ImageStylesPathAndUrlTest.php

Same filename in other branches
  1. 8.9.x core/modules/image/tests/src/Functional/ImageStylesPathAndUrlTest.php
  2. 10 core/modules/image/tests/src/Functional/ImageStylesPathAndUrlTest.php
  3. 11.x core/modules/image/tests/src/Functional/ImageStylesPathAndUrlTest.php

Namespace

Drupal\Tests\image\Functional

File

core/modules/image/tests/src/Functional/ImageStylesPathAndUrlTest.php

View source
<?php

namespace Drupal\Tests\image\Functional;

use Drupal\Core\File\FileSystemInterface;
use Drupal\Core\StreamWrapper\StreamWrapperManager;
use Drupal\image\Entity\ImageStyle;
use Drupal\language\Entity\ConfigurableLanguage;
use Drupal\Tests\BrowserTestBase;
use Drupal\Tests\TestFileCreationTrait;

/**
 * Tests the functions for generating paths and URLs for image styles.
 *
 * @group image
 */
class ImageStylesPathAndUrlTest extends BrowserTestBase {
    use TestFileCreationTrait {
        getTestFiles as drupalGetTestFiles;
        compareFiles as drupalCompareFiles;
    }
    
    /**
     * Modules to enable.
     *
     * @var array
     */
    protected static $modules = [
        'image',
        'image_module_test',
        'language',
    ];
    
    /**
     * {@inheritdoc}
     */
    protected $defaultTheme = 'stark';
    
    /**
     * The image style.
     *
     * @var \Drupal\image\ImageStyleInterface
     */
    protected $style;
    
    /**
     * {@inheritdoc}
     */
    protected function setUp() : void {
        parent::setUp();
        $this->style = ImageStyle::create([
            'name' => 'style_foo',
            'label' => $this->randomString(),
        ]);
        $this->style
            ->save();
        // Create a new language.
        ConfigurableLanguage::createFromLangcode('fr')->save();
    }
    
    /**
     * Tests \Drupal\image\ImageStyleInterface::buildUri().
     */
    public function testImageStylePath() {
        $scheme = 'public';
        $actual = $this->style
            ->buildUri("{$scheme}://foo/bar.gif");
        $expected = "{$scheme}://styles/" . $this->style
            ->id() . "/{$scheme}/foo/bar.gif";
        $this->assertEquals($expected, $actual, 'Got the path for a file URI.');
        $actual = $this->style
            ->buildUri('foo/bar.gif');
        $expected = "{$scheme}://styles/" . $this->style
            ->id() . "/{$scheme}/foo/bar.gif";
        $this->assertEquals($expected, $actual, 'Got the path for a relative file path.');
    }
    
    /**
     * Tests an image style URL using the "public://" scheme.
     */
    public function testImageStyleUrlAndPathPublic() {
        $this->doImageStyleUrlAndPathTests('public');
    }
    
    /**
     * Tests an image style URL using the "private://" scheme.
     */
    public function testImageStyleUrlAndPathPrivate() {
        $this->doImageStyleUrlAndPathTests('private');
    }
    
    /**
     * Tests an image style URL with the "public://" scheme and unclean URLs.
     */
    public function testImageStyleUrlAndPathPublicUnclean() {
        $this->doImageStyleUrlAndPathTests('public', FALSE);
    }
    
    /**
     * Tests an image style URL with the "private://" schema and unclean URLs.
     */
    public function testImageStyleUrlAndPathPrivateUnclean() {
        $this->doImageStyleUrlAndPathTests('private', FALSE);
    }
    
    /**
     * Tests an image style URL with the "public://" schema and language prefix.
     */
    public function testImageStyleUrlAndPathPublicLanguage() {
        $this->doImageStyleUrlAndPathTests('public', TRUE, TRUE, 'fr');
    }
    
    /**
     * Tests an image style URL with the "private://" schema and language prefix.
     */
    public function testImageStyleUrlAndPathPrivateLanguage() {
        $this->doImageStyleUrlAndPathTests('private', TRUE, TRUE, 'fr');
    }
    
