Security Suite Common 2.0

Api/RestrictInterface.php

@@ -41,5 +41,5 @@ public function getAllowedRanges();
      * Return true if IP restriction is enabled
      * @return bool
      */
-    public function getEnabled();
+    public function isEnabled();
 }

Command/RestrictIp.php

@@ -59,6 +59,9 @@ protected function configure()
         parent::configure();
     }
 
+    /**
+     * @SuppressWarnings("PHPMD.UnusedFormalParameter")
+     */
     protected function execute(InputInterface $input, OutputInterface $output)
     {
         $ranges = $input->getArgument('ip');

Model/Restrict.php

@@ -46,19 +46,19 @@ public function __construct(
 
     /**
      * Return true if IP is in range
-     * @param $ip
-     * @param $range
+     * @param string $ipAddress
+     * @param string $range
      * @return bool
      */
-    public function getIpInRange($ip, $range)
+    public function isIpInRange($ipAddress, $range)
     {
         if (strpos($range, '/') === false) {
             $range .= '/32';
         }
 
         list($range, $netmask) = explode('/', $range, 2);
         $rangeDecimal = ip2long($range);
-        $ipDecimal = ip2long($ip);
+        $ipDecimal = ip2long($ipAddress);
         $wildcardDecimal = pow(2, (32 - $netmask)) - 1;
         $netmaskDecimal = ~$wildcardDecimal;
 
@@ -67,14 +67,14 @@ public function getIpInRange($ip, $range)
 
     /**
      * Return true if IP is matched in a range list
-     * @param $ip
+     * @param string $ipAddress
      * @param array $ranges
      * @return bool
      */
-    public function getIpIsMatched($ip, array $ranges)
+    private function isMatchingIp($ipAddress, array $ranges)
     {
         foreach ($ranges as $range) {
-            if ($this->getIpInRange($ip, $range)) {
+            if ($this->isIpInRange($ipAddress, $range)) {
                 return true;
             }
         }
@@ -96,7 +96,7 @@ public function getAllowedRanges()
      * Return true if IP restriction is enabled
      * @return bool
      */
-    public function getEnabled()
+    public function isEnabled()
     {
         return (bool) $this->scopeConfig->getValue(RestrictInterface::XML_PATH_ENABLED);
     }
@@ -107,16 +107,16 @@ public function getEnabled()
      */
     public function isAllowed()
     {
-        if (!$this->getEnabled()) {
+        if (!$this->isEnabled()) {
             return true;
         }
 
-        $ip = $this->remoteAddress->getRemoteAddress();
+        $ipAddress = $this->remoteAddress->getRemoteAddress();
 
         $allowedRanges = $this->getAllowedRanges();
 
-        if (count($allowedRanges)) {
-            return $this->getIpIsMatched($ip, $allowedRanges);
+        if (!empty($allowedRanges)) {
+            return $this->isMatchingIp($ipAddress, $allowedRanges);
         }
 
         return true;

Plugin/AppInterfacePlugin.php

@@ -20,14 +20,13 @@
 
 namespace MSP\AdminRestriction\Plugin;
 
+use Magento\Framework\App\DeploymentConfig;
 use Magento\Framework\App\State;
 use Magento\Framework\AppInterface;
 use Magento\Framework\App\RequestInterface;
 use MSP\AdminRestriction\Api\RestrictInterface;
 use MSP\SecuritySuiteCommon\Api\LockDownInterface;
-use MSP\SecuritySuiteCommon\Api\LogManagementInterface;
-use Magento\Framework\Event\ManagerInterface as EventInterface;
-use MSP\SecuritySuiteCommon\Api\UtilsInterface;
+use MSP\SecuritySuiteCommon\Api\AlertInterface;
 
 class AppInterfacePlugin
 {
@@ -42,49 +41,90 @@ class AppInterfacePlugin
     private $state;
 
     /**
-     * @var EventInterface
+     * @var RestrictInterface
      */
-    private $event;
+    private $restrict;
 
     /**
-     * @var RestrictInterface
+     * @var LockDownInterface
      */
-    private $restrict;
+    private $lockDown;
 
     /**
-     * @var UtilsInterface
+     * @var DeploymentConfig
      */
-    private $utils;
+    private $deploymentConfig;
 
