|
Chris@0
|
1 <?php
|
|
Chris@0
|
2
|
|
Chris@0
|
3 namespace Drupal\image\Tests;
|
|
Chris@0
|
4
|
|
Chris@0
|
5 use Drupal\image\Entity\ImageStyle;
|
|
Chris@14
|
6 use Drupal\language\Entity\ConfigurableLanguage;
|
|
Chris@0
|
7 use Drupal\simpletest\WebTestBase;
|
|
Chris@0
|
8
|
|
Chris@0
|
9 /**
|
|
Chris@0
|
10 * Tests the functions for generating paths and URLs for image styles.
|
|
Chris@0
|
11 *
|
|
Chris@0
|
12 * @group image
|
|
Chris@0
|
13 */
|
|
Chris@0
|
14 class ImageStylesPathAndUrlTest extends WebTestBase {
|
|
Chris@0
|
15
|
|
Chris@0
|
16 /**
|
|
Chris@0
|
17 * Modules to enable.
|
|
Chris@0
|
18 *
|
|
Chris@0
|
19 * @var array
|
|
Chris@0
|
20 */
|
|
Chris@14
|
21 public static $modules = ['image', 'image_module_test', 'language'];
|
|
Chris@0
|
22
|
|
Chris@0
|
23 /**
|
|
Chris@14
|
24 * The image style.
|
|
Chris@14
|
25 *
|
|
Chris@0
|
26 * @var \Drupal\image\ImageStyleInterface
|
|
Chris@0
|
27 */
|
|
Chris@0
|
28 protected $style;
|
|
Chris@0
|
29
|
|
Chris@14
|
30 /**
|
|
Chris@14
|
31 * {@inheritdoc}
|
|
Chris@14
|
32 */
|
|
Chris@0
|
33 protected function setUp() {
|
|
Chris@0
|
34 parent::setUp();
|
|
Chris@0
|
35
|
|
Chris@14
|
36 $this->style = ImageStyle::create([
|
|
Chris@14
|
37 'name' => 'style_foo',
|
|
Chris@14
|
38 'label' => $this->randomString(),
|
|
Chris@14
|
39 ]);
|
|
Chris@0
|
40 $this->style->save();
|
|
Chris@14
|
41
|
|
Chris@14
|
42 // Create a new language.
|
|
Chris@14
|
43 ConfigurableLanguage::createFromLangcode('fr')->save();
|
|
Chris@0
|
44 }
|
|
Chris@0
|
45
|
|
Chris@0
|
46 /**
|
|
Chris@0
|
47 * Tests \Drupal\image\ImageStyleInterface::buildUri().
|
|
Chris@0
|
48 */
|
|
Chris@0
|
49 public function testImageStylePath() {
|
|
Chris@0
|
50 $scheme = 'public';
|
|
Chris@0
|
51 $actual = $this->style->buildUri("$scheme://foo/bar.gif");
|
|
Chris@0
|
52 $expected = "$scheme://styles/" . $this->style->id() . "/$scheme/foo/bar.gif";
|
|
Chris@0
|
53 $this->assertEqual($actual, $expected, 'Got the path for a file URI.');
|
|
Chris@0
|
54
|
|
Chris@0
|
55 $actual = $this->style->buildUri('foo/bar.gif');
|
|
Chris@0
|
56 $expected = "$scheme://styles/" . $this->style->id() . "/$scheme/foo/bar.gif";
|
|
Chris@0
|
57 $this->assertEqual($actual, $expected, 'Got the path for a relative file path.');
|
|
Chris@0
|
58 }
|
|
Chris@0
|
59
|
|
Chris@0
|
60 /**
|
|
Chris@0
|
61 * Tests an image style URL using the "public://" scheme.
|
|
Chris@0
|
62 */
|
|
Chris@0
|
63 public function testImageStyleUrlAndPathPublic() {
|
|
Chris@0
|
64 $this->doImageStyleUrlAndPathTests('public');
|
|
Chris@0
|
65 }
|
|
Chris@0
|
66
|
|
Chris@0
|
67 /**
|
|
Chris@0
|
68 * Tests an image style URL using the "private://" scheme.