    /**
     * Tests an image style URL with a file URL that has an extra slash in it.
     */
    public function testImageStyleUrlExtraSlash() {
        $this->doImageStyleUrlAndPathTests('public', TRUE, TRUE);
    }
    
    /**
     * Tests that an invalid source image returns a 404.
     */
    public function testImageStyleUrlForMissingSourceImage() {
        $non_existent_uri = 'public://foo.png';
        $generated_url = $this->style
            ->buildUrl($non_existent_uri);
        $this->drupalGet($generated_url);
        $this->assertSession()
            ->statusCodeEquals(404);
    }
    
    /**
     * Tests building an image style URL.
     */
    public function doImageStyleUrlAndPathTests($scheme, $clean_url = TRUE, $extra_slash = FALSE, $langcode = FALSE) {
        $this->prepareRequestForGenerator($clean_url);
        // Make the default scheme neither "public" nor "private" to verify the
        // functions work for other than the default scheme.
        $this->config('system.file')
            ->set('default_scheme', 'temporary')
            ->save();
        // Create the directories for the styles.
        $directory = $scheme . '://styles/' . $this->style
            ->id();
        $status = \Drupal::service('file_system')->prepareDirectory($directory, FileSystemInterface::CREATE_DIRECTORY);
        $this->assertNotFalse($status, 'Created the directory for the generated images for the test style.');
        // Override the language to build the URL for the correct language.
        if ($langcode) {
            $language_manager = \Drupal::service('language_manager');
            $language = $language_manager->getLanguage($langcode);
            $language_manager->setConfigOverrideLanguage($language);
        }
        // Create a working copy of the file.
        $files = $this->drupalGetTestFiles('image');
        $file = array_shift($files);
        
