Merge pull request #421 from magento-extensibility/ext_pr

[Extensibility] public PRs and bug fixes

Author: He, Joan(johe)

app/code/Magento/Backend/Model/Auth/Session.php

@@ -171,26 +171,13 @@ public function isLoggedIn()
     }
 
     /**
-     * Set session UpdatedAt to current time and update cookie expiration time
+     * Set session UpdatedAt to current time
      *
      * @return void
      */
     public function prolong()
     {
-        $lifetime = $this->_config->getValue(self::XML_PATH_SESSION_LIFETIME);
-        $currentTime = time();
-
-        $this->setUpdatedAt($currentTime);
-        $cookieValue = $this->cookieManager->getCookie($this->getName());
-        if ($cookieValue) {
-            $cookieMetadata = $this->cookieMetadataFactory->createPublicCookieMetadata()
-                ->setDuration($lifetime)
-                ->setPath($this->sessionConfig->getCookiePath())
-                ->setDomain($this->sessionConfig->getCookieDomain())
-                ->setSecure($this->sessionConfig->getCookieSecure())
-                ->setHttpOnly($this->sessionConfig->getCookieHttpOnly());
-            $this->cookieManager->setPublicCookie($this->getName(), $cookieValue, $cookieMetadata);
-        }
+        $this->setUpdatedAt(time());
     }
 
     /**

app/code/Magento/Backend/Model/Config/SessionLifetime/BackendModel.php

@@ -0,0 +1,36 @@
+<?php
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Backend\Model\Config\SessionLifetime;
+
+use Magento\Framework\App\Config\Value;
+use Magento\Framework\Exception\LocalizedException;
+
+/**
+ * Backend model for the admin/security/session_lifetime configuration field. Validates session lifetime.
+ */
+class BackendModel extends Value
+{
+    /** Maximum dmin session lifetime; 1 year*/
+    const MAX_LIFETIME = 31536000;
+
+    /** Minimum admin session lifetime */
+    const MIN_LIFETIME = 60;
+
+    public function beforeSave()
+    {
+        $value = (int) $this->getValue();
+        if ($value > self::MAX_LIFETIME) {
+            throw new LocalizedException(
+                __('Admin session lifetime must be less than or equal to 31536000 seconds (one year)')
+            );
+        } else if ($value < self::MIN_LIFETIME) {
+            throw new LocalizedException(
+                __('Admin session lifetime must be greater than or equal to 60 seconds')
+            );
+        }
+        return parent::beforeSave();
+    }
+}

app/code/Magento/Backend/Model/Session/AdminConfig.php

@@ -14,8 +14,6 @@
 
 /**
  * Magento Backend session configuration
- *
- * @method Config setSaveHandler()
  */
 class AdminConfig extends Config
 {
@@ -107,4 +105,14 @@ private function extractAdminPath()
         $cookiePath = $baseUrl . $backendApp->getCookiePath();
         return $cookiePath;
     }
+
+    /**
+     * Set session cookie lifetime to session duration
+     *
+     * @return $this
+     */
+    protected function configureCookieLifetime()
+    {
+        return $this->setCookieLifetime(0);
+    }
 }

app/code/Magento/Backend/Test/Unit/Model/Auth/SessionTest.php

@@ -162,67 +162,7 @@ public function testIsLoggedInPositive()
 
     public function testProlong()
     {
-        $name = session_name();
-        $cookie = 'cookie';
-        $lifetime = 900;
-        $path = '/';
-        $domain = 'magento2';
-        $secure = true;
-        $httpOnly = true;
-
-        $cookieMetadata = $this->getMock('Magento\Framework\Stdlib\Cookie\PublicCookieMetadata');
-        $cookieMetadata->expects($this->once())
-            ->method('setDuration')
-            ->with($lifetime)
-            ->will($this->returnSelf());
-        $cookieMetadata->expects($this->once())
-            ->method('setPath')
-            ->with($path)
-            ->will($this->returnSelf());
-        $cookieMetadata->expects($this->once())
-            ->method('setDomain')
-            ->with($domain)
-            ->will($this->returnSelf());
-        $cookieMetadata->expects($this->once())
-            ->method('setSecure')
-            ->with($secure)
-            ->will($this->returnSelf());
-        $cookieMetadata->expects($this->once())
-            ->method('setHttpOnly')
-            ->with($httpOnly)
-            ->will($this->returnSelf());
-
-        $this->cookieMetadataFactory->expects($this->once())
-            ->method('createPublicCookieMetadata')
-            ->will($this->returnValue($cookieMetadata));
-
-        $this->cookieManager->expects($this->once())
-            ->method('getCookie')
-            ->with($name)
-            ->will($this->returnValue($cookie));
-        $this->cookieManager->expects($this->once())
-            ->method('setPublicCookie')
-            ->with($name, $cookie, $cookieMetadata);
-
-        $this->config->expects($this->once())
-            ->method('getValue')
-            ->with(\Magento\Backend\Model\Auth\Session::XML_PATH_SESSION_LIFETIME)
-            ->will($this->returnValue($lifetime));
-        $this->sessionConfig->expects($this->once())
-            ->method('getCookiePath')
-            ->will($this->returnValue($path));
-        $this->sessionConfig->expects($this->once())
-            ->method('getCookieDomain')
-            ->will($this->returnValue($domain));
-        $this->sessionConfig->expects($this->once())
-            ->method('getCookieSecure')
-            ->will($this->returnValue($secure));
-        $this->sessionConfig->expects($this->once())
-            ->method('getCookieHttpOnly')
-            ->will($this->returnValue($httpOnly));
-
         $this->session->prolong();
-
         $this->assertLessThanOrEqual(time(), $this->session->getUpdatedAt());
     }
 

app/code/Magento/Backend/Test/Unit/Model/Config/SessionLifetime/BackendModelTest.php