|
|
Chris@0
|
69 */
|
|
Chris@0
|
70 public function testImageStyleUrlAndPathPrivate() {
|
|
Chris@0
|
71 $this->doImageStyleUrlAndPathTests('private');
|
|
Chris@0
|
72 }
|
|
Chris@0
|
73
|
|
Chris@0
|
74 /**
|
|
Chris@0
|
75 * Tests an image style URL with the "public://" scheme and unclean URLs.
|
|
Chris@0
|
76 */
|
|
Chris@0
|
77 public function testImageStyleUrlAndPathPublicUnclean() {
|
|
Chris@0
|
78 $this->doImageStyleUrlAndPathTests('public', FALSE);
|
|
Chris@0
|
79 }
|
|
Chris@0
|
80
|
|
Chris@0
|
81 /**
|
|
Chris@0
|
82 * Tests an image style URL with the "private://" schema and unclean URLs.
|
|
Chris@0
|
83 */
|
|
Chris@0
|
84 public function testImageStyleUrlAndPathPrivateUnclean() {
|
|
Chris@0
|
85 $this->doImageStyleUrlAndPathTests('private', FALSE);
|
|
Chris@0
|
86 }
|
|
Chris@0
|
87
|
|
Chris@0
|
88 /**
|
|
Chris@14
|
89 * Tests an image style URL with the "public://" schema and language prefix.
|
|
Chris@14
|
90 */
|
|
Chris@14
|
91 public function testImageStyleUrlAndPathPublicLanguage() {
|
|
Chris@14
|
92 $this->doImageStyleUrlAndPathTests('public', TRUE, TRUE, 'fr');
|
|
Chris@14
|
93 }
|
|
Chris@14
|
94
|
|
Chris@14
|
95 /**
|
|
Chris@14
|
96 * Tests an image style URL with the "private://" schema and language prefix.
|
|
Chris@14
|
97 */
|
|
Chris@14
|
98 public function testImageStyleUrlAndPathPrivateLanguage() {
|
|
Chris@14
|
99 $this->doImageStyleUrlAndPathTests('private', TRUE, TRUE, 'fr');
|
|
Chris@14
|
100 }
|
|
Chris@14
|
101
|
|
Chris@14
|
102 /**
|
|
Chris@0
|
103 * Tests an image style URL with a file URL that has an extra slash in it.
|
|
Chris@0
|
104 */
|
|
Chris@0
|
105 public function testImageStyleUrlExtraSlash() {
|
|
Chris@0
|
106 $this->doImageStyleUrlAndPathTests('public', TRUE, TRUE);
|
|
Chris@0
|
107 }
|
|
Chris@0
|
108
|
|
Chris@0
|
109 /**
|
|
Chris@0
|
110 * Tests that an invalid source image returns a 404.
|
|
Chris@0
|
111 */
|
|
Chris@0
|
112 public function testImageStyleUrlForMissingSourceImage() {
|
|
Chris@0
|
113 $non_existent_uri = 'public://foo.png';
|
|
Chris@0
|
114 $generated_url = $this->style->buildUrl($non_existent_uri);
|
|
Chris@0
|
115 $this->drupalGet($generated_url);
|
|
Chris@0
|
116 $this->assertResponse(404, 'Accessing an image style URL with a source image that does not exist provides a 404 error response.');
|
|
Chris@0
|
117 }
|
|
Chris@0
|
118
|
|
Chris@0
|
119 /**
|
|
Chris@0
|
120 * Tests building an image style URL.
|
|
Chris@0
|
121 */
|
|
Chris@14
|
122 public function doImageStyleUrlAndPathTests($scheme, $clean_url = TRUE, $extra_slash = FALSE, $langcode = FALSE) {
|
|
Chris@0
|
123 $this->prepareRequestForGenerator($clean_url);
|
|
Chris@0
|
124
|
|
Chris@0
|
125 // Make the default scheme neither "public" nor "private" to verify the
|
|
Chris@0
|
126 // functions work for other than the default scheme.
|
|
Chris@0
|
127 $this->config('system.file')->set('default_scheme', 'temporary')->save();
|
|
Chris@0
|
128
|
|
Chris@0
|
129 // Create the directories for the styles.
