Merge branch '2.4-develop' of https://github.com/magento-commerce/magento2ce into ACP2E-159

Author: pradeep.rauthan

app/code/Magento/AdminNotification/view/adminhtml/web/template/grid/listing.html

@@ -9,21 +9,21 @@
         <div class="message-system-short">
             <button class="message-system-action-dropdown" toggleCollapsible>
                 <span>
-                    <translate args="'System Messages'"/>:
-                    <text args="totalRecords"/>
+                    <translate args="'System Messages'"></translate>:
+                    <text args="totalRecords"></text>
                 </span>
             </button>
             <div class="message-system-short-wrapper" if="rows[0]" repeat="foreach: [rows[0]], item: '$row'" visible="!$collapsible.opened()">
                 <fastForEach args="data: getVisible(), as: '$col'" >
-                    <render args="$col.getBody()"/>
+                    <render args="$col.getBody()"></render>
                 </fastForEach>
             </div>
         </div>
         <div class="message-system-collapsible">
             <ul class="message-system-list">
                 <li repeat="foreach: rows, item: '$row'">
                     <fastForEach args="data: getVisible(), as: '$col'" >
-                        <render args="$col.getBody()"/>
+                        <render args="$col.getBody()"></render>
                     </fastForEach>
                 </li>
             </ul>

app/code/Magento/AsynchronousOperations/view/adminhtml/web/template/grid/listing.html

@@ -9,21 +9,21 @@
         <div class="message-system-short">
             <button class="message-system-action-dropdown" toggleCollapsible>
                 <span>
-                    <translate args="'System Messages'"/>:
-                    <text args="totalRecords"/>
+                    <translate args="'System Messages'"></translate>:
+                    <text args="totalRecords"></text>
                 </span>
             </button>
             <div class="message-system-short-wrapper" if="rows[0]" repeat="foreach: [rows[0]], item: '$row'" visible="!$collapsible.opened()">
                 <fastForEach args="data: getVisible(), as: '$col'" >
-                    <render args="$col.getBody()"/>
+                    <render args="$col.getBody()"></render>
                 </fastForEach>
             </div>
         </div>
         <div class="message-system-collapsible">
             <ul class="message-system-list">
                 <li repeat="foreach: rows, item: '$row'">
                     <fastForEach args="data: getVisible(), as: '$col'" >
-                        <render args="$col.getBody()"/>
+                        <render args="$col.getBody()"></render>
                     </fastForEach>
                 </li>
             </ul>

app/code/Magento/Backend/App/Action/Plugin/Authentication.php

@@ -102,6 +102,8 @@ public function __construct(
     }
 
     /**
+     * Ensures user is authenticated before accessing backend action controllers.
+     *
      * @param \Magento\Backend\App\AbstractAction $subject
      * @param \Closure $proceed
      * @param \Magento\Framework\App\RequestInterface $request
@@ -225,10 +227,9 @@ protected function _redirectIfNeededAfterLogin(\Magento\Framework\App\RequestInt
 
         // Checks, whether secret key is required for admin access or request uri is explicitly set
         if ($this->_url->useSecretKey()) {
-            $requestParts = explode('/', trim($request->getRequestUri(), '/'), 3);
-            $baseUrlPath = trim(parse_url($this->backendUrl->getBaseUrl(), PHP_URL_PATH), '/');
-            $routeIndex = empty($baseUrlPath) ? 0 : 1;
-            $requestUri = $this->_url->getUrl($requestParts[$routeIndex]);
+            // The requested URL has an invalid secret key and therefore redirecting to this URL
+            // will cause a security vulnerability.
+            $requestUri = $this->_url->getUrl($this->_url->getStartupPageUrl());
         } elseif ($request) {
             $requestUri = $request->getRequestUri();
         }

app/code/Magento/Backend/Model/Dashboard/Chart/Date.php

@@ -63,6 +63,8 @@ public function getByPeriod(string $period): array
 
         if ($period === Period::PERIOD_24_HOURS) {
             $dateEnd->modify('-1 hour');
+        } elseif ($period === Period::PERIOD_TODAY) {
+            $dateEnd->modify('now');
         } else {
             $dateEnd->setTime(23, 59, 59);
             $dateStart->setTime(0, 0, 0);

app/code/Magento/Backend/Model/Dashboard/Period.php

@@ -12,6 +12,7 @@
  */
 class Period
 {
+    public const PERIOD_TODAY = 'today';
     public const PERIOD_24_HOURS = '24h';
     public const PERIOD_7_DAYS = '7d';
     public const PERIOD_1_MONTH = '1m';
@@ -30,6 +31,7 @@ class Period
     public function getDatePeriods(): array
     {
         return [
+            static::PERIOD_TODAY => __('Today'),
             static::PERIOD_24_HOURS => __('Last 24 Hours'),
             static::PERIOD_7_DAYS => __('Last 7 Days'),
             static::PERIOD_1_MONTH => __('Current Month'),
@@ -46,6 +48,7 @@ public function getDatePeriods(): array
     public function getPeriodChartUnits(): array
     {
         return [
+            static::PERIOD_TODAY => self::PERIOD_UNIT_HOUR,
             static::PERIOD_24_HOURS => self::PERIOD_UNIT_HOUR,
             static::PERIOD_7_DAYS => self::PERIOD_UNIT_DAY,
             static::PERIOD_1_MONTH => self::PERIOD_UNIT_DAY,

app/code/Magento/Backend/Test/Mftf/ActionGroup/AdminAssertNoErrorMessageActionGroup.xml