     /**
-     * @var LockDownInterface
+     * @var AlertInterface
      */
-    private $lockDown;
+    private $securitySuite;
 
     public function __construct(
         RequestInterface $request,
         State $state,
-        EventInterface $event,
         RestrictInterface $restrict,
-        UtilsInterface $utils,
+        DeploymentConfig $deploymentConfig,
+        AlertInterface $securitySuite,
         LockDownInterface $lockDown
     ) {
         $this->request = $request;
         $this->state = $state;
         $this->restrict = $restrict;
-        $this->event = $event;
-        $this->utils = $utils;
         $this->lockDown = $lockDown;
+        $this->deploymentConfig = $deploymentConfig;
+        $this->securitySuite = $securitySuite;
+    }
+
+    /**
+     * Return true if $uri is a backend URI
+     * @param string $uri
+     * @return bool
+     */
+    private function isBackendUri($uri = null)
+    {
+        $uri = $this->sanitizeUri($uri);
+
+        $backendConfigData = $this->deploymentConfig->getConfigData('backend');
+        $backendPath = $backendConfigData['frontName'];
+
+        // @codingStandardsIgnoreStart
+        $uri = parse_url($uri, PHP_URL_PATH);
+        // @codingStandardsIgnoreEnd
+
+        return (strpos($uri, "/$backendPath/") === 0) || preg_match("|/$backendPath$|", $uri);
     }
 
+    /**
+     * Get sanitized URI
+     * @param string $uri
+     * @return string
+     */
+    private function sanitizeUri($uri = null)
+    {
+        if ($uri === null) {
+            $uri = $this->request->getRequestUri();
+        }
+
+        $uri = filter_var($uri, FILTER_SANITIZE_URL);
+        $uri = preg_replace('|/+|', '/', $uri);
+        $uri = preg_replace('|^/.+?\.php|', '', $uri);
+
+        return $uri;
+    }
+
+    /**
+     * @SuppressWarnings("PHPMD.UnusedFormalParameter")
+     */
     public function aroundLaunch(AppInterface $subject, \Closure $proceed)
     {
-        if ($this->utils->isBackendUri()) {
+        if ($this->isBackendUri()) {
             if (!$this->restrict->isAllowed()) {
-                $this->event->dispatch(LogManagementInterface::EVENT_ACTIVITY, [
-                    'module' => 'MSP_AdminRestriction',
-                    'message' => 'Unauthorized access attempt',
-                ]);
+                $this->securitySuite->event(
+                    'MSP_AdminRestriction',
+                    'Unauthorized access attempt',
+                    AlertInterface::LEVEL_WARNING
+                );
 
                 $this->state->setAreaCode('frontend');
                 return $this->lockDown->doHttpLockdown(__('Unauthorized access attempt'));

Setup/UpgradeData.php

@@ -20,28 +20,48 @@
 
 namespace MSP\AdminRestriction\Setup;
 
+use Magento\Framework\App\Config\ScopeConfigInterface;
 use Magento\Framework\Setup\ModuleContextInterface;
 use Magento\Framework\Setup\ModuleDataSetupInterface;
 use Magento\Framework\Setup\UpgradeDataInterface;
-use MSP\SecuritySuiteCommon\Model\ConfigMigration;
 
 class UpgradeData implements UpgradeDataInterface
 {
     /**
-     * @var ConfigMigration
+     * @var ScopeConfigInterface
      */
-    private $configMigration;
+    private $scopeConfig;
 
     public function __construct(
-        ConfigMigration $configMigration
-    )
+        ScopeConfigInterface $scopeConfig
+    ) {
+        $this->scopeConfig = $scopeConfig;
+    }
+
+    /**
+     * Move config from srcPath to dstPath
+     * @param ModuleDataSetupInterface $setup
+     * @param string $srcPath
+     * @param string $dstPath
+     */
+    private function moveConfig(ModuleDataSetupInterface $setup, $srcPath, $dstPath)
     {
-        $this->configMigration = $configMigration;
+        $value = $this->scopeConfig->getValue($srcPath);
+
+        if (is_array($value)) {
+            foreach (array_keys($value) as $k) {
+                $this->moveConfig($setup, $srcPath . '/' . $k, $dstPath . '/' . $k);
+            }
+        } else {
+            $connection = $setup->getConnection();
+            $configData = $setup->getTable('core_config_data');
+            $connection->update($configData, ['path' => $dstPath], 'path='.$connection->quote($srcPath));
+        }
     }
 
