From 4357ea0cebbf584c4dbb75a145ff91ac293875bc Mon Sep 17 00:00:00 2001 From: Soumya Unnikrishnan <sunnikri@adobe.com> Date: Thu, 20 Jun 2019 10:06:14 -0500 Subject: [PATCH 1/2] MQE-1601: Move MTF utils out from Magento codebase --- dev/tests/functional/.htaccess.sample | 11 ----- dev/tests/functional/utils/command.php | 37 --------------- .../utils/deleteMagentoGeneratedCode.php | 22 --------- dev/tests/functional/utils/export.php | 42 ----------------- dev/tests/functional/utils/locales.php | 35 -------------- dev/tests/functional/utils/log.php | 30 ------------ dev/tests/functional/utils/pathChecker.php | 30 ------------ dev/tests/functional/utils/website.php | 47 ------------------- 8 files changed, 254 deletions(-) delete mode 100644 dev/tests/functional/.htaccess.sample delete mode 100644 dev/tests/functional/utils/command.php delete mode 100644 dev/tests/functional/utils/deleteMagentoGeneratedCode.php delete mode 100644 dev/tests/functional/utils/export.php delete mode 100644 dev/tests/functional/utils/locales.php delete mode 100644 dev/tests/functional/utils/log.php delete mode 100644 dev/tests/functional/utils/pathChecker.php delete mode 100644 dev/tests/functional/utils/website.php diff --git a/dev/tests/functional/.htaccess.sample b/dev/tests/functional/.htaccess.sample deleted file mode 100644 index 67c2f3fe2d027..0000000000000 --- a/dev/tests/functional/.htaccess.sample +++ /dev/null @@ -1,11 +0,0 @@ -############################################## -## Allow access to command.php, website.php, export.php, pathChecker.php, locales.php, deleteMagentoGeneratedCode.php and log.php - <FilesMatch "command.php|website.php|export.php|pathChecker.php|deleteMagentoGeneratedCode.php|log.php|locales.php"> - <IfVersion < 2.4> - order allow,deny - allow from all - </IfVersion> - <IfVersion >= 2.4> - Require all granted - </IfVersion> - </FilesMatch> diff --git a/dev/tests/functional/utils/command.php b/dev/tests/functional/utils/command.php deleted file mode 100644 index 9405f4ff7c4ca..0000000000000 --- a/dev/tests/functional/utils/command.php +++ /dev/null @@ -1,37 +0,0 @@ -<?php -/** - * Copyright © Magento, Inc. All rights reserved. - * See COPYING.txt for license details. - */ -// phpcs:ignore Magento2.Security.IncludeFile -include __DIR__ . '/authenticate.php'; -// phpcs:ignore Magento2.Security.IncludeFile -require_once __DIR__ . '/../../../../app/bootstrap.php'; - -use Symfony\Component\Console\Input\StringInput; -use Symfony\Component\Console\Output\NullOutput; - -// phpcs:ignore Magento2.Security.Superglobal -if (!empty($_POST['token']) && !empty($_POST['command'])) { - // phpcs:ignore Magento2.Security.Superglobal - if (authenticate(urldecode($_POST['token']))) { - // phpcs:ignore Magento2.Security.Superglobal - $command = urldecode($_POST['command']); - // phpcs:ignore Magento2.Security.Superglobal - $magentoObjectManagerFactory = \Magento\Framework\App\Bootstrap::createObjectManagerFactory(BP, $_SERVER); - // phpcs:ignore Magento2.Security.Superglobal - $magentoObjectManager = $magentoObjectManagerFactory->create($_SERVER); - $cli = $magentoObjectManager->create(\Magento\Framework\Console\Cli::class); - // phpcs:ignore Magento2.Functions.DiscouragedFunction - $input = new StringInput(escapeshellcmd($command)); - $input->setInteractive(false); - $output = new NullOutput(); - $cli->doRun($input, $output); - } else { - // phpcs:ignore Magento2.Security.LanguageConstruct - echo "Command not unauthorized."; - } -} else { - // phpcs:ignore