Merge branch 'MAGETWO-36837-authentication-bypass' into develop

Dale Sikkema · Dale Sikkema · commit 96565f21a762 · 2015-05-29T14:51:22.000-05:00
diff --git a/app/code/Magento/Backend/App/AbstractAction.php b/app/code/Magento/Backend/App/AbstractAction.php
@@ -81,17 +81,10 @@ abstract class AbstractAction extends \Magento\Framework\App\Action\Action
      */
     protected $_formKeyValidator;
 
-    /**
-     * Resource used to authorize access to the controller
-     *
-     * @var string
-     */
-    protected $resource;
-
     /**
      * @param \Magento\Backend\App\Action\Context $context
      */
-    public function __construct(Action\Context $context, $resource = '')
+    public function __construct(Action\Context $context)
     {
         parent::__construct($context);
         $this->_authorization = $context->getAuthorization();
@@ -109,7 +102,7 @@ public function __construct(Action\Context $context, $resource = '')
      */
     protected function _isAllowed()
     {
-        return $this->_authorization->isAllowed($this->resource ?: self::ADMIN_RESOURCE);
+        return $this->_authorization->isAllowed(self::ADMIN_RESOURCE);
     }
 
     /**
diff --git a/app/code/Magento/Backend/Test/Unit/App/Action/Plugin/AuthenticationTest.php b/app/code/Magento/Backend/Test/Unit/App/Action/Plugin/AuthenticationTest.php
@@ -89,7 +89,7 @@ public function testAroundDispatchProlongStorage()
      * Calls aroundDispatch to access protected method _processNotLoggedInUser
      *
      * Data provider supplies different possibilities of request parameters and properties
-     * @dataProvider userNotLoggedInRequest
+     * @dataProvider processNotLoggedInUserDataProvider
      */
     public function testProcessNotLoggedInUser($isIFrameParam, $isAjaxParam, $isForwardedFlag)
     {
@@ -143,14 +143,13 @@ public function testProcessNotLoggedInUser($isIFrameParam, $isAjaxParam, $isForw
         $request->expects($this->exactly($setterCalls))->method('setDispatched')->with(false)->willReturnSelf();
 
         $expectedResult = 'expectedResult';
-        $proceed = function ($request) use ($expectedResult)
-        {
+        $proceed = function ($request) use ($expectedResult) {
             return $expectedResult;
         };
         $this->assertEquals($expectedResult, $this->plugin->aroundDispatch($subject, $proceed, $request));
     }
 
-    public function userNotLoggedInRequest()
+    public function processNotLoggedInUserDataProvider()
     {
         return [
             'iFrame' => [true, false, false],

Original file line number	Diff line number	Diff line change
`@@ -89,7 +89,7 @@ public function testAroundDispatchProlongStorage()`
`89`	`89`	`* Calls aroundDispatch to access protected method _processNotLoggedInUser`
`90`	`90`	`*`
`91`	`91`	`* Data provider supplies different possibilities of request parameters and properties`
`92`		`- * @dataProvider userNotLoggedInRequest`
	`92`	`+ * @dataProvider processNotLoggedInUserDataProvider`
`93`	`93`	`*/`
`94`	`94`	`public function testProcessNotLoggedInUser($isIFrameParam, $isAjaxParam, $isForwardedFlag)`
`95`	`95`	`{`
`@@ -143,14 +143,13 @@ public function testProcessNotLoggedInUser($isIFrameParam, $isAjaxParam, $isForw`
`143`	`143`	`$request->expects($this->exactly($setterCalls))->method('setDispatched')->with(false)->willReturnSelf();`
`144`	`144`
`145`	`145`	`$expectedResult = 'expectedResult';`
`146`		`- $proceed = function ($request) use ($expectedResult)`
`147`		`- {`
	`146`	`+ $proceed = function ($request) use ($expectedResult) {`
`148`	`147`	`return $expectedResult;`
`149`	`148`	`};`
`150`	`149`	`$this->assertEquals($expectedResult, $this->plugin->aroundDispatch($subject, $proceed, $request));`
`151`	`150`	`}`
`152`	`151`
`153`		`- public function userNotLoggedInRequest()`
	`152`	`+ public function processNotLoggedInUserDataProvider()`
`154`	`153`	`{`
`155`	`154`	`return [`
`156`	`155`	`'iFrame' => [true, false, false],`