Skip to content

Commit c301f84

Browse files
dhorytskyidhorytskyi
committed
ACP2E-3373: [Cloud] Admin Panel exposed to the public - Custom Admin URL not effective
1 parent 5a2037c commit c301f84

File tree

2 files changed

+45
-42
lines changed

2 files changed

+45
-42
lines changed

app/code/Magento/Backend/App/Area/FrontNameResolver.php

Lines changed: 17 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<?php
22
/**
3-
* Copyright © Magento, Inc. All rights reserved.
4-
* See COPYING.txt for license details.
3+
* Copyright 2013 Adobe
4+
* All Rights Reserved.
55
*/
66

77
namespace Magento\Backend\App\Area;
@@ -121,6 +121,10 @@ public function getFrontName($checkHost = false)
121121
*/
122122
public function isHostBackend()
123123
{
124+
if (!$this->request->getServer('HTTP_HOST')) {
125+
return false;
126+
}
127+
124128
if ($this->scopeConfig->getValue(self::XML_PATH_USE_CUSTOM_ADMIN_URL, ScopeInterface::SCOPE_STORE)) {
125129
$backendUrl = $this->scopeConfig->getValue(self::XML_PATH_CUSTOM_ADMIN_URL, ScopeInterface::SCOPE_STORE);
126130
} else {
@@ -132,28 +136,18 @@ public function isHostBackend()
132136
);
133137
}
134138
}
135-
$host = (string) $this->request->getServer('HTTP_HOST', '');
136-
$hostWithPort = $this->getHostWithPort($backendUrl);
137-
138-
return !($hostWithPort === null || $host === '') && stripos($hostWithPort, $host) !== false;
139-
}
140-
141-
/**
142-
* Get host with port
143-
*
144-
* @param string $url
145-
* @return mixed|string
146-
*/
147-
private function getHostWithPort($url)
148-
{
149-
$this->uri->parse($url);
150-
$scheme = $this->uri->getScheme();
151-
$host = $this->uri->getHost();
152-
$port = $this->uri->getPort();
139+
$this->uri->parse($backendUrl);
140+
if (!$this->uri->getHost()) {
141+
return false;
142+
}
153143

154-
if (!$port) {
155-
$port = $this->standardPorts[$scheme] ?? null;
144+
$configuredPort = $this->uri->getPort() ?: ($this->standardPorts[$this->uri->getScheme()] ?? '');
145+
$configuredHost = $this->uri->getHost() . ':' . $configuredPort;
146+
$host = $this->request->getServer('HTTP_HOST');
147+
if (!str_contains($host, ':')) {
148+
$host .= ':' . ($this->standardPorts[$this->request->getServer('REQUEST_SCHEME')] ?? '');
156149
}
157-
return $port !== null ? $host . ':' . $port : $host;
150+
151+
return strcasecmp($configuredHost, $host) === 0;
158152
}
159153
}

app/code/Magento/Backend/Test/Unit/App/Area/FrontNameResolverTest.php

Lines changed: 28 additions & 19 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
<?php
22
/**
3-
* Copyright © Magento, Inc. All rights reserved.
4-
* See COPYING.txt for license details.
3+
* Copyright 2013 Adobe
4+
* All Rights Reserved.
55
*/
66
declare(strict_types=1);
77

@@ -63,11 +63,9 @@ protected function setUp(): void
6363
->with(ConfigOptionsList::CONFIG_PATH_BACKEND_FRONTNAME)
6464
->willReturn($this->_defaultFrontName);
6565
$this->uri = $this->createMock(Uri::class);
66-
6766
$this->request = $this->createMock(Http::class);
68-
6967
$this->configMock = $this->createMock(Config::class);
70-
$this->scopeConfigMock = $this->getMockForAbstractClass(ScopeConfigInterface::class);
68+
$this->scopeConfigMock = $this->createMock(ScopeConfigInterface::class);
7169
$this->model = new FrontNameResolver(
7270
$this->configMock,
7371
$deploymentConfigMock,
@@ -111,6 +109,7 @@ public function testIfCustomPathNotUsed(): void
111109
/**
112110
* @param string $url
113111
* @param string|null $host
112+
* @param bool $isHttps
114113
* @param string $useCustomAdminUrl
115114
* @param string $customAdminUrl
116115
* @param bool $expectedValue
@@ -121,12 +120,12 @@ public function testIfCustomPathNotUsed(): void
121120
public function testIsHostBackend(
122121
string $url,
123122
?string $host,
123+
bool $isHttps,
124124
string $useCustomAdminUrl,
125125
string $customAdminUrl,
126126
bool $expectedValue
127127
): void {
128-
$this->scopeConfigMock->expects($this->exactly(2))
129-
->method('getValue')
128+
$this->scopeConfigMock->method('getValue')
130129
->willReturnMap(
131130
[
132131
[Store::XML_PATH_UNSECURE_BASE_URL, ScopeInterface::SCOPE_STORE, null, $url],
@@ -145,41 +144,42 @@ public function testIsHostBackend(
145144
]
146145
);
147146