@@ -0,0 +1,14 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
+    <actionGroup name="AdminAssertNoErrorMessageActionGroup">
+        <dontSeeElement selector="{{AdminMessagesSection.error}}" stepKey="dontSeeErrorMessage"/>
+    </actionGroup>
+</actionGroups>

app/code/Magento/Backend/Test/Mftf/ActionGroup/AdminClickLogoutActionGroup.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
+    <actionGroup name="AdminClickLogoutActionGroup">
+        <grabAttributeFrom selector="{{AdminHeaderSection.signOut}}" userInput="href" stepKey="logoutUrl"/>
+        <amOnPage url="{$logoutUrl}" stepKey="logout2"/>
+    </actionGroup>
+</actionGroups>

app/code/Magento/Backend/Test/Mftf/ActionGroup/AdminLoginWithCustomUrlActionGroup.xml

@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<actionGroups xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+              xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/actionGroupSchema.xsd">
+    <actionGroup name="AdminLoginWithCustomUrlActionGroup" extends="AdminLoginActionGroup">
+        <annotations>
+            <description>Login to specific backend URL.</description>
+        </annotations>
+        <arguments>
+            <argument name="customUrl" type="string"/>
+        </arguments>
+
+        <amOnPage url="{{customUrl}}" stepKey="navigateToAdmin"/>
+    </actionGroup>
+</actionGroups>

app/code/Magento/Backend/Test/Mftf/Section/AdminHeaderSection.xml

@@ -17,5 +17,6 @@
         <element name="pageHeading" type="text" selector=".page-content .page-heading"/>
         <!-- Used for page not found error -->
         <element name="pageNotFoundTitle" type="text" selector=".page-title span"/>
+        <element name="signOut" type="button" selector=".page-header .account-signout"/>
     </section>
 </sections>

app/code/Magento/Backend/Test/Mftf/Test/AdminRedirectToStartupPageAfterLoginIfSecretKeyEnabledTest.xml

@@ -0,0 +1,57 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+ /**
+  * Copyright © Magento, Inc. All rights reserved.
+  * See COPYING.txt for license details.
+  */
+-->
+
+<tests xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+       xsi:noNamespaceSchemaLocation="urn:magento:mftf:Test/etc/testSchema.xsd">
+    <test name="AdminRedirectToStartupPageAfterLoginIfSecretKeyEnabledTest">
+        <annotations>
+            <features value="Backend"/>
+            <stories value="Login on the Admin Backend"/>
+            <title value="Admin should not be redirected to the requested page after login if secret key is enabled"/>
+            <description value="Admin should not be redirected to the requested page after login if secret key is enabled"/>
+            <severity value="AVERAGE"/>
+            <testCaseId value="AC-1145"/>
+            <useCaseId value="MC-43161"/>
+            <group value="backend"/>
+        </annotations>
+        <before>
+            <!-- Add Secret Key to URLs -->
+            <magentoCLI command="config:set admin/security/use_form_key 1" stepKey="enableUrlSecretKeys"/>
+            <actionGroup ref="AdminLoginActionGroup" stepKey="loginAsAdmin"/>
+        </before>
+        <after>
+            <magentoCLI command="config:set admin/security/use_form_key 0" stepKey="disableUrlSecretKeys"/>
+            <actionGroup ref="AdminLogoutActionGroup" stepKey="logoutFromAdmin"/>
+        </after>
+
+        <!-- Assert succesful login without any error message -->
+        <actionGroup ref="AdminAssertNoErrorMessageActionGroup" stepKey="dontSeeErrorMessage1"/>
+        <!-- Assert current page is dashboard -->
+        <seeCurrentUrlMatches regex="~\/admin\/dashboard\/~" stepKey="seeCurrentUrlMatchesDashboardUrl"/>
+        <!-- Navigate to web configuration -->
+        <actionGroup ref="AdminNavigateMenuActionGroup" stepKey="navigateToFindPartnersAndExtensions">
+            <argument name="menuUiId" value="magento-backend-stores"/>
+            <argument name="submenuUiId" value="magento-config-system-config"/>
+        </actionGroup>
+        <actionGroup ref="AdminOpenConfigNavItemActionGroup" stepKey="navigateToWebConfig">
+            <argument name="navItem" value="Web" />
+        </actionGroup>
+        <!-- Grab current URL -->
+        <grabFromCurrentUrl stepKey="webConfigurationUrl"/>
+        <!-- Logout -->
+        <actionGroup ref="AdminClickLogoutActionGroup" stepKey="logout2"/>
+        <!-- Login with directt url -->
+        <actionGroup ref="AdminLoginWithCustomUrlActionGroup" stepKey="loginAndRedirectToRequestedPage">
+            <argument name="customUrl" value="$webConfigurationUrl"/>
+        </actionGroup>
+        <!-- Assert succesful login without any error message -->
+        <actionGroup ref="AdminAssertNoErrorMessageActionGroup" stepKey="dontSeeErrorMessage2"/>
+        <!-- Assert current page is dashboard -->
+        <seeCurrentUrlMatches regex="~\/admin\/dashboard\/~" stepKey="seeCurrentUrlMatchesDashboardUrl2"/>
+    </test>
+</tests>