|
|
Chris@0
|
130 $directory = $scheme . '://styles/' . $this->style->id();
|
|
Chris@0
|
131 $status = file_prepare_directory($directory, FILE_CREATE_DIRECTORY);
|
|
Chris@0
|
132 $this->assertNotIdentical(FALSE, $status, 'Created the directory for the generated images for the test style.');
|
|
Chris@0
|
133
|
|
Chris@14
|
134 // Override the language to build the URL for the correct language.
|
|
Chris@14
|
135 if ($langcode) {
|
|
Chris@14
|
136 $language_manager = \Drupal::service('language_manager');
|
|
Chris@14
|
137 $language = $language_manager->getLanguage($langcode);
|
|
Chris@14
|
138 $language_manager->setConfigOverrideLanguage($language);
|
|
Chris@14
|
139 }
|
|
Chris@14
|
140
|
|
Chris@0
|
141 // Create a working copy of the file.
|
|
Chris@0
|
142 $files = $this->drupalGetTestFiles('image');
|
|
Chris@0
|
143 $file = array_shift($files);
|
|
Chris@0
|
144 $original_uri = file_unmanaged_copy($file->uri, $scheme . '://', FILE_EXISTS_RENAME);
|
|
Chris@0
|
145 // Let the image_module_test module know about this file, so it can claim
|
|
Chris@0
|
146 // ownership in hook_file_download().
|
|
Chris@0
|
147 \Drupal::state()->set('image.test_file_download', $original_uri);
|
|
Chris@0
|
148 $this->assertNotIdentical(FALSE, $original_uri, 'Created the generated image file.');
|
|
Chris@0
|
149
|
|
Chris@0
|
150 // Get the URL of a file that has not been generated and try to create it.
|
|
Chris@0
|
151 $generated_uri = $this->style->buildUri($original_uri);
|
|
Chris@0
|
152 $this->assertFalse(file_exists($generated_uri), 'Generated file does not exist.');
|
|
Chris@0
|
153 $generate_url = $this->style->buildUrl($original_uri, $clean_url);
|
|
Chris@0
|
154
|
|
Chris@14
|
155 // Make sure that language prefix is never added to the image style URL.
|
|
Chris@14
|
156 if ($langcode) {
|
|
Chris@14
|
157 $this->assertTrue(strpos($generate_url, "/$langcode/") === FALSE, 'Langcode was not found in the image style URL.');
|
|
Chris@14
|
158 }
|
|
Chris@14
|
159
|
|
Chris@0
|
160 // Ensure that the tests still pass when the file is generated by accessing
|
|
Chris@0
|
161 // a poorly constructed (but still valid) file URL that has an extra slash
|
|
Chris@0
|
162 // in it.
|
|
Chris@0
|
163 if ($extra_slash) {
|
|
Chris@0
|
164 $modified_uri = str_replace('://', ':///', $original_uri);
|
|
Chris@0
|
165 $this->assertNotEqual($original_uri, $modified_uri, 'An extra slash was added to the generated file URI.');
|
|
Chris@0
|
166 $generate_url = $this->style->buildUrl($modified_uri, $clean_url);
|
|
Chris@0
|
167 }
|
|
Chris@0
|
168 if (!$clean_url) {
|
|
Chris@0
|
169 $this->assertTrue(strpos($generate_url, 'index.php/') !== FALSE, 'When using non-clean URLS, the system path contains the script name.');
|
|
Chris@0
|
170 }
|
|
Chris@0
|
171 // Add some extra chars to the token.
|
|
Chris@0
|
172 $this->drupalGet(str_replace(IMAGE_DERIVATIVE_TOKEN . '=', IMAGE_DERIVATIVE_TOKEN . '=Zo', $generate_url));
|
|
Chris@0
|
173 $this->assertResponse(403, 'Image was inaccessible at the URL with an invalid token.');
|
|
Chris@0
|
174 // Change the parameter name so the token is missing.
|
|
Chris@0
|
175 $this->drupalGet(str_replace(IMAGE_DERIVATIVE_TOKEN . '=', 'wrongparam=', $generate_url));
|
|
Chris@0
|
176 $this->assertResponse(403, 'Image was inaccessible at the URL with a missing token.');
|
|
Chris@0
|
177
|
|
Chris@0
|
178 // Check that the generated URL is the same when we pass in a relative path
|
|
Chris@0
|
179 // rather than a URI. We need to temporarily switch the default scheme to
|
|
Chris@0
|
180 // match the desired scheme before testing this, then switch it back to the
|
|
Chris@0
|
181 // "temporary" scheme used throughout this test afterwards.
