}`
`88`	`89`
`89`	`90`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -105,12 +105,13 @@ public function testSetCookiePathNonDefault()`
`105`	`105`	`}`
`106`	`106`
`107`	`107`	`/**`
`108`		`- * Test for setting session name for admin`
`109`		`- *`
	`108`	`+ * Test for setting session name and secure_cookie for admin`
`110`	`109`	`*/`
`111`		`- public function testSetSessionNameByConstructor()`
	`110`	`+ public function testSetSessionSettingsByConstructor()`
`112`	`111`	`{`
`113`	`112`	`$sessionName = 'admin';`
	`113`	`+ $secureRequest = true;`
	`114`	`+ $this->requestMock->expects($this->once())->method('isSecure')->willReturn($secureRequest);`
`114`	`115`
`115`	`116`	`$validatorMock = $this->getMockBuilder('Magento\Framework\Validator\ValidatorInterface')`
`116`	`117`	`->disableOriginalConstructor()`
`@@ -136,5 +137,6 @@ public function testSetSessionNameByConstructor()`
`136`	`137`	`]`
`137`	`138`	`);`
`138`	`139`	`$this->assertSame($sessionName, $adminConfig->getName());`
	`140`	`+ $this->assertSame($secureRequest, $adminConfig->getCookieSecure());`
`139`	`141`	`}`
`140`	`142`	`}`