        /** @var \Drupal\Core\File\FileSystemInterface $file_system */
        $file_system = \Drupal::service('file_system');
        $original_uri = $file_system->copy($file->uri, $scheme . '://', FileSystemInterface::EXISTS_RENAME);
        // Let the image_module_test module know about this file, so it can claim
        // ownership in hook_file_download().
        \Drupal::state()->set('image.test_file_download', $original_uri);
        $this->assertNotFalse($original_uri, 'Created the generated image file.');
        // Get the URL of a file that has not been generated and try to create it.
        $generated_uri = $this->style
            ->buildUri($original_uri);
        $this->assertFileDoesNotExist($generated_uri);
        $generate_url = $this->style
            ->buildUrl($original_uri, $clean_url);
        // Make sure that language prefix is never added to the image style URL.
        if ($langcode) {
            $this->assertStringNotContainsString("/{$langcode}/", $generate_url, 'Langcode was not found in the image style URL.');
        }
        // Ensure that the tests still pass when the file is generated by accessing
        // a poorly constructed (but still valid) file URL that has an extra slash
        // in it.
        if ($extra_slash) {
            $modified_uri = str_replace('://', ':///', $original_uri);
            $this->assertNotEquals($original_uri, $modified_uri, 'An extra slash was added to the generated file URI.');
            $generate_url = $this->style
                ->buildUrl($modified_uri, $clean_url);
        }
        if (!$clean_url) {
            $this->assertStringContainsString('index.php/', $generate_url, 'When using non-clean URLS, the system path contains the script name.');
        }
        // Add some extra chars to the token.
        $this->drupalGet(str_replace(IMAGE_DERIVATIVE_TOKEN . '=', IMAGE_DERIVATIVE_TOKEN . '=Zo', $generate_url));
        $this->assertSession()
            ->statusCodeEquals(404);
        // Change the parameter name so the token is missing.
        $this->drupalGet(str_replace(IMAGE_DERIVATIVE_TOKEN . '=', 'wrongparam=', $generate_url));
        $this->assertSession()
            ->statusCodeEquals(404);
        // Check that the generated URL is the same when we pass in a relative path
        // rather than a URI. We need to temporarily switch the default scheme to
        // match the desired scheme before testing this, then switch it back to the
        // "temporary" scheme used throughout this test afterwards.
        $this->config('system.file')
            ->set('default_scheme', $scheme)
            ->save();
        $relative_path = StreamWrapperManager::getTarget($original_uri);
        $generate_url_from_relative_path = $this->style
            ->buildUrl($relative_path, $clean_url);
        $this->assertEquals($generate_url, $generate_url_from_relative_path);
        $this->config('system.file')
            ->set('default_scheme', 'temporary')
            ->save();
        // Fetch the URL that generates the file.
        $this->drupalGet($generate_url);
        $this->assertSession()
            ->statusCodeEquals(200);
        $this->assertFileExists($generated_uri);
        // assertRaw can't be used with string containing non UTF-8 chars.
        $this->assertNotEmpty(file_get_contents($generated_uri), 'URL returns expected file.');
        $image = $this->container
            ->get('image.factory')
            ->get($generated_uri);
        $this->assertSession()
            ->responseHeaderEquals('Content-Type', $image->getMimeType());
        $this->assertSession()
            ->responseHeaderEquals('Content-Length', (string) $image->getFileSize());
        // Check that we did not download the original file.
        $original_image = $this->container
            ->get('image.factory')
            ->get($original_uri);
        $this->assertSession()
            ->responseHeaderNotEquals('Content-Length', (string) $original_image->getFileSize());
        if ($scheme == 'private') {
            $this->assertSession()
                ->responseHeaderEquals('Expires', 'Sun, 19 Nov 1978 05:00:00 GMT');
            // Check that Cache-Control header contains 'no-cache' to prevent caching.
            $this->assertSession()
                ->responseHeaderContains('Cache-Control', 'no-cache');
            $this->assertSession()
                ->responseHeaderEquals('X-Image-Owned-By', 'image_module_test');
            // Make sure that a second request to the already existing derivative
            // works too.
            $this->drupalGet($generate_url);
            $this->assertSession()
                ->statusCodeEquals(200);
            // Check that the second request also returned the generated image.
            $this->assertSession()
                ->responseHeaderEquals('Content-Length', (string) $image->getFileSize());
            // Check that we did not download the original file.
            $this->assertSession()
                ->responseHeaderNotEquals('Content-Length', (string) $original_image->getFileSize());
            // Make sure that access is denied for existing style files if we do not
            // have access.
            \Drupal::state()->delete('image.test_file_download');
            $this->drupalGet($generate_url);
            $this->assertSession()
                ->statusCodeEquals(403);
            // Repeat this with a different file that we do not have access to and
            // make sure that access is denied.
            $file_noaccess = array_shift($files);
            $original_uri_noaccess = $file_system->copy($file_noaccess->uri, $scheme . '://', FileSystemInterface::EXISTS_RENAME);
            $generated_uri_noaccess = $scheme . '://styles/' . $this->style
