Merge remote-tracking branch 'ext/MAGETWO-45159-insecure-admin-cookie' into MAGETWO-45093-Magento-is-stuck-in-Maintenance-mode-if-Backup-is-created-during-disabling-module-via-Web-Setup-Wizard

Ivan Gavryshko · Ivan Gavryshko · commit 90d943910937 · 2015-11-11T19:00:06.000-06:00
diff --git a/app/code/Magento/Backend/Model/Session/AdminConfig.php b/app/code/Magento/Backend/Model/Session/AdminConfig.php
@@ -84,6 +84,7 @@ public function __construct(
         $adminPath = $this->extractAdminPath();
         $this->setCookiePath($adminPath);
         $this->setName($sessionName);
+        $this->setCookieSecure($this->_httpRequest->isSecure());
     }
 
     /**
diff --git a/app/code/Magento/Backend/Test/Unit/Model/Session/AdminConfigTest.php b/app/code/Magento/Backend/Test/Unit/Model/Session/AdminConfigTest.php
@@ -105,12 +105,14 @@ public function testSetCookiePathNonDefault()
     }
 
     /**
-     * Test for setting session name for admin
-     *
+     * Test for setting session name and secure_cookie for admin
+     * @dataProvider requestSecureDataProvider
+     * @param $secureRequest
      */
-    public function testSetSessionNameByConstructor()
+    public function testSetSessionSettingsByConstructor($secureRequest)
     {
         $sessionName = 'admin';
+        $this->requestMock->expects($this->once())->method('isSecure')->willReturn($secureRequest);
 
         $validatorMock = $this->getMockBuilder('Magento\Framework\Validator\ValidatorInterface')
             ->disableOriginalConstructor()
@@ -136,5 +138,11 @@ public function testSetSessionNameByConstructor()
             ]
         );
         $this->assertSame($sessionName, $adminConfig->getName());
+        $this->assertSame($secureRequest, $adminConfig->getCookieSecure());
+    }
+
+    public function requestSecureDataProvider()
+    {
+        return [[true], [false]];
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -84,6 +84,7 @@ public function __construct(`
`84`	`84`	`$adminPath = $this->extractAdminPath();`
`85`	`85`	`$this->setCookiePath($adminPath);`
`86`	`86`	`$this->setName($sessionName);`
	`87`	`+ $this->setCookieSecure($this->_httpRequest->isSecure());`
`87`	`88`	`}`
`88`	`89`
`89`	`90`	`/**`
Original file line number	Diff line number	Diff line change
`@@ -105,12 +105,14 @@ public function testSetCookiePathNonDefault()`
`105`	`105`	`}`
`106`	`106`
`107`	`107`	`/**`
`108`		`- * Test for setting session name for admin`
`109`		`- *`
	`108`	`+ * Test for setting session name and secure_cookie for admin`
	`109`	`+ * @dataProvider requestSecureDataProvider`
	`110`	`+ * @param $secureRequest`
`110`	`111`	`*/`
`111`		`- public function testSetSessionNameByConstructor()`
	`112`	`+ public function testSetSessionSettingsByConstructor($secureRequest)`
`112`	`113`	`{`
`113`	`114`	`$sessionName = 'admin';`
	`115`	`+ $this->requestMock->expects($this->once())->method('isSecure')->willReturn($secureRequest);`
`114`	`116`
`115`	`117`	`$validatorMock = $this->getMockBuilder('Magento\Framework\Validator\ValidatorInterface')`
`116`	`118`	`->disableOriginalConstructor()`
`@@ -136,5 +138,11 @@ public function testSetSessionNameByConstructor()`
`136`	`138`	`]`
`137`	`139`	`);`
`138`	`140`	`$this->assertSame($sessionName, $adminConfig->getName());`
	`141`	`+ $this->assertSame($secureRequest, $adminConfig->getCookieSecure());`
	`142`	`+ }`
	`143`	`+`
	`144`	`+ public function requestSecureDataProvider()`
	`145`	`+ {`
	`146`	`+ return [[true], [false]];`
`139`	`147`	`}`
`140`	`148`	`}`