Issue #3253647 by phenaproxima, tedbow: Validate some Composer settings

406a607a · Adam G-H · 3f3e11c9 · 406a607a · 406a607a · 406a607a
Commit 406a607a authored 3 years ago by Adam G-H
--- a/automatic_updates.services.yml
+++ b/automatic_updates.services.yml
@@ -48,6 +48,12 @@ services:
      - '@package_manager.validator.composer_executable'
    tags:
      - { name: event_subscriber }
+  automatic_updates.validator.composer_settings:
+    class: Drupal\automatic_updates\Validator\PackageManagerReadinessCheck
+    arguments:
+      - '@package_manager.validator.composer_settings'
+    tags:
+      - { name: event_subscriber }
  automatic_updates.disk_space_validator:
    class: Drupal\automatic_updates\Validator\PackageManagerReadinessCheck
    arguments:

--- a/package_manager/package_manager.services.yml
+++ b/package_manager/package_manager.services.yml
@@ -118,6 +118,12 @@ services:
      - '@string_translation'
    tags:
      - { name: event_subscriber }
+  package_manager.validator.composer_settings:
+    class: Drupal\package_manager\EventSubscriber\ComposerSettingsValidator
+    arguments:
+      - '@string_translation'
+    tags:
+      - { name: event_subscriber }
  package_manager.excluded_paths_subscriber:
    class: Drupal\package_manager\EventSubscriber\ExcludedPathsSubscriber
    arguments:

--- a/package_manager/src/ComposerUtility.php
+++ b/package_manager/src/ComposerUtility.php
@@ -37,6 +37,16 @@ class ComposerUtility {
    $this->composer = $composer;
  }
+  /**
+   * Returns the underlying Composer instance.
+   *
+   * @return \Composer\Composer
+   *   The Composer instance.
+   */
+  public function getComposer(): Composer {
+    return $this->composer;
+  }
  /**
   * Creates a utility object using the files in a given directory.
   *

--- a/package_manager/src/EventSubscriber/ComposerSettingsValidator.php
+++ b/package_manager/src/EventSubscriber/ComposerSettingsValidator.php
+<?php
+namespace Drupal\package_manager\EventSubscriber;
+use Drupal\Core\StringTranslation\StringTranslationTrait;
+use Drupal\Core\StringTranslation\TranslationInterface;
+use Drupal\package_manager\Event\PreCreateEvent;
+use Drupal\package_manager\Event\PreOperationStageEvent;
+/**
+ * Validates certain Composer settings.
+ */
+class ComposerSettingsValidator implements PreOperationStageValidatorInterface {
+  use StringTranslationTrait;
+  /**
+   * Constructs a ComposerSettingsValidator object.
+   *
+   * @param \Drupal\Core\StringTranslation\TranslationInterface $translation
+   *   The string translation service.
+   */
+  public function __construct(TranslationInterface $translation) {
+    $this->setStringTranslation($translation);
+  }
+  /**
+   * {@inheritdoc}
+   */
+  public function validateStagePreOperation(PreOperationStageEvent $event): void {
+    $config = $event->getStage()
+      ->getActiveComposer()
+      ->getComposer()
+      ->getConfig();
+    if ($config->get('secure-http') !== TRUE) {
+      $event->addError([
+        $this->t('HTTPS must be enabled for Composer downloads. See <a href=":url">the Composer documentation</a> for more information.', [
+          ':url' => 'https://getcomposer.org/doc/06-config.md#secure-http',
+        ]),
+      ]);
+    }
+  }
+  /**
+   * {@inheritdoc}
+   */
+  public static function getSubscribedEvents() {
+    return [
+      PreCreateEvent::class => 'validateStagePreOperation',
+    ];
+  }
+}
--- a/package_manager/tests/src/Kernel/ComposerSettingsValidatorTest.php
+++ b/package_manager/tests/src/Kernel/ComposerSettingsValidatorTest.php
+<?php
+namespace Drupal\Tests\package_manager\Kernel;
+use Drupal\Component\Serialization\Json;
+use Drupal\Core\DependencyInjection\ContainerBuilder;
+use Drupal\package_manager\Exception\StageValidationException;
+use Drupal\package_manager\PathLocator;
+use Drupal\package_manager\ValidationResult;
+use org\bovigo\vfs\vfsStream;
+/**
+ * @covers \Drupal\package_manager\EventSubscriber\ComposerSettingsValidator
+ *
+ * @group package_manager
+ */
+class ComposerSettingsValidatorTest extends PackageManagerKernelTestBase {
+  /**
+   * {@inheritdoc}
+   */
+  protected function disableValidators(ContainerBuilder $container): void {
+    parent::disableValidators($container);
+    // Disable the disk space validator, since it tries to inspect the file
+    // system in ways that vfsStream doesn't support, like calling stat() and
+    // disk_free_space().
+    $container->removeDefinition('package_manager.validator.disk_space');
+    // Disable the lock file validator, since the mock file system we create in
+    // this test doesn't have any lock files to validate.
+    $container->removeDefinition('package_manager.validator.lock_file');
+  }
+  /**
+   * Data provider for ::testSecureHttpValidation().
+   *
+   * @return array[]
+   *   Sets of arguments to pass to the test method.
+   */
+  public function providerSecureHttpValidation(): array {
+    $error = ValidationResult::createError([
+      'HTTPS must be enabled for Composer downloads. See <a href="https://getcomposer.org/doc/06-config.md#secure-http">the Composer documentation</a> for more information.',
+    ]);
+    return [
+      'disabled' => [
+        Json::encode([
+          'config' => [
+            'secure-http' => FALSE,
+          ],
+        ]),
+        [$error],
+      ],
+      'explicitly enabled' => [
+        Json::encode([
+          'config' => [
+            'secure-http' => TRUE,
+          ],
+        ]),
+        [],
+      ],
+      'implicitly enabled' => [
+        '{}',
+        [],
+      ],
+    ];
+  }
+  /**
+   * Tests that Composer's secure-http setting is validated.
+   *
+   * @param string $contents
+   *   The contents of the composer.json file.
+   * @param \Drupal\package_manager\ValidationResult[] $expected_results
+   *   The expected validation results, if any.
+   *
+   * @dataProvider providerSecureHttpValidation
+   */
+  public function testSecureHttpValidation(string $contents, array $expected_results): void {
+    $file = vfsStream::newFile('composer.json')->setContent($contents);
+    $this->vfsRoot->addChild($file);
+    $active_dir = $this->vfsRoot->url();
+    $locator = $this->prophesize(PathLocator::class);
+    $locator->getActiveDirectory()->willReturn($active_dir);
+    $locator->getProjectRoot()->willReturn($active_dir);
+    $locator->getVendorDirectory()->willReturn($active_dir);
+    $this->container->set('package_manager.path_locator', $locator->reveal());
+    try {
+      $this->createStage()->create();
+      $this->assertSame([], $expected_results);
+    }
+    catch (StageValidationException $e) {
+      $this->assertValidationResultsEqual($expected_results, $e->getResults());
+    }
+  }
+}
--- a/package_manager/tests/src/Kernel/DiskSpaceValidatorTest.php
+++ b/package_manager/tests/src/Kernel/DiskSpaceValidatorTest.php
@@ -33,9 +33,11 @@ class DiskSpaceValidatorTest extends PackageManagerKernelTestBase {
  protected function disableValidators(ContainerBuilder $container): void {
    parent::disableValidators($container);
-    // Disable the lock file validator, since in this test we are validating an
+    // Disable the lock file and Composer settings validators, since in this
-    // imaginary file system which doesn't have any lock files.
+    // test we are validating an imaginary file system which doesn't have any
+    // Composer files.
    $container->removeDefinition('package_manager.validator.lock_file');
+    $container->removeDefinition('package_manager.validator.composer_settings');
  }
  /**