                ->id() . '/' . $scheme . '/' . $file_system->basename($original_uri_noaccess);
            $this->assertFileDoesNotExist($generated_uri_noaccess);
            $generate_url_noaccess = $this->style
                ->buildUrl($original_uri_noaccess);
            $this->drupalGet($generate_url_noaccess);
            $this->assertSession()
                ->statusCodeEquals(403);
            // Verify that images are not appended to the response.
            // Currently this test only uses PNG images.
            if (strpos($generate_url, '.png') === FALSE) {
                $this->fail('Confirming that private image styles are not appended require PNG file.');
            }
            else {
                // Check for PNG-Signature
                // (cf. http://www.libpng.org/pub/png/book/chapter08.html#png.ch08.div.2)
                // in the response body.
                $raw = $this->getSession()
                    ->getPage()
                    ->getContent();
                $this->assertStringNotContainsString(chr(137) . chr(80) . chr(78) . chr(71) . chr(13) . chr(10) . chr(26) . chr(10), $raw);
            }
        }
        else {
            $this->assertSession()
                ->responseHeaderEquals('Expires', 'Sun, 19 Nov 1978 05:00:00 GMT');
            $this->assertSession()
                ->responseHeaderNotContains('Cache-Control', 'no-cache');
            if ($clean_url) {
                // Add some extra chars to the token.
                $this->drupalGet(str_replace(IMAGE_DERIVATIVE_TOKEN . '=', IMAGE_DERIVATIVE_TOKEN . '=Zo', $generate_url));
                $this->assertSession()
                    ->statusCodeEquals(200);
            }
        }
        // Allow insecure image derivatives to be created for the remainder of this
        // test.
        $this->config('image.settings')
            ->set('allow_insecure_derivatives', TRUE)
            ->save();
        // Create another working copy of the file.
        $files = $this->drupalGetTestFiles('image');
        $file = array_shift($files);
        $original_uri = $file_system->copy($file->uri, $scheme . '://', FileSystemInterface::EXISTS_RENAME);
        // Let the image_module_test module know about this file, so it can claim
        // ownership in hook_file_download().
        \Drupal::state()->set('image.test_file_download', $original_uri);
        // Suppress the security token in the URL, then get the URL of a file that
        // has not been created and try to create it. Check that the security token
        // is not present in the URL but that the image is still accessible.
        $this->config('image.settings')
            ->set('suppress_itok_output', TRUE)
            ->save();
        $generated_uri = $this->style
            ->buildUri($original_uri);
        $this->assertFileDoesNotExist($generated_uri);
        $generate_url = $this->style
            ->buildUrl($original_uri, $clean_url);
        $this->assertStringNotContainsString(IMAGE_DERIVATIVE_TOKEN . '=', $generate_url, 'The security token does not appear in the image style URL.');
        $this->drupalGet($generate_url);
        $this->assertSession()
            ->statusCodeEquals(200);
        // Stop suppressing the security token in the URL.
        $this->config('image.settings')
            ->set('suppress_itok_output', FALSE)
            ->save();
        // Ensure allow_insecure_derivatives is enabled.
        $this->assertEquals(TRUE, $this->config('image.settings')
            ->get('allow_insecure_derivatives'));
        // Check that a security token is still required when generating a second
        // image derivative using the first one as a source.
        $nested_url = $this->style
            ->buildUrl($generated_uri, $clean_url);
        $matches_expected_url_format = (bool) preg_match('/styles\\/' . $this->style
            ->id() . '\\/' . $scheme . '\\/styles\\/' . $this->style
            ->id() . '\\/' . $scheme . '/', $nested_url);
        $this->assertTrue($matches_expected_url_format, "URL for a derivative of an image style matches expected format.");
        $nested_url_with_wrong_token = str_replace(IMAGE_DERIVATIVE_TOKEN . '=', 'wrongparam=', $nested_url);
        $this->drupalGet($nested_url_with_wrong_token);
        $this->assertSession()
            ->statusCodeEquals(404);
        // Check that this restriction cannot be bypassed by adding extra slashes
        // to the URL.
        $this->drupalGet(substr_replace($nested_url_with_wrong_token, '//styles/', strrpos($nested_url_with_wrong_token, '/styles/'), strlen('/styles/')));
        $this->assertSession()
            ->statusCodeEquals(404);
        $this->drupalGet(substr_replace($nested_url_with_wrong_token, '////styles/', strrpos($nested_url_with_wrong_token, '/styles/'), strlen('/styles/')));
        $this->assertSession()
            ->statusCodeEquals(404);
        // Make sure the image can still be generated if a correct token is used.
        $this->drupalGet($nested_url);
        $this->assertSession()
            ->statusCodeEquals(200);
        // Check that requesting a nonexistent image does not create any new
        // directories in the file system.
        $directory = $scheme . '://styles/' . $this->style
            ->id() . '/' . $scheme . '/' . $this->randomMachineName();
        $this->drupalGet(\Drupal::service('file_url_generator')->generateAbsoluteString($directory . '/' . $this->randomString()));
        $this->assertDirectoryDoesNotExist($directory);
    }

}

Classes

Title Deprecated Summary
ImageStylesPathAndUrlTest Tests the functions for generating paths and URLs for image styles.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.