MAGETWO-45465: CSRF not validated or regenerated in Magento

- fixed admin unable to login

Author: eddielau

app/code/Magento/Backend/Controller/Adminhtml/Auth/Login.php

@@ -6,13 +6,20 @@
  */
 namespace Magento\Backend\Controller\Adminhtml\Auth;
 
+use Magento\Backend\App\Area\FrontNameResolver;
+
 class Login extends \Magento\Backend\Controller\Adminhtml\Auth
 {
     /**
      * @var \Magento\Framework\View\Result\PageFactory
      */
     protected $resultPageFactory;
 
+    /**
+     * @var FrontNameResolver
+     */
+    protected $frontNameResolver;
+
     /**
      * Constructor
      *
@@ -21,9 +28,11 @@ class Login extends \Magento\Backend\Controller\Adminhtml\Auth
      */
     public function __construct(
         \Magento\Backend\App\Action\Context $context,
-        \Magento\Framework\View\Result\PageFactory $resultPageFactory
+        \Magento\Framework\View\Result\PageFactory $resultPageFactory,
+        FrontNameResolver $frontNameResolver
     ) {
         $this->resultPageFactory = $resultPageFactory;
+        $this->frontNameResolver = $frontNameResolver;
         parent::__construct($context);
     }
 
@@ -43,6 +52,14 @@ public function execute()
             $resultRedirect->setPath($this->_backendUrl->getStartupPageUrl());
             return $resultRedirect;
         }
-        return $this->resultPageFactory->create();
+
+        $requestUrl = $this->getRequest()->getUri();
+        $backendUrl = $this->getUrl('*');
+        // redirect according to rewrite rule
+        if ($requestUrl != $backendUrl) {
+            $this->_redirect('*');
+        } else {
+            return $this->resultPageFactory->create();
+        }
     }
 }