Code Coverage for /Users/ericduran/Sites/drupal/drupal/core/modules/image/src/Controller/ImageStyleDownloadController.php

	Code Coverage
	Classes and Traits			Functions and Methods				Lines
Total	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 3	CRAP	0.00% covered (danger)	0.00%	0 / 68
ImageStyleDownloadController	0.00% covered (danger)	0.00%	0 / 1	0.00% covered (danger)	0.00%	0 / 3	342	0.00% covered (danger)	0.00%	0 / 68
__construct				0.00% covered (danger)	0.00%	0 / 1	2	0.00% covered (danger)	0.00%	0 / 4
create				0.00% covered (danger)	0.00%	0 / 1	2	0.00% covered (danger)	0.00%	0 / 6
deliver				0.00% covered (danger)	0.00%	0 / 1	272	0.00% covered (danger)	0.00%	0 / 58

1	<?php
2
3	/**
4	* @file
5	* Contains \Drupal\image\Controller\ImageStyleDownloadController.
6	*/
7
8	namespace Drupal\image\Controller;
9
10	use Drupal\Component\Utility\Crypt;
11	use Drupal\Core\Image\ImageFactory;
12	use Drupal\Core\Lock\LockBackendInterface;
13	use Drupal\image\ImageStyleInterface;
14	use Drupal\system\FileDownloadController;
15	use Psr\Log\LoggerInterface;
16	use Symfony\Component\DependencyInjection\ContainerInterface;
17	use Symfony\Component\HttpFoundation\BinaryFileResponse;
18	use Symfony\Component\HttpFoundation\Request;
19	use Symfony\Component\HttpFoundation\Response;
20	use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
21	use Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException;
22
23	/**
24	* Defines a controller to serve image styles.
25	*/
26	class ImageStyleDownloadController extends FileDownloadController {
27
28	/**
29	* The lock backend.
30	*
31	* @var \Drupal\Core\Lock\LockBackendInterface
32	*/
33	protected $lock;
34
35	/**
36	* The image factory.
37	*
38	* @var \Drupal\Core\Image\ImageFactory
39	*/
40	protected $imageFactory;
41
42	/**
43	* A logger instance.
44	*
45	* @var \Psr\Log\LoggerInterface
46	*/
47	protected $logger;
48
49	/**
50	* Constructs a ImageStyleDownloadController object.
51	*
52	* @param \Drupal\Core\Lock\LockBackendInterface $lock
53	* The lock backend.
54	* @param \Drupal\Core\Image\ImageFactory $image_factory
55	* The image factory.
56	* @param \Psr\Log\LoggerInterface $logger
57	* A logger instance.
58	*/
59	public function __construct(LockBackendInterface $lock, ImageFactory $image_factory, LoggerInterface $logger) {
60	$this->lock = $lock;
61	$this->imageFactory = $image_factory;
62	$this->logger = $logger;
63	}
64
65	/**
66	* {@inheritdoc}
67	*/
68	public static function create(ContainerInterface $container) {
69	return new static(
70	$container->get('lock'),
71	$container->get('image.factory'),
72	$container->get('logger.factory')->get('image')
73	);
74	}
75
76	/**
77	* Generates a derivative, given a style and image path.
78	*
79	* After generating an image, transfer it to the requesting agent.
80	*
81	* @param \Symfony\Component\HttpFoundation\Request $request
82	* The request object.
83	* @param string $scheme
84	* The file scheme, defaults to 'private'.
85	* @param \Drupal\image\ImageStyleInterface $image_style
86	* The image style to deliver.
87	*
88	* @return \Symfony\Component\HttpFoundation\BinaryFileResponse\|\Symfony\Component\HttpFoundation\Response
89	* The transferred file as response or some error response.
90	*
91	* @throws \Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException
92	* Thrown when the user does not have access to the file.
93	* @throws \Symfony\Component\HttpKernel\Exception\ServiceUnavailableHttpException
94	* Thrown when the file is still being generated.
