From 31c475373423a04ac23d7011f29abe06929be533 Mon Sep 17 00:00:00 2001 From: Daniel Bosen Date: Fri, 23 Sep 2022 11:17:13 +0200 Subject: [PATCH] fix(dataproducer): missing isRouted and access check (#1305) --- .github/workflows/testing.yml | 1 + .../DataProducer/Routing/RouteLoad.php | 14 ++--- tests/src/Kernel/DataProducer/RoutingTest.php | 57 +++++++++++++++++++ 3 files changed, 65 insertions(+), 7 deletions(-) diff --git a/.github/workflows/testing.yml b/.github/workflows/testing.yml index 78b865775..c268d90e9 100644 --- a/.github/workflows/testing.yml +++ b/.github/workflows/testing.yml @@ -85,6 +85,7 @@ jobs: run: composer --no-interaction --no-progress require \ webonyx/graphql-php:^14.8 \ drupal/typed_data:^1.0 \ + drupal/redirect:^1.0 \ phpstan/phpstan:^1.7.14 \ mglaman/phpstan-drupal:^1.1.2 \ phpstan/phpstan-deprecation-rules:^1.0.0 \ diff --git a/src/Plugin/GraphQL/DataProducer/Routing/RouteLoad.php b/src/Plugin/GraphQL/DataProducer/Routing/RouteLoad.php index 6b40a1ad8..48d7ad204 100644 --- a/src/Plugin/GraphQL/DataProducer/Routing/RouteLoad.php +++ b/src/Plugin/GraphQL/DataProducer/Routing/RouteLoad.php @@ -95,15 +95,15 @@ public function __construct( * @return \Drupal\Core\Url|null */ public function resolve($path, RefinableCacheableDependencyInterface $metadata) { - if ($this->redirectRepository) { - /** @var \Drupal\redirect\Entity\Redirect|null $redirect */ - $redirect = $this->redirectRepository->findMatchingRedirect($path, []); - if ($redirect) { - return $redirect->getRedirectUrl(); - } + $redirect = $this->redirectRepository ? $this->redirectRepository->findMatchingRedirect($path, []) : NULL; + if ($redirect !== NULL) { + $url = $redirect->getRedirectUrl(); + } + else { + $url = $this->pathValidator->getUrlIfValidWithoutAccessCheck($path); } - if (($url = $this->pathValidator->getUrlIfValidWithoutAccessCheck($path)) && $url->isRouted() && $url->access()) { + if ($url && $url->isRouted() && $url->access()) { return $url; } diff --git a/tests/src/Kernel/DataProducer/RoutingTest.php b/tests/src/Kernel/DataProducer/RoutingTest.php index 718534284..d20ee1b1f 100644 --- a/tests/src/Kernel/DataProducer/RoutingTest.php +++ b/tests/src/Kernel/DataProducer/RoutingTest.php @@ -2,6 +2,8 @@ namespace Drupal\Tests\graphql\Kernel\DataProducer; +use Drupal\node\Entity\Node; +use Drupal\node\Entity\NodeType; use Drupal\Tests\graphql\Kernel\GraphQLTestBase; /** @@ -11,6 +13,25 @@ */ class RoutingTest extends GraphQLTestBase { + /** + * {@inheritdoc} + */ + protected static $modules = [ + 'redirect', + 'views', + 'path_alias', + ]; + + /** + * {@inheritdoc} + */ + public function setUp(): void { + parent::setUp(); + + $this->installEntitySchema('redirect'); + $this->installConfig(['redirect']); + } + /** * @covers \Drupal\graphql\Plugin\GraphQL\DataProducer\Routing\RouteLoad::resolve */ @@ -21,6 +42,42 @@ public function testRouteLoad(): void { $this->assertNotNull($result); $this->assertEquals('user.logout', $result->getRouteName()); + + // Test route_load with redirect to an internal URL. + NodeType::create([ + 'type' => 'test', + 'name' => 'Test', + ])->save(); + $node = Node::create([ + 'title' => 'Node', + 'type' => 'test', + ]); + $node->save(); + $nodeUrl = $node->toUrl()->toString(); + + /** @var \Drupal\redirect\Entity\Redirect $redirect */ + $redirect = $this->container->get('entity_type.manager')->getStorage('redirect')->create(); + $redirect->setSource('internal-url'); + $redirect->setRedirect($nodeUrl); + $redirect->save(); + + /** @var \Drupal\Core\Url $result */ + $result = $this->executeDataProducer('route_load', [ + 'path' => 'internal-url', + ]); + + $this->assertNotNull($result); + $this->assertEquals($nodeUrl, $result->toString()); + + $redirect->setSource('external-url'); + $redirect->setRedirect('https://example.com'); + $redirect->save(); + + $result = $this->executeDataProducer('route_load', [ + 'path' => 'external-url', + ]); + + $this->assertNull($result, 'Route to external URL should not be found.'); } /**