Magento2.Security.LanguageConstruct - echo "'token' or 'command' parameter is not set."; -} diff --git a/dev/tests/functional/utils/deleteMagentoGeneratedCode.php b/dev/tests/functional/utils/deleteMagentoGeneratedCode.php deleted file mode 100644 index bd4ed828202e1..0000000000000 --- a/dev/tests/functional/utils/deleteMagentoGeneratedCode.php +++ /dev/null @@ -1,22 +0,0 @@ -<?php -/** - * Copyright © Magento, Inc. All rights reserved. - * See COPYING.txt for license details. - */ -// phpcs:ignore Magento2.Security.IncludeFile -include __DIR__ . '/authenticate.php'; - -// phpcs:ignore Magento2.Security.Superglobal -if (!empty($_POST['token']) && !empty($_POST['path'])) { - // phpcs:ignore Magento2.Security.Superglobal - if (authenticate(urldecode($_POST['token']))) { - // phpcs:ignore Magento2.Security.InsecureFunction - exec('rm -rf ../../../../generated/*'); - } else { - // phpcs:ignore Magento2.Security.LanguageConstruct - echo "Command not unauthorized."; - } -} else { - // phpcs:ignore Magento2.Security.LanguageConstruct - echo "'token' parameter is not set."; -} diff --git a/dev/tests/functional/utils/export.php b/dev/tests/functional/utils/export.php deleted file mode 100644 index df97c8db48406..0000000000000 --- a/dev/tests/functional/utils/export.php +++ /dev/null @@ -1,42 +0,0 @@ -<?php -/** - * Copyright © Magento, Inc. All rights reserved. - * See COPYING.txt for license details. - */ -// phpcs:ignore Magento2.Security.IncludeFile -include __DIR__ . '/authenticate.php'; - -// phpcs:ignore Magento2.Security.Superglobal -if (!empty($_POST['token']) && !empty($_POST['template'])) { - // phpcs:ignore Magento2.Security.Superglobal - if (authenticate(urldecode($_POST['token']))) { - $varDir = '../../../../var/export/'; - // phpcs:ignore Magento2.Security.Superglobal - $template = urldecode($_POST['template']); - // phpcs:ignore Magento2.Functions.DiscouragedFunction - $fileList = scandir($varDir, SCANDIR_SORT_NONE); - $files = []; - - foreach ($fileList as $fileName) { - if (preg_match("`$template`", $fileName) === 1) { - $filePath = $varDir . $fileName; - $files[] = [ - // phpcs:ignore Magento2.Functions.DiscouragedFunction - 'content' => file_get_contents($filePath), - 'name' => $fileName, - // phpcs:ignore Magento2.Functions.DiscouragedFunction - 'date' => filectime($filePath), - ]; - } - } - - // phpcs:ignore Magento2.Security.LanguageConstruct, Magento2.Security.InsecureFunction - echo serialize($files); - } else { - // phpcs:ignore Magento2.Security.LanguageConstruct - echo "Command not unauthorized."; - } -} else { - // phpcs:ignore Magento2.Security.LanguageConstruct - echo "'token' or 'template' parameter is not set."; -} diff --git a/dev/tests/functional/utils/locales.php b/dev/tests/functional/utils/locales.php deleted file mode 100644 index 40781ba8b68ec..0000000000000 --- a/dev/tests/functional/utils/locales.php +++ /dev/null @@ -1,35 +0,0 @@ -<?php -/** - * Copyright © Magento, Inc. All rights reserved. - * See COPYING.txt for license details. - */ -// phpcs:ignore Magento2.Security.IncludeFile -include __DIR__ . '/authenticate.php'; - -// phpcs:ignore Magento2.Security.Superglobal -if (!empty($_POST['token'])) { - // phpcs:ignore Magento2.Security.Superglobal - if (authenticate(urldecode($_POST['token']))) { - // phpcs:ignore Magento2.Security.Superglobal - if ($_POST['type'] == 'deployed') { - // phpcs:ignore Magento2.Security.Superglobal - $themePath = isset($_POST['theme_path']) ? $_POST['theme_path'] : 'adminhtml/Magento/backend'; - $directory = __DIR__ . '/../../../../pub/static/' . $themePath; - // phpcs:ignore Magento2.Functions.DiscouragedFunction - $locales = array_diff(scandir($directory), ['..', '.']); - } else { - // phpcs:ignore Magento2.Security.IncludeFile - require_once __DIR__ . DIRECTORY_SEPARATOR . 