diff --git a/etc/config/command.php b/etc/config/command.php index b24bafd31..600025cf4 100644 --- a/etc/config/command.php +++ b/etc/config/command.php @@ -4,34 +4,51 @@ * See COPYING.txt for license details. */ -if (isset($_POST['command'])) { +require_once __DIR__ . '/../../../../app/bootstrap.php'; + +if (!empty($_POST['token']) && !empty($_POST['command'])) { + $magentoObjectManagerFactory = \Magento\Framework\App\Bootstrap::createObjectManagerFactory(BP, $_SERVER); + $magentoObjectManager = $magentoObjectManagerFactory->create($_SERVER); + $tokenModel = $magentoObjectManager->get(\Magento\Integration\Model\Oauth\Token::class); + + $tokenPassedIn = urldecode($_POST['token']); $command = urldecode($_POST['command']); - if (array_key_exists("arguments", $_POST)) { + + if (!empty($_POST['arguments'])) { $arguments = urldecode($_POST['arguments']); } else { $arguments = null; } - $php = PHP_BINDIR ? PHP_BINDIR . '/php' : 'php'; - $valid = validateCommand($command); - if ($valid) { - exec( - escapeCommand($php . ' -f ../../../../bin/magento ' . $command) . " $arguments" ." 2>&1", - $output, - $exitCode - ); - if ($exitCode == 0) { - http_response_code(202); + + // Token returned will be null if the token we passed in is invalid + $tokenFromMagento = $tokenModel->loadByToken($tokenPassedIn)->getToken(); + if (!empty($tokenFromMagento) && ($tokenFromMagento == $tokenPassedIn)) { + $php = PHP_BINDIR ? PHP_BINDIR . '/php' : 'php'; + $magentoBinary = $php . ' -f ../../../../bin/magento'; + $valid = validateCommand($magentoBinary, $command); + if ($valid) { + exec( + escapeCommand($magentoBinary . " $command" . " $arguments") . " 2>&1", + $output, + $exitCode + ); + if ($exitCode == 0) { + http_response_code(202); + } else { + http_response_code(500); + } + echo implode("\n", $output); } else { - http_response_code(500); + http_response_code(403); + echo "Given command not found valid in Magento CLI Command list."; } - echo implode("\n", $output); } else { - http_response_code(403); - echo "Given command not found valid in Magento CLI Command list."; + http_response_code(401); + echo("Command not unauthorized."); } } else { http_response_code(412); - echo("Command parameter is not set."); + echo("Required parameters are not set."); } /** @@ -55,13 +72,13 @@ function escapeCommand($command) /** * Checks magento list of CLI commands for given $command. Does not check command parameters, just base command. + * @param string $magentoBinary * @param string $command * @return bool */ -function validateCommand($command) +function validateCommand($magentoBinary, $command) { - $php = PHP_BINDIR ? PHP_BINDIR . '/php' : 'php'; - exec($php . ' -f ../../../../bin/magento list', $commandList); + exec($magentoBinary . ' list', $commandList); // Trim list of commands after first whitespace $commandList = array_map("trimAfterWhitespace", $commandList); return in_array(trimAfterWhitespace($command), $commandList); diff --git a/src/Magento/FunctionalTestingFramework/DataGenerator/Persist/Curl/WebapiExecutor.php b/src/Magento/FunctionalTestingFramework/DataGenerator/Persist/Curl/WebapiExecutor.php index 5eb877443..6aec3e58a 100644 --- a/src/Magento/FunctionalTestingFramework/DataGenerator/Persist/Curl/WebapiExecutor.php +++ b/src/Magento/FunctionalTestingFramework/DataGenerator/Persist/Curl/WebapiExecutor.php @@ -51,6 +51,13 @@ class WebapiExecutor extends AbstractExecutor implements CurlInterface */ private $storeCode; + /** + * Admin user auth token. + * + * @var string + */ + private $authToken; + /** * WebapiExecutor Constructor. * @@ -60,6 +67,7 @@ class WebapiExecutor extends AbstractExecutor implements CurlInterface public function __construct($storeCode = null) { $this->storeCode = $storeCode; + $this->authToken = null; $this->transport = new CurlTransport(); $this->authorize(); } @@ -88,7 +96,7 @@ public function getBaseUrl(): string } /** - * Returns the authorization token needed for some requests via REST call. + * Acquire and store the authorization token needed for REST requests. * * @return void * @throws TestFrameworkException @@ -102,10 +110,8 @@ protected function authorize() ]; $this->transport->write($authUrl, json_encode($authCreds), CurlInterface::POST, $this->headers); - $this->headers = array_merge( - ['Authorization: Bearer ' . str_replace('"', "", $this->read())], - $this->headers - ); + $this->authToken = str_replace('"', "", $this->read()); + $this->headers = array_merge(['Authorization: Bearer ' . $this->authToken], $this->headers); } /** @@ -178,4 +184,15 @@ public function getFormattedUrl($resource) $urlResult .= trim($resource, "/"); return $urlResult; } + + /** + * Return admin auth token. + * + * @throws TestFrameworkException + * @return string + */ + public function getAuthToken() + { + return $this->authToken; + } } diff --git a/src/Magento/FunctionalTestingFramework/Module/MagentoWebDriver.php b/src/Magento/FunctionalTestingFramework/Module/MagentoWebDriver.php index 452a40bde..a15ed757e 100644 --- a/src/Magento/FunctionalTestingFramework/Module/MagentoWebDriver.php +++ b/src/Magento/FunctionalTestingFramework/Module/MagentoWebDriver.php @@ -482,10 +482,12 @@ public function magentoCLI($command, $arguments = null) ); $apiURL = $baseUrl . '/' . ltrim(getenv('MAGENTO_CLI_COMMAND_PATH'), '/'); + $restExecutor = new WebapiExecutor(); $executor = new CurlTransport(); $executor->write( $apiURL, [ + 'token' => $restExecutor->getAuthToken(), getenv('MAGENTO_CLI_COMMAND_PARAMETER') => $command, 'arguments' => $arguments ], @@ -493,6 +495,7 @@ public function magentoCLI($command, $arguments = null) [] ); $response = $executor->read(); + $restExecutor->close(); $executor->close(); return $response; }