-    protected function upgradeTo010200(ModuleDataSetupInterface $setup)
+    private function upgradeTo010200(ModuleDataSetupInterface $setup)
     {
-        $this->configMigration->doConfigMigration(
+        $this->moveConfig(
             $setup,
             'msp_securitysuite/adminrestriction',
             'msp_securitysuite_adminrestriction/general'

composer.json

@@ -3,7 +3,7 @@
     "description": "Magento2 Admin IP based restriction - Member of MageSpecialist SecuritySuite",
     "require": {
         "php": "^7.0|^7.1",
-        "msp/security-suite-common": ">=1.3",
+        "msp/security-suite-common": "^2.0",
         "magento/magento-composer-installer": "*"
     },
     "suggest": {

etc/adminhtml/system.xml

@@ -23,25 +23,29 @@
         xsi:noNamespaceSchemaLocation="urn:magento:module:Magento_Config:etc/system_file.xsd">
     <system>
 
-        <section id="msp_securitysuite_adminrestriction" translate="label" type="text" sortOrder="20" showInDefault="1" showInWebsite="1" showInStore="1">
+        <section id="msp_securitysuite_adminrestriction" translate="label" type="text" sortOrder="20" showInDefault="1"
+                 showInWebsite="1" showInStore="1">
             <class>separator-top</class>
             <label>Backend IP restriction</label>
             <tab>msp_securitysuite</tab>
             <resource>MSP_SecuritySuite::config</resource>
 
-            <group id="general" translate="label" type="text" sortOrder="0" showInDefault="1" showInWebsite="1" showInStore="1">
+            <group id="general" translate="label" type="text" sortOrder="0" showInDefault="1" showInWebsite="1"
+                   showInStore="1">
                 <label>General</label>
                 <comment><![CDATA[
                     <div class="msp_securitysuite-comment">
-                        This module is a memeber of <strong><a target="_blank" href="https://github.com/magespecialist/m2-MSP_Security_Suite">MageSpecialist Security Suite</a></strong>. <a target="_blank" href="https://github.com/magespecialist/m2-MSP_Security_Suite">Click here</a> to see all the Security Suite modules.<br />
+                        This module is a member of <strong><a target="_blank" href="https://github.com/magespecialist/m2-MSP_Security_Suite">MageSpecialist Security Suite</a></strong>. <a target="_blank" href="https://github.com/magespecialist/m2-MSP_Security_Suite">Click here</a> to see all the Security Suite modules.<br />
                         Source code, installation and configuration guide: <a target="_blank" href="https://github.com/magespecialist/m2-MSP_Security_Suite">https://github.com/magespecialist/m2-MSP_Security_Suite</a>.
                     </div>
                 ]]></comment>
-                <field id="enabled" translate="label" type="select" sortOrder="10" showInDefault="1" showInWebsite="0" showInStore="0">
+                <field id="enabled" translate="label" type="select" sortOrder="10" showInDefault="1" showInWebsite="0"
+                       showInStore="0">
                     <label>Enabled</label>
                     <source_model>Magento\Config\Model\Config\Source\Yesno</source_model>
                 </field>
-                <field id="authorized_ranges" translate="label comment" type="text" sortOrder="20" showInDefault="1" showInWebsite="0" showInStore="0">
+                <field id="authorized_ranges" translate="label comment" type="text" sortOrder="20" showInDefault="1"
+                       showInWebsite="0" showInStore="0">
                     <label>Authorized IP list</label>
                     <comment>(eg.: 192.168.1.10, 192.168.0.0/24)</comment>
                 </field>

etc/module.xml

@@ -21,7 +21,7 @@
 -->
 <config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
         xsi:noNamespaceSchemaLocation="urn:magento:framework:Module/etc/module.xsd">
-    <module name="MSP_AdminRestriction" setup_version="1.2.1">
+    <module name="MSP_AdminRestriction" setup_version="1.3.0">
         <sequence>
             <module name="MSP_SecuritySuiteCommon"/>
         </sequence>