Issue #2942769 by alexpott, Eli-T: Consolidate umami .htaccess files and testing

15393165 · Gábor Hojtsy · c57b1901 · 15393165 · c57b1901 · c57b1901
Commit 15393165 authored Feb 16, 2018 by Gábor Hojtsy
5 changed files
--- a/core/profiles/demo_umami/modules/demo_umami_content/default_content/article_body/.htaccess
+++ b/core/profiles/demo_umami/modules/demo_umami_content/default_content/article_body/.htaccess
--- a/core/profiles/demo_umami/modules/demo_umami_content/default_content/images/.htaccess
+++ b/core/profiles/demo_umami/modules/demo_umami_content/default_content/images/.htaccess
-# Deny all requests from Apache 2.4+.
-<IfModule mod_authz_core.c>
-  Require all denied
-</IfModule>
-
-# Deny all requests from Apache 2.0-2.2.
-<IfModule !mod_authz_core.c>
-  Deny from all
-</IfModule>
-# Turn off all options we don't need.
-Options None
-Options +FollowSymLinks
--- a/core/profiles/demo_umami/modules/demo_umami_content/default_content/recipe_instructions/.htaccess
+++ b/core/profiles/demo_umami/modules/demo_umami_content/default_content/recipe_instructions/.htaccess
-# Deny all requests from Apache 2.4+.
-<IfModule mod_authz_core.c>
-  Require all denied
-</IfModule>
-
-# Deny all requests from Apache 2.0-2.2.
-<IfModule !mod_authz_core.c>
-  Deny from all
-</IfModule>
-# Turn off all options we don't need.
-Options -Indexes -ExecCGI -Includes -MultiViews
--- a/core/profiles/demo_umami/modules/demo_umami_content/tests/src/Functional/DefaultContentFilesAccessTest.php
+++ b/core/profiles/demo_umami/modules/demo_umami_content/tests/src/Functional/DefaultContentFilesAccessTest.php
+<?php
+
+namespace Drupal\Tests\demo_umami_content\Functional;
+
+use Drupal\Tests\BrowserTestBase;
+
+/**
+ * Tests that files provided by demo_umami_content are not accessible.
+ *
+ * Note that this test only installs the testing profile because the Umami
+ * profile is not required for the test.
+ *
+ * @group demo_umami_content
+ */
+class DefaultContentFilesAccessTest extends BrowserTestBase {
+
+  /**
+   * Tests that sample images, recipes and articles are not accessible.
+   */
+  public function testAccessDeniedToFiles() {
+    $file_name = 'chocolate-brownie-umami.jpg';
+    $file_path = '/' . drupal_get_path('module', 'demo_umami_content') . '/default_content/images/' . $file_name;
+    $this->assertTrue(file_exists(DRUPAL_ROOT . $file_path));
+    $this->drupalGet($file_path);
+    $this->assertSession()->statusCodeEquals(403);
+
+    $file_name = 'chocolate-brownie-umami.html';
+    $file_path = '/' . drupal_get_path('module', 'demo_umami_content') . '/default_content/recipe_instructions/' . $file_name;
+    $this->assertTrue(file_exists(DRUPAL_ROOT . $file_path));
+    $this->drupalGet($file_path);
+    $this->assertSession()->statusCodeEquals(403);
+
+    $file_name = 'lets-hear-it-for-carrots.html';
+    $file_path = '/' . drupal_get_path('module', 'demo_umami_content') . '/default_content/article_body/' . $file_name;
+    $this->assertTrue(file_exists(DRUPAL_ROOT . $file_path));
+    $this->drupalGet($file_path);
+    $this->assertSession()->statusCodeEquals(403);
+
+    $file_name = 'articles.csv';
+    $file_path = '/' . drupal_get_path('module', 'demo_umami_content') . '/default_content/' . $file_name;
+    $this->assertTrue(file_exists(DRUPAL_ROOT . $file_path));
+    $this->drupalGet($file_path);
+    $this->assertSession()->statusCodeEquals(403);
+  }
+
+}
--- a/core/profiles/demo_umami/tests/src/Functional/DemoUmamiProfileTest.php
+++ b/core/profiles/demo_umami/tests/src/Functional/DemoUmamiProfileTest.php
@@ -163,37 +163,4 @@ public function testDemonstrationWarningMessage() {
    $web_assert->pageTextNotContains('This installation is for demonstration purposes only.');
  }

-  /**
-   * Tests that sample images are not accessible to the webserver.
-   */
-  public function testAccessDeniedToSampleImages() {
-    $file_name = 'chocolate-brownie-umami.jpg';
-    $file_path = '/' . drupal_get_path('module', 'demo_umami_content') . '/default_content/images/' . $file_name;
-    $this->assertTrue(file_exists(DRUPAL_ROOT . $file_path));
-    $this->drupalGet($file_path);
-    $this->assertSession()->statusCodeEquals(403);
-  }
-
-  /**
-   * Tests that sample recipes are not accessible to the webserver.
-   */
-  public function testAccessDeniedToSampleRecipes() {
-    $file_name = 'chocolate-brownie-umami.html';
-    $file_path = '/' . drupal_get_path('module', 'demo_umami_content') . '/default_content/recipe_instructions/' . $file_name;
-    $this->assertTrue(file_exists(DRUPAL_ROOT . $file_path));
-    $this->drupalGet($file_path);
-    $this->assertSession()->statusCodeEquals(403);
-  }
-
-  /**
-   * Tests that sample articles are not accessible to the webserver.
-   */
-  public function testAccessDeniedToSampleArticles() {
-    $file_name = 'lets-hear-it-for-carrots.html';
-    $file_path = '/' . drupal_get_path('module', 'demo_umami_content') . '/default_content/article_body/' . $file_name;
-    $this->assertTrue(file_exists(DRUPAL_ROOT . $file_path));
-    $this->drupalGet($file_path);
-    $this->assertSession()->statusCodeEquals(403);
-  }
-
 }