148-
$this->request->expects($this->any())
147+
$this->request->expects($this->atLeastOnce())
149148
->method('getServer')
150-
->willReturn($host);
149+
->willReturnMap(
150+
[
151+
['HTTP_HOST', null, $host],
152+
['REQUEST_SCHEME', null, $isHttps ? 'https' : 'http'],
153+
]
154+
);
151155

152156
$urlParts = [];
153-
$this->uri->expects($this->once())
154-
->method('parse')
157+
$this->uri->method('parse')
155158
->willReturnCallback(
156159
function ($url) use (&$urlParts) {
157160
$urlParts = parse_url($url);
158161
}
159162
);
160-
$this->uri->expects($this->once())
161-
->method('getScheme')
163+
$this->uri->method('getScheme')
162164
->willReturnCallback(
163165
function () use (&$urlParts) {
164166
return array_key_exists('scheme', $urlParts) ? $urlParts['scheme'] : '';
165167
}
166168
);
167-
$this->uri->expects($this->once())
168-
->method('getHost')
169+
$this->uri->method('getHost')
169170
->willReturnCallback(
170171
function () use (&$urlParts) {
171172
return array_key_exists('host', $urlParts) ? $urlParts['host'] : '';
172173
}
173174
);
174-
$this->uri->expects($this->once())
175-
->method('getPort')
175+
$this->uri->method('getPort')
176176
->willReturnCallback(
177177
function () use (&$urlParts) {
178178
return array_key_exists('port', $urlParts) ? $urlParts['port'] : '';
179179
}
180180
);
181181

182-
$this->assertEquals($this->model->isHostBackend(), $expectedValue);
182+
$this->assertEquals($expectedValue, $this->model->isHostBackend());
183183
}
184184

185185
/**
@@ -208,62 +208,71 @@ public static function hostsDataProvider(): array
208208
'withoutPort' => [
209209
'url' => 'http://magento2.loc/',
210210
'host' => 'magento2.loc',
211+
'isHttps' => false,
211212
'useCustomAdminUrl' => '0',
212213
'customAdminUrl' => '',
213214
'expectedValue' => true
214215
],
215216
'withPort' => [
216217
'url' => 'http://magento2.loc:8080/',
217218
'host' => 'magento2.loc:8080',
219+
'isHttps' => false,
218220
'useCustomAdminUrl' => '0',
219221
'customAdminUrl' => '',
220222
'expectedValue' => true
221223
],
222224
'withStandartPortInUrlWithoutPortInHost' => [
223225
'url' => 'http://magento2.loc:80/',
224226
'host' => 'magento2.loc',
227+
'isHttps' => false,
225228
'useCustomAdminUrl' => '0',
226229
'customAdminUrl' => '',
227230
'expectedValue' => true
228231
],
229232
'withoutStandartPortInUrlWithPortInHost' => [
230233
'url' => 'https://magento2.loc/',
231-
'host' => 'magento2.loc:443',
234+
'host' => 'magento2.loc',
235+
'isHttps' => true,
232236
'useCustomAdminUrl' => '0',
233237
'customAdminUrl' => '',
234238
'expectedValue' => true
235239
],
236240
'differentHosts' => [
237241
'url' => 'http://m2.loc/',
238242
'host' => 'magento2.loc',
243+
'isHttps' => false,
239244
'useCustomAdminUrl' => '0',
240245
'customAdminUrl' => '',
241246
'expectedValue' => false
242247
],
243248
'differentPortsOnOneHost' => [
244249
'url' => 'http://magento2.loc/',
245250
'host' => 'magento2.loc:8080',
251+
'isHttps' => false,
246252
'useCustomAdminUrl' => '0',
247253
'customAdminUrl' => '',
248254
'expectedValue' => false
249255
],
250256
'withCustomAdminUrl' => [
251257
'url' => 'http://magento2.loc/',
252258
'host' => 'myhost.loc',
259+
'isHttps' => true,
253260
'useCustomAdminUrl' => '1',
254261
'customAdminUrl' => 'https://myhost.loc/',
255262
'expectedValue' => true
256263
],
257264
'withCustomAdminUrlWrongHost' => [
258265
'url' => 'http://magento2.loc/',
259266
'host' => 'SomeOtherHost.loc',
267+
'isHttps' => false,
260268
'useCustomAdminUrl' => '1',
261269
'customAdminUrl' => 'https://myhost.loc/',
262270
'expectedValue' => false
263271
],
264272
'withEmptyHost' => [
265273
'url' => 'http://magento2.loc/',
266274
'host' => null,
275+
'isHttps' => false,
267276
'useCustomAdminUrl' => '0',
268277
'customAdminUrl' => '',
269278
'expectedValue' => false

0 commit comments

Comments
 (0)