|
|
Chris@0
|
182 $this->config('system.file')->set('default_scheme', $scheme)->save();
|
|
Chris@0
|
183 $relative_path = file_uri_target($original_uri);
|
|
Chris@0
|
184 $generate_url_from_relative_path = $this->style->buildUrl($relative_path, $clean_url);
|
|
Chris@0
|
185 $this->assertEqual($generate_url, $generate_url_from_relative_path);
|
|
Chris@0
|
186 $this->config('system.file')->set('default_scheme', 'temporary')->save();
|
|
Chris@0
|
187
|
|
Chris@0
|
188 // Fetch the URL that generates the file.
|
|
Chris@0
|
189 $this->drupalGet($generate_url);
|
|
Chris@0
|
190 $this->assertResponse(200, 'Image was generated at the URL.');
|
|
Chris@0
|
191 $this->assertTrue(file_exists($generated_uri), 'Generated file does exist after we accessed it.');
|
|
Chris@0
|
192 $this->assertRaw(file_get_contents($generated_uri), 'URL returns expected file.');
|
|
Chris@0
|
193 $image = $this->container->get('image.factory')->get($generated_uri);
|
|
Chris@0
|
194 $this->assertEqual($this->drupalGetHeader('Content-Type'), $image->getMimeType(), 'Expected Content-Type was reported.');
|
|
Chris@0
|
195 $this->assertEqual($this->drupalGetHeader('Content-Length'), $image->getFileSize(), 'Expected Content-Length was reported.');
|
|
Chris@0
|
196
|
|
Chris@0
|
197 // Check that we did not download the original file.
|
|
Chris@14
|
198 $original_image = $this->container->get('image.factory')
|
|
Chris@14
|
199 ->get($original_uri);
|
|
Chris@0
|
200 $this->assertNotEqual($this->drupalGetHeader('Content-Length'), $original_image->getFileSize());
|
|
Chris@0
|
201
|
|
Chris@0
|
202 if ($scheme == 'private') {
|
|
Chris@0
|
203 $this->assertEqual($this->drupalGetHeader('Expires'), 'Sun, 19 Nov 1978 05:00:00 GMT', 'Expires header was sent.');
|
|
Chris@0
|
204 $this->assertNotEqual(strpos($this->drupalGetHeader('Cache-Control'), 'no-cache'), FALSE, 'Cache-Control header contains \'no-cache\' to prevent caching.');
|
|
Chris@0
|
205 $this->assertEqual($this->drupalGetHeader('X-Image-Owned-By'), 'image_module_test', 'Expected custom header has been added.');
|
|
Chris@0
|
206
|
|
Chris@0
|
207 // Make sure that a second request to the already existing derivative
|
|
Chris@0
|
208 // works too.
|
|
Chris@0
|
209 $this->drupalGet($generate_url);
|
|
Chris@0
|
210 $this->assertResponse(200, 'Image was generated at the URL.');
|
|
Chris@0
|
211
|
|
Chris@0
|
212 // Check that the second request also returned the generated image.
|
|
Chris@0
|
213 $this->assertEqual($this->drupalGetHeader('Content-Length'), $image->getFileSize());
|
|
Chris@0
|
214
|
|
Chris@0
|
215 // Check that we did not download the original file.
|
|
Chris@0
|
216 $this->assertNotEqual($this->drupalGetHeader('Content-Length'), $original_image->getFileSize());
|
|
Chris@0
|
217
|
|
Chris@0
|
218 // Make sure that access is denied for existing style files if we do not
|
|
Chris@0
|
219 // have access.
|
|
Chris@0
|
220 \Drupal::state()->delete('image.test_file_download');
|
|
Chris@0
|
221 $this->drupalGet($generate_url);
|
|
Chris@0
|
222 $this->assertResponse(403, 'Confirmed that access is denied for the private image style.');
|
|
Chris@0
|
223
|
|
Chris@0
|
224 // Repeat this with a different file that we do not have access to and
|
|
Chris@0
|
225 // make sure that access is denied.
