Skip to content

Use route ID when creating secret keys in backend menus instead of route name #17650

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 10 commits into from
Sep 11, 2018
Merged

Use route ID when creating secret keys in backend menus instead of route name #17650

merged 10 commits into from
Sep 11, 2018

Conversation

lfolco
Copy link
Contributor

@lfolco lfolco commented Aug 16, 2018
edited
Loading

Description

If you use a different route ID and front name in the adminhtml/routes.xml file, you will get redirected to the dashboard when clicking on the menu link.

This is because the route front name is used to generate the secret key when creating the menu, and route ID is used to generate the secret key for key validation.

The method \Magento\Backend\Model\Url::getSecretKey() takes three parameters: route ID, action path, and action. When creating links for the menu, Magento\Backend\Block\Menu::_callbackSecretKey($match) is reading the URL paths from XML, which are using front names. I have injected \Magento\Framework\App\Route\ConfigInterface in order to use getRouteByFrontName($routeName) in order to get the proper route ID.

Fixed Issues (if relevant)

  1. Backend Security key broken for controllers with frontname not equal to route ID #7557: Backend Security key broken for controllers with front name not equal to route ID

Manual testing scenarios

  1. Create a module with an adminhtml/routes.xml file that has a different route ID and front name.
  2. Add an adminhtml/menu.xml file that uses the front name in the action attribute.
  3. Click on the new menu link; you will be taken to the correct admin page.

Contribution checklist

  • Pull request has a meaningful description of its purpose
  • All commits are accompanied by meaningful commit messages
  • All new or changed code is covered with unit/integration tests (if applicable)
  • All automated tests passed successfully (all builds on Travis CI are green)

@magento-cicd2
Copy link
Contributor

magento-cicd2 commented Aug 16, 2018
edited
Loading

CLA assistant check
All committers have signed the CLA.

@magento-engcom-team
Copy link
Contributor

Hi @lfolco. Thank you for your contribution
Here is some useful tips how you can test your changes using Magento test environment.
Add the comment under your pull request to deploy test or vanilla Magento instance:

  • @magento-engcom-team give me test instance - deploy test instance based on PR changes
  • @magento-engcom-team give me {$VERSION} instance - deploy vanilla Magento instance

For more details, please, review the Magento Contributor Assistant documentation

@miguelbalparda miguelbalparda self-assigned this Aug 17, 2018
@miguelbalparda
Copy link
Contributor

Thanks a lot Laura! I'll process this and let you know if we have any questions.

@magento-engcom-team magento-engcom-team added this to the Release: 2.3.0 milestone Aug 20, 2018
@magento-engcom-team
Copy link
Contributor

Hi @miguelbalparda, thank you for the review.
ENGCOM-2838 has been created to process this Pull Request

@magento-engcom-team
Copy link
Contributor

@lfolco thank you for contributing. Please accept Community Contributors team invitation here to gain extended permissions for this repository.

@sidolov sidolov self-assigned this Sep 3, 2018
sidolov
sidolov requested changes Sep 3, 2018
View reviewed changes
app/code/Magento/Backend/Block/Menu.php Outdated
@@ -92,6 +99,7 @@ public function __construct(
\Magento\Backend\Model\Auth\Session $authSession,
\Magento\Backend\Model\Menu\Config $menuConfig,
\Magento\Framework\Locale\ResolverInterface $localeResolver,
\Magento\Framework\App\Route\ConfigInterface $routeConfig,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please, inject new dependencies according to our Backward compatible development guide

@lfolco
Copy link
Contributor Author

lfolco commented Sep 4, 2018

Please check now, I have committed the requested changes.

@ishakhsuvarov ishakhsuvarov mentioned this pull request Sep 11, 2018
Closed
@magento-engcom-team magento-engcom-team merged commit af3507a into magento:2.3-develop Sep 11, 2018
magento-engcom-team pushed a commit that referenced this pull request Sep 11, 2018
ENGCOM-2838: Use route ID when creating secret keys in backend menus …
16b0e31 
…instead of route name #17650
@magento-engcom-team
Copy link
Contributor

Hi @lfolco. Thank you for your contribution.
We will aim to release these changes as part of 2.3.0.
Please check the release notes for final confirmation.

This was referenced Sep 11, 2018
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sidolov sidolov sidolov requested changes

@miguelbalparda miguelbalparda miguelbalparda approved these changes

Assignees

@miguelbalparda miguelbalparda

@sidolov sidolov

Labels
Award: bug fix Component: Backend Progress: accept Release Line: 2.3
Projects
None yet
Milestone
Release: 2.3.0
Development

Successfully merging this pull request may close these issues.
5 participants
@lfolco @magento-cicd2 @magento-engcom-team @miguelbalparda @sidolov