'bootstrap.php'; - $localeConfig = $magentoObjectManager->create(\Magento\Framework\Locale\Config::class); - $locales = $localeConfig->getAllowedLocales(); - } - // phpcs:ignore Magento2.Security.LanguageConstruct - echo implode('|', $locales); - } else { - // phpcs:ignore Magento2.Security.LanguageConstruct - echo "Command not unauthorized."; - } -} else { - // phpcs:ignore Magento2.Security.LanguageConstruct - echo "'token' parameter is not set."; -} diff --git a/dev/tests/functional/utils/log.php b/dev/tests/functional/utils/log.php deleted file mode 100644 index c07f52575504f..0000000000000 --- a/dev/tests/functional/utils/log.php +++ /dev/null @@ -1,30 +0,0 @@ -<?php -/** - * Copyright © Magento, Inc. All rights reserved. - * See COPYING.txt for license details. - */ -declare(strict_types=1); -// phpcs:ignore Magento2.Security.IncludeFile -include __DIR__ . '/authenticate.php'; - -// phpcs:ignore Magento2.Security.Superglobal -if (!empty($_POST['token']) && !empty($_POST['name'])) { - // phpcs:ignore Magento2.Security.Superglobal - if (authenticate(urldecode($_POST['token']))) { - // phpcs:ignore Magento2.Security.Superglobal - $name = urldecode($_POST['name']); - if (preg_match('/\.\.(\\\|\/)/', $name)) { - // phpcs:ignore Magento2.Exceptions.DirectThrow - throw new \InvalidArgumentException('Invalid log file name'); - } - - // phpcs:ignore Magento2.Security.InsecureFunction, Magento2.Functions.DiscouragedFunction, Magento2.Security.LanguageConstruct - echo serialize(file_get_contents('../../../../var/log' . '/' . $name)); - } else { - // phpcs:ignore Magento2.Security.LanguageConstruct - echo "Command not unauthorized."; - } -} else { - // phpcs:ignore Magento2.Security.LanguageConstruct - echo "'token' or 'name' parameter is not set."; -} diff --git a/dev/tests/functional/utils/pathChecker.php b/dev/tests/functional/utils/pathChecker.php deleted file mode 100644 index d4a59529fac44..0000000000000 --- a/dev/tests/functional/utils/pathChecker.php +++ /dev/null @@ -1,30 +0,0 @@ -<?php -/** - * Copyright © Magento, Inc. All rights reserved. - * See COPYING.txt for license details. - */ -// phpcs:ignore Magento2.Security.IncludeFile -include __DIR__ . '/authenticate.php'; - -// phpcs:ignore Magento2.Security.Superglobal -if (!empty($_POST['token']) && !empty($_POST['path'])) { - // phpcs:ignore Magento2.Security.Superglobal - if (authenticate(urldecode($_POST['token']))) { - // phpcs:ignore Magento2.Security.Superglobal - $path = urldecode($_POST['path']); - // phpcs:ignore Magento2.Functions.DiscouragedFunction - if (file_exists('../../../../' . $path)) { - // phpcs:ignore Magento2.Security.LanguageConstruct - echo 'path exists: true'; - } else { - // phpcs:ignore Magento2.Security.LanguageConstruct - echo 'path exists: false'; - } - } else { - // phpcs:ignore Magento2.Security.LanguageConstruct - echo "Command not unauthorized."; - } -} else { - // phpcs:ignore Magento2.Security.LanguageConstruct - echo "'token' or 'path' parameter is not set."; -} diff --git a/dev/tests/functional/utils/website.php b/dev/tests/functional/utils/website.php deleted file mode 100644 index 859b60785e49d..0000000000000 --- a/dev/tests/functional/utils/website.php +++ /dev/null @@ -1,47 +0,0 @@ -<?php -/** - * Copyright © Magento, Inc. All rights reserved. - * See COPYING.txt for license details. - */ -// phpcs:ignore Magento2.Security.IncludeFile -include __DIR__ . '/authenticate.php'; - -// phpcs:ignore Magento2.Security.Superglobal -if (!empty($_POST['token']) && !empty($_POST['website_code'])) { - // phpcs:ignore Magento2.Security.Superglobal - if (authenticate(urldecode($_POST['token']))) { - // phpcs:ignore Magento2.Security.Superglobal - $websiteCode = urldecode($_POST['website_code']); - $rootDir = '../../../../'; - $websiteDir = $rootDir . 'websites/' . $websiteCode . '/'; - // phpcs:ignore Magento2.Functions.DiscouragedFunction - $contents = file_get_contents($rootDir . 'index.php'); - - $websiteParam = <<<EOD -\$params = \$_SERVER; -\$params[\Magento\Store\Model\StoreManager::PARAM_RUN_CODE] = '$websiteCode'; -\$params[\Magento\Store\Model\StoreManager::PARAM_RUN_TYPE] = 'website'; -EOD; - - $pattern = '`(try {.*?)(\/app\/bootstrap.*?}\n)(.*?)\$_SERVER`mis'; - $replacement = "$1/../..$2\n$websiteParam$3\$params"; - - $contents = preg_replace($pattern, $replacement, $contents); - - $old = umask(0); - // phpcs:ignore Magento2.Functions.DiscouragedFunction - mkdir($websiteDir, 0760, true); - umask($old); - - // phpcs:ignore Magento2.Functions.DiscouragedFunction - copy($rootDir . '.htaccess', $websiteDir . '.htaccess'); - // phpcs:ignore Magento2.Functions.DiscouragedFunction - file_put_contents($websiteDir . 'index.php', $contents); - } else { - // phpcs:ignore Magento2.Security.LanguageConstruct - echo "Command not unauthorized."; - } -} else { - // phpcs:ignore Magento2.Security.LanguageConstruct - echo "'token' or 'website_code' parameter is not set."; -} From 08a9de5332f1bfc6bc470e7413e7b4d238b72384 Mon Sep 17 00:00:00 2001 From: Soumya Unnikrishnan <sunnikri@adobe.com> Date: Thu, 20 Jun 2019 14:01:46 -0500 Subject: [PATCH 2/2] MQE-1601: Move MTF utils out from Magento codebase moved authenticate.php to infra --- dev/tests/functional/utils/authenticate.php | 34 --------------------- 1 file changed, 34 deletions(-) delete mode 100644 dev/tests/functional/utils/authenticate.php diff --git a/dev/tests/functional/utils/authenticate.php b/dev/tests/functional/utils/authenticate.php deleted file mode 100644 index 958b692cbd385..0000000000000 --- a/dev/tests/functional/utils/authenticate.php +++ /dev/null @@ -1,34 +0,0 @@ -<?php -/** - * Copyright © Magento, Inc. All rights reserved. - * See COPYING.txt for license details. - */ - -/** - * Check if token passed in is a valid auth token. - * - * @param string $token - * @return bool - * - * phpcs:disable Squiz.Functions.GlobalFunction - */ -function authenticate($token) -{ - // phpcs:ignore Magento2.Security.IncludeFile - require_once __DIR__ . '/../../../../app/bootstrap.php'; - - // phpcs:ignore Magento2.Security.Superglobal - $magentoObjectManagerFactory = \Magento\Framework\App\Bootstrap::createObjectManagerFactory(BP, $_SERVER); - // phpcs:ignore Magento2.Security.Superglobal - $magentoObjectManager = $magentoObjectManagerFactory->create($_SERVER); - $tokenModel = $magentoObjectManager->get(\Magento\Integration\Model\Oauth\Token::class); - - $tokenPassedIn = $token; - // Token returned will be null if the token we passed in is invalid - $tokenFromMagento = $tokenModel->loadByToken($tokenPassedIn)->getToken(); - if (!empty($tokenFromMagento) && ($tokenFromMagento == $tokenPassedIn)) { - return true; - } else { - return false; - } -}