|
|
Chris@0
|
226 $file_noaccess = array_shift($files);
|
|
Chris@0
|
227 $original_uri_noaccess = file_unmanaged_copy($file_noaccess->uri, $scheme . '://', FILE_EXISTS_RENAME);
|
|
Chris@0
|
228 $generated_uri_noaccess = $scheme . '://styles/' . $this->style->id() . '/' . $scheme . '/' . drupal_basename($original_uri_noaccess);
|
|
Chris@0
|
229 $this->assertFalse(file_exists($generated_uri_noaccess), 'Generated file does not exist.');
|
|
Chris@0
|
230 $generate_url_noaccess = $this->style->buildUrl($original_uri_noaccess);
|
|
Chris@0
|
231
|
|
Chris@0
|
232 $this->drupalGet($generate_url_noaccess);
|
|
Chris@0
|
233 $this->assertResponse(403, 'Confirmed that access is denied for the private image style.');
|
|
Chris@14
|
234 // Verify that images are not appended to the response.
|
|
Chris@14
|
235 // Currently this test only uses PNG images.
|
|
Chris@0
|
236 if (strpos($generate_url, '.png') === FALSE) {
|
|
Chris@0
|
237 $this->fail('Confirming that private image styles are not appended require PNG file.');
|
|
Chris@0
|
238 }
|
|
Chris@0
|
239 else {
|
|
Chris@14
|
240 // Check for PNG-Signature
|
|
Chris@14
|
241 // (cf. http://www.libpng.org/pub/png/book/chapter08.html#png.ch08.div.2)
|
|
Chris@14
|
242 // in the response body.
|
|
Chris@0
|
243 $this->assertNoRaw(chr(137) . chr(80) . chr(78) . chr(71) . chr(13) . chr(10) . chr(26) . chr(10), 'No PNG signature found in the response body.');
|
|
Chris@0
|
244 }
|
|
Chris@0
|
245 }
|
|
Chris@0
|
246 else {
|
|
Chris@0
|
247 $this->assertEqual($this->drupalGetHeader('Expires'), 'Sun, 19 Nov 1978 05:00:00 GMT', 'Expires header was sent.');
|
|
Chris@0
|
248 $this->assertEqual(strpos($this->drupalGetHeader('Cache-Control'), 'no-cache'), FALSE, 'Cache-Control header contains \'no-cache\' to prevent caching.');
|
|
Chris@0
|
249
|
|
Chris@0
|
250 if ($clean_url) {
|
|
Chris@0
|
251 // Add some extra chars to the token.
|
|
Chris@0
|
252 $this->drupalGet(str_replace(IMAGE_DERIVATIVE_TOKEN . '=', IMAGE_DERIVATIVE_TOKEN . '=Zo', $generate_url));
|
|
Chris@0
|
253 $this->assertResponse(200, 'Existing image was accessible at the URL with an invalid token.');
|
|
Chris@0
|
254 }
|
|
Chris@0
|
255 }
|
|
Chris@0
|
256
|
|
Chris@0
|
257 // Allow insecure image derivatives to be created for the remainder of this
|
|
Chris@0
|
258 // test.
|
|
Chris@14
|
259 $this->config('image.settings')
|
|
Chris@14
|
260 ->set('allow_insecure_derivatives', TRUE)
|
|
Chris@14
|
261 ->save();
|
|
Chris@0
|
262
|
|
Chris@0
|
263 // Create another working copy of the file.
|
|
Chris@0
|
264 $files = $this->drupalGetTestFiles('image');
|
|
Chris@0
|
265 $file = array_shift($files);
|
|
Chris@0
|
266 $original_uri = file_unmanaged_copy($file->uri, $scheme . '://', FILE_EXISTS_RENAME);
|
|
Chris@0
|
267 // Let the image_module_test module know about this file, so it can claim
|
|
Chris@0
|
268 // ownership in hook_file_download().
|
|
Chris@0
|
269 \Drupal::state()->set('image.test_file_download', $original_uri);
|
|
Chris@0
|
270
|
|
Chris@0
|
271 // Suppress the security token in the URL, then get the URL of a file that
|
|
Chris@0
|
272 // has not been created and try to create it. Check that the security token
|
|
Chris@0
|
273 // is not present in the URL but that the image is still accessible.
