Release 2.19.0 (#547)

* [GOVCMSD9-872] Configure securitytxt module * [GOVCMSD9-872] Grant "view securitytxt" permission to all users via govcms.install * [GOVCMSD9-872] Add default settings for securitytxt module * [GOVCMSD9-872] Fix bug for the module name in the status report. * [GOVCMSD9-609] Update tugboat with php version 8.1 * Remove composer requirement for php in tugboat configuration * Update drupal/address requirement from 1.10.0 to 1.11.0 (#539) Signed-off-by: dependabot[bot] <[email protected]> * Update GovCMS version in govcms.info.yml file for 2.19.0
govCMS · Aug 22, 2022 · 487bd3c · 487bd3c
1 parent 7657fdf
commit 487bd3c
Show file tree

Hide file tree

Showing 7 changed files with 110 additions and 3 deletions.
diff --git a/.tugboat/config.yml b/.tugboat/config.yml
@@ -4,7 +4,7 @@ services:
     image: tugboatqa/mysql:5
 
   app:
-    image: tugboatqa/php:7.4-apache
+    image: tugboatqa/php:8.1-apache
     # Set this as the default service. This does a few things
     #   1. Clones the git repository into the service container
     #   2. Exposes port 80 to the Tugboat HTTP proxy

diff --git a/composer.json b/composer.json
@@ -47,7 +47,7 @@
         "composer/installers": "^2.0",
         "cweagans/composer-patches": "^1.7",
         "dropzone/dropzone": "5.7.2",
-        "drupal/address": "1.10.0",
+        "drupal/address": "1.11.0",
         "drupal/admin_toolbar": "3.1.0",
         "drupal/adminimal_admin_toolbar": "1.11.0",
         "drupal/adminimal_theme": "1.6.0",

diff --git a/config/install/securitytxt.settings.yml b/config/install/securitytxt.settings.yml
@@ -0,0 +1,13 @@
+enabled: true
+contact_email: ''
+contact_phone: ''
+contact_page_url: 'https://www.govcms.gov.au/support/security/disclosure'
+encryption_public_key_url: ''
+policy_page_url: ''
+acknowledgement_page_url: ''
+signature_text: ''
+contact_url: ''
+encryption_key_url: ''
+policy_url: ''
+acknowledgement_url: ''
+
diff --git a/govcms.info.yml b/govcms.info.yml
@@ -3,7 +3,7 @@ type: profile
 description: 'A GovCMS Drupal Distribution for government and the public sector in Australia.'
 project: govcms
 core_version_requirement: ^9
-version: '2.18.0'
+version: '2.19.0'
 
 distribution:
   name: GovCMS

diff --git a/govcms.install b/govcms.install
@@ -8,6 +8,7 @@
 use Drupal\node\Entity\Node;
 use Drupal\shortcut\Entity\Shortcut;
 use Drupal\menu_link_content\Entity\MenuLinkContent;
+use Drupal\user\RoleInterface;
 
 /**
  * Define a default theme constant.
@@ -127,6 +128,22 @@ function govcms_install() {
       'use_default' => FALSE,
     ])
     ->save(TRUE);
+
+  // Grant the "view securitytxt" permission to all users by default.
+  // The Security Text module is a dependency of GovCMS Security module,
+  // which should be installed already at this point.
+  // govcms_security_update_9001() is doing the same thing as here.
+  // We might remove all updates for GovCMS 10.
+  // That is why we duplicated them here.
+  $module_handler = \Drupal::moduleHandler();
+  if ($module_handler->moduleExists('user') && $module_handler->moduleExists('securitytxt')) {
+    // Anonymous role.
+    user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, [
+      'view securitytxt']);
+    // Authenticated role.
+    user_role_grant_permissions(RoleInterface::AUTHENTICATED_ID, [
+      'view securitytxt']);
+  }
 }
 
 /**

diff --git a/modules/custom/core/govcms_security/govcms_security.info.yml b/modules/custom/core/govcms_security/govcms_security.info.yml
@@ -17,6 +17,7 @@ dependencies:
   - password_policy:password_policy_username
   - real_aes
   - seckit:seckit
+  - securitytxt
   - tfa
   - update_notifications_disable:update_notifications_disable
   - username_enumeration_prevention:username_enumeration_prevention
diff --git a/modules/custom/core/govcms_security/govcms_security.install b/modules/custom/core/govcms_security/govcms_security.install
@@ -4,3 +4,79 @@
  * @file
  * Contains install and update functions for the module.
  */
+use Drupal\user\RoleInterface;
+
+/**
+ * Issue GOVCMSD9-713: Grant 'view securitytxt' permission from security.txt module to all users.
+ */
+function govcms_security_update_9001() {
+  $module_handler = \Drupal::moduleHandler();
+  if ($module_handler) {
+    // We have to make sure the security text module is installed.
+    if (!($module_handler->moduleExists('securitytxt'))) {
+      // The Security Text module hasn't been installed,
+      // then we install that module here.
+      if (!(\Drupal::service('module_installer')->install(['securitytxt']))) {
+        // In case the Security Text module wasn't installed successfully,
+        // maybe due to that module doesn't exist in the file system.
+        // Here return a message to indicate that the critical module isn't installed.
+        return t('"security.txt" module has not been installed.');
+      }
+    }
+    // Grant the "view securitytxt" permission to all users by default.
+    if ($module_handler->moduleExists('user')) {
+      // Anonymous role.
+      user_role_grant_permissions(RoleInterface::ANONYMOUS_ID, [
+        'view securitytxt']);
+      // Authenticated role.
+      user_role_grant_permissions(RoleInterface::AUTHENTICATED_ID, [
+        'view securitytxt']);
+    }
+  }
+}
+
+/**
+ * Implements hook_requirements
+ */
+function govcms_security_requirements($phase) {
+  // We only check the requirements during the runtime.
+  if ($phase !== 'runtime') {
+    return [];
+  }
+
+  $requirements = [];
+
+  /* ************************************************************************ */
+  // Dependent modules.
+  /* ************************************************************************ */
+  // Warn if any dependent modules are not