@@ -0,0 +1,43 @@
+<?php
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Backend\Test\Unit\Model\Config\SessionLifetime;
+
+use Magento\Backend\Model\Config\SessionLifetime\BackendModel;
+use Magento\Framework\TestFramework\Unit\Helper\ObjectManager;
+
+class BackendModelTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @dataProvider adminSessionLifetimeDataProvider
+     */
+    public function testBeforeSave($value, $errorMessage = null)
+    {
+        /** @var BackendModel $model */
+        $model = (new ObjectManager($this))->getObject('Magento\Backend\Model\Config\SessionLifetime\BackendModel');
+        if ($errorMessage !== null) {
+            $this->setExpectedException('\Magento\Framework\Exception\LocalizedException', $errorMessage);
+        }
+        $model->setValue($value);
+        $model->beforeSave();
+    }
+
+    public function adminSessionLifetimeDataProvider()
+    {
+        return [
+            [
+                BackendModel::MIN_LIFETIME - 1,
+                'Admin session lifetime must be greater than or equal to 60 seconds'
+            ],
+            [
+                BackendModel::MAX_LIFETIME + 1,
+                'Admin session lifetime must be less than or equal to 31536000 seconds (one year)'
+            ],
+            [
+                900
+            ]
+        ];
+    }
+}

app/code/Magento/Backend/etc/adminhtml/system.xml

@@ -388,7 +388,8 @@
                 </field>
                 <field id="session_lifetime" translate="label comment" sortOrder="30" showInDefault="1" showInWebsite="0" showInStore="0">
                     <label>Admin Session Lifetime (seconds)</label>
-                    <comment>Values less than 60 are ignored.</comment>
+                    <comment>Please enter at least 60 and at most 31536000 (one year).</comment>
+                    <backend_model>Magento\Backend\Model\Config\SessionLifetime\BackendModel</backend_model>
                     <validate>validate-digits</validate>
                 </field>
             </group>

app/code/Magento/Backend/i18n/en_US.csv

@@ -556,7 +556,9 @@ Security,Security
 "Add Secret Key to URLs","Add Secret Key to URLs"
 "Login is Case Sensitive","Login is Case Sensitive"
 "Admin Session Lifetime (seconds)","Admin Session Lifetime (seconds)"
-"Values less than 60 are ignored.","Values less than 60 are ignored."
+"Please enter at least 60 and at most 31536000 (one year).","Please enter at least 60 and at most 31536000 (one year)."
+"Admin session lifetime must be less than or equal to 31536000 seconds (one year)","Admin session lifetime must be less than or equal to 31536000 seconds (one year)"
+"Admin session lifetime must be greater than or equal to 60 seconds","Admin session lifetime must be greater than or equal to 60 seconds"
 Web,Web
 "Url Options","Url Options"
 "Add Store Code to Urls","Add Store Code to Urls"

app/code/Magento/Config/Block/System/Config/Form/Field.php

@@ -180,7 +180,7 @@ protected function _renderHint(\Magento\Framework\Data\Form\Element\AbstractElem
      * @param string $html
      * @return string
      */
-    protected function _decorateRowHtml($element, $html)
+    protected function _decorateRowHtml(\Magento\Framework\Data\Form\Element\AbstractElement $element, $html)
     {
         return '<tr id="row_' . $element->getHtmlId() . '">' . $html . '</tr>';
     }

app/code/Magento/Config/Test/Unit/Block/System/Config/Form/Field/NotificationTest.php

@@ -20,6 +20,13 @@ public function testRender()
 
         /** @var \Magento\Framework\Stdlib\DateTime\DateTimeFormatterInterface $dateTimeFormatter */
         $dateTimeFormatter = $objectManager->getObject('Magento\Framework\Stdlib\DateTime\DateTimeFormatter');
+        $localeResolver = $objectManager->getObject('Magento\Framework\Locale\Resolver');
+
+        $reflection = new \ReflectionClass('Magento\Framework\Stdlib\DateTime\DateTimeFormatter');
+        $reflectionProperty = $reflection->getProperty('localeResolver');
+        $reflectionProperty->setAccessible(true);
+        $reflectionProperty->setValue($dateTimeFormatter, $localeResolver);
+
         $formattedDate = $dateTimeFormatter->formatObject($testDatetime);
 
         $htmlId = 'test_HTML_id';

app/code/Magento/Config/etc/system.xsd

@@ -95,6 +95,7 @@
                     <xs:element name="header_css" type="xs:string" />
                     <xs:element name="resource" type="typeAclResourceId" />
                     <xs:element ref="group" />
+                    <xs:element name="frontend_model" type="typeModel" />
                 </xs:choice>
             </xs:sequence>
             <xs:attributeGroup ref="elementsAttributeGroup"/>