|
|
Chris@0
|
274 $this->config('image.settings')->set('suppress_itok_output', TRUE)->save();
|
|
Chris@0
|
275 $generated_uri = $this->style->buildUri($original_uri);
|
|
Chris@0
|
276 $this->assertFalse(file_exists($generated_uri), 'Generated file does not exist.');
|
|
Chris@0
|
277 $generate_url = $this->style->buildUrl($original_uri, $clean_url);
|
|
Chris@0
|
278 $this->assertIdentical(strpos($generate_url, IMAGE_DERIVATIVE_TOKEN . '='), FALSE, 'The security token does not appear in the image style URL.');
|
|
Chris@0
|
279 $this->drupalGet($generate_url);
|
|
Chris@0
|
280 $this->assertResponse(200, 'Image was accessible at the URL with a missing token.');
|
|
Chris@0
|
281
|
|
Chris@0
|
282 // Stop supressing the security token in the URL.
|
|
Chris@0
|
283 $this->config('image.settings')->set('suppress_itok_output', FALSE)->save();
|
|
Chris@0
|
284 // Ensure allow_insecure_derivatives is enabled.
|
|
Chris@14
|
285 $this->assertEqual($this->config('image.settings')
|
|
Chris@14
|
286 ->get('allow_insecure_derivatives'), TRUE);
|
|
Chris@0
|
287 // Check that a security token is still required when generating a second
|
|
Chris@0
|
288 // image derivative using the first one as a source.
|
|
Chris@0
|
289 $nested_url = $this->style->buildUrl($generated_uri, $clean_url);
|
|
Chris@0
|
290 $matches_expected_url_format = (boolean) preg_match('/styles\/' . $this->style->id() . '\/' . $scheme . '\/styles\/' . $this->style->id() . '\/' . $scheme . '/', $nested_url);
|
|
Chris@0
|
291 $this->assertTrue($matches_expected_url_format, "URL for a derivative of an image style matches expected format.");
|
|
Chris@0
|
292 $nested_url_with_wrong_token = str_replace(IMAGE_DERIVATIVE_TOKEN . '=', 'wrongparam=', $nested_url);
|
|
Chris@0
|
293 $this->drupalGet($nested_url_with_wrong_token);
|
|
Chris@0
|
294 $this->assertResponse(403, 'Image generated from an earlier derivative was inaccessible at the URL with a missing token.');
|
|
Chris@0
|
295 // Check that this restriction cannot be bypassed by adding extra slashes
|
|
Chris@0
|
296 // to the URL.
|
|
Chris@0
|
297 $this->drupalGet(substr_replace($nested_url_with_wrong_token, '//styles/', strrpos($nested_url_with_wrong_token, '/styles/'), strlen('/styles/')));
|
|
Chris@0
|
298 $this->assertResponse(403, 'Image generated from an earlier derivative was inaccessible at the URL with a missing token, even with an extra forward slash in the URL.');
|
|
Chris@0
|
299 $this->drupalGet(substr_replace($nested_url_with_wrong_token, '////styles/', strrpos($nested_url_with_wrong_token, '/styles/'), strlen('/styles/')));
|
|
Chris@0
|
300 $this->assertResponse(403, 'Image generated from an earlier derivative was inaccessible at the URL with a missing token, even with multiple forward slashes in the URL.');
|
|
Chris@0
|
301 // Make sure the image can still be generated if a correct token is used.
|
|
Chris@0
|
302 $this->drupalGet($nested_url);
|
|
Chris@0
|
303 $this->assertResponse(200, 'Image was accessible when a correct token was provided in the URL.');
|
|
Chris@0
|
304
|
|
Chris@0
|
305 // Check that requesting a nonexistent image does not create any new
|
|
Chris@0
|
306 // directories in the file system.
|
|
Chris@0
|
307 $directory = $scheme . '://styles/' . $this->style->id() . '/' . $scheme . '/' . $this->randomMachineName();
|
|
Chris@0
|
308 $this->drupalGet(file_create_url($directory . '/' . $this->randomString()));
|
|
Chris@0
|
309 $this->assertFalse(file_exists($directory), 'New directory was not created in the filesystem when requesting an unauthorized image.');
|
|
Chris@0
|
310 }
|
|
Chris@0
|
311
|
|
Chris@0
|
312 }
|
