Magento Extensions Rating 2024
Magento 2 Documentation  2.3
Documentation for Magento 2 CMS v2.3 (December 2018)
BackendValidator.php
Go to the documentation of this file.
1 <?php
7 declare(strict_types=1);
8 
9 namespace Magento\Backend\App\Request;
10 
11 use Magento\Backend\App\AbstractAction;
12 use Magento\Framework\App\ActionInterface;
13 use Magento\Framework\App\CsrfAwareActionInterface;
14 use Magento\Framework\App\Request\InvalidRequestException;
15 use Magento\Framework\App\Request\ValidatorInterface;
16 use Magento\Framework\App\RequestInterface;
17 use Magento\Backend\Model\Auth;
18 use Magento\Framework\App\Request\Http as HttpRequest;
19 use Magento\Framework\Controller\Result\RawFactory;
20 use Magento\Framework\Controller\Result\Raw as RawResult;
21 use Magento\Framework\Controller\Result\RedirectFactory;
22 use Magento\Framework\Data\Form\FormKey\Validator as FormKeyValidator;
23 use Magento\Backend\Model\UrlInterface as BackendUrl;
24 use Magento\Framework\Phrase;
25 
31 class BackendValidator implements ValidatorInterface
32 {
36  private $auth;
37 
41  private $formKeyValidator;
42 
46  private $backendUrl;
47 
51  private $redirectFactory;
52 
56  private $rawResultFactory;
57 
65  public function __construct(
66  Auth $auth,
67  FormKeyValidator $formKeyValidator,
68  BackendUrl $backendUrl,
69  RedirectFactory $redirectFactory,
70  RawFactory $rawResultFactory
71  ) {
72  $this->auth = $auth;
73  $this->formKeyValidator = $formKeyValidator;
74  $this->backendUrl = $backendUrl;
75  $this->redirectFactory = $redirectFactory;
76  $this->rawResultFactory = $rawResultFactory;
77  }
78 
85  private function validateRequest(
86  RequestInterface $request,
87  ActionInterface $action
88  ): bool {
90  $valid = null;
91 
92  if ($action instanceof CsrfAwareActionInterface) {
93  $valid = $action->validateForCsrf($request);
94  }
95 
96  if ($valid === null) {
97  $validFormKey = true;
98  $validSecretKey = true;
99  if ($request instanceof HttpRequest && $request->isPost()) {
100  $validFormKey = $this->formKeyValidator->validate($request);
101  } elseif ($this->auth->isLoggedIn()
102  && $this->backendUrl->useSecretKey()
103  ) {
104  $secretKeyValue = (string)$request->getParam(
105  BackendUrl::SECRET_KEY_PARAM_NAME,
106  null
107  );
108  $secretKey = $this->backendUrl->getSecretKey();
109  $validSecretKey = ($secretKeyValue === $secretKey);
110  }
111  $valid = $validFormKey && $validSecretKey;
112  }
113 
114  return $valid;
115  }
116 
123  private function createException(
124  RequestInterface $request,
125  ActionInterface $action
126  ): InvalidRequestException {
128  $exception = null;
129 
130  if ($action instanceof CsrfAwareActionInterface) {
131  $exception = $action->createCsrfValidationException($request);
132  }
133 
134  if ($exception === null) {
135  if ($request instanceof HttpRequest && $request->isAjax()) {
136  //Sending empty response for AJAX request since we don't know
137  //the expected response format and it's pointless to redirect.
139  $response = $this->rawResultFactory->create();
140  $response->setHttpResponseCode(401);
141  $response->setContents('');
142  $exception = new InvalidRequestException($response);
143  } else {
144  //For regular requests.
145  $response = $this->redirectFactory->create()
146  ->setUrl($this->backendUrl->getStartupPageUrl());
147  $exception = new InvalidRequestException(
148  $response,
149  [
150  new Phrase(
151  'Invalid security or form key. Please refresh the page.'
152  )
153  ]
154  );
155  }
156  }
157 
158  return $exception;
159  }
160 
164  public function validate(
165  RequestInterface $request,
166  ActionInterface $action
167  ): void {
168  if ($action instanceof AbstractAction) {
169  //Abstract Action has build-in validation.
170  if (!$action->_processUrlKeys()) {
171  throw new InvalidRequestException($action->getResponse());
172  }
173  } else {
174  //Fallback validation.
175  if (!$this->validateRequest($request, $action)) {
176  throw $this->createException($request, $action);
177  }
178  }
179  }
180 }
$response
$response
Definition: 404.php:11
elseif
elseif(isset( $params[ 'redirect_parent']))
Definition: iframe.phtml:17
Magento\Backend\App\Request\BackendValidator\validate
validate(RequestInterface $request, ActionInterface $action)
Definition: BackendValidator.php:164
$request
$request
Definition: quote_with_configurable_product_last_variation.php:22
Magento\Backend\App\Request\BackendValidator\__construct
__construct(Auth $auth, FormKeyValidator $formKeyValidator, BackendUrl $backendUrl, RedirectFactory $redirectFactory, RawFactory $rawResultFactory)
Definition: BackendValidator.php:65