95	*/
96	public function deliver(Request $request, $scheme, ImageStyleInterface $image_style) {
97	$target = $request->query->get('file');
98	$image_uri = $scheme . '://' . $target;
99
100	// Check that the style is defined, the scheme is valid, and the image
101	// derivative token is valid. Sites which require image derivatives to be
102	// generated without a token can set the
103	// 'image.settings:allow_insecure_derivatives' configuration to TRUE to
104	// bypass the latter check, but this will increase the site's vulnerability
105	// to denial-of-service attacks. To prevent this variable from leaving the
106	// site vulnerable to the most serious attacks, a token is always required
107	// when a derivative of a style is requested.
108	// The $target variable for a derivative of a style has
109	// styles/<style_name>/... as structure, so we check if the $target variable
110	// starts with styles/.
111	$valid = !empty($image_style) && file_stream_wrapper_valid_scheme($scheme);
112	if (!$this->config('image.settings')->get('allow_insecure_derivatives') \|\| strpos(ltrim($target, '\/'), 'styles/') === 0) {
113	$valid &= $request->query->get(IMAGE_DERIVATIVE_TOKEN) === $image_style->getPathToken($image_uri);
114	}
115	if (!$valid) {
116	throw new AccessDeniedHttpException();
117	}
118
119	$derivative_uri = $image_style->buildUri($image_uri);
120	$headers = array();
121
122	// If using the private scheme, let other modules provide headers and
123	// control access to the file.
124	if ($scheme == 'private') {
125	if (file_exists($derivative_uri)) {
126	return parent::download($request, $scheme);
127	}
128	else {
129	$headers = $this->moduleHandler()->invokeAll('file_download', array($image_uri));
130	if (in_array(-1, $headers) \|\| empty($headers)) {
131	throw new AccessDeniedHttpException();
132	}
133	}
134	}
135
136	// Don't try to generate file if source is missing.
137	if (!file_exists($image_uri)) {
138	// If the image style converted the extension, it has been added to the
139	// original file, resulting in filenames like image.png.jpeg. So to find
140	// the actual source image, we remove the extension and check if that
141	// image exists.
142	$path_info = pathinfo($image_uri);
143	$converted_image_uri = $path_info['dirname'] . DIRECTORY_SEPARATOR . $path_info['filename'];
144	if (!file_exists($converted_image_uri)) {
145	$this->logger->notice('Source image at %source_image_path not found while trying to generate derivative image at %derivative_path.', array('%source_image_path' => $image_uri, '%derivative_path' => $derivative_uri));
146	return new Response($this->t('Error generating image, missing source file.'), 404);
147	}
148	else {
149	// The converted file does exist, use it as the source.
150	$image_uri = $converted_image_uri;
151	}
152	}
153
154	// Don't start generating the image if the derivative already exists or if
155	// generation is in progress in another thread.
156	$lock_name = 'image_style_deliver:' . $image_style->id() . ':' . Crypt::hashBase64($image_uri);
157	if (!file_exists($derivative_uri)) {
158	$lock_acquired = $this->lock->acquire($lock_name);
159	if (!$lock_acquired) {
160	// Tell client to retry again in 3 seconds. Currently no browsers are
161	// known to support Retry-After.
162	throw new ServiceUnavailableHttpException(3, $this->t('Image generation in progress. Try again shortly.'));
163	}
164	}
165
166	// Try to generate the image, unless another thread just did it while we
167	// were acquiring the lock.
168	$success = file_exists($derivative_uri) \|\| $image_style->createDerivative($image_uri, $derivative_uri);
169
170	if (!empty($lock_acquired)) {
171	$this->lock->release($lock_name);
172	}
173
174	if ($success) {
175	$image = $this->imageFactory->get($derivative_uri);
176	$uri = $image->getSource();
177	$headers += array(
178	'Content-Type' => $image->getMimeType(),
179	'Content-Length' => $image->getFileSize(),
180	);
181	// \Drupal\Core\EventSubscriber\FinishResponseSubscriber::onRespond()
182	// sets response as not cacheable if the Cache-Control header is not
183	// already modified. We pass in FALSE for non-private schemes for the
184	// $public parameter to make sure we don't change the headers.
185	return new BinaryFileResponse($uri, 200, $headers, $scheme !== 'private');
186	}
187	else {
188	$this->logger->notice('Unable to generate the derived image located at %path.', array('%path' => $derivative_uri));
189	return new Response($this->t('Error generating image.'), 500);
190	}
191	}
192
193	}