--- a/package_manager/tests/src/Kernel/LockFileValidatorTest.php
+++ b/package_manager/tests/src/Kernel/LockFileValidatorTest.php
@@ -45,6 +45,10 @@ class LockFileValidatorTest extends PackageManagerKernelTestBase {
    // system in ways that vfsStream doesn't support, like calling stat() and
    // disk_free_space().
    $container->removeDefinition('package_manager.validator.disk_space');
+    // Disable the Composer settings validator, since it tries to read Composer
+    // files that may not exist in this test.
+    $container->removeDefinition('package_manager.validator.composer_settings');
  }
  /**

--- a/package_manager/tests/src/Kernel/WritableFileSystemValidatorTest.php
+++ b/package_manager/tests/src/Kernel/WritableFileSystemValidatorTest.php
@@ -44,9 +44,11 @@ class WritableFileSystemValidatorTest extends PackageManagerKernelTestBase {
    // disk_free_space().
    $container->removeDefinition('package_manager.validator.disk_space');
-    // Disable the lock file validator, since the mock file system we create in
+    // Disable the lock file and Composer settings validators, since in this
-    // this test doesn't have any lock files to validate.
+    // test we are validating an imaginary file system which doesn't have any
+    // Composer files.
    $container->removeDefinition('package_manager.validator.lock_file');
+    $container->removeDefinition('package_manager.validator.composer_settings');
  }
  /**

--- a/tests/src/Kernel/ReadinessValidation/PackageManagerReadinessChecksTest.php
+++ b/tests/src/Kernel/ReadinessValidation/PackageManagerReadinessChecksTest.php
@@ -49,6 +49,7 @@ class PackageManagerReadinessChecksTest extends AutomaticUpdatesKernelTestBase {
      ['package_manager.validator.disk_space'],
      ['package_manager.validator.pending_updates'],
      ['package_manager.validator.file_system'],
+      ['package_manager.validator.composer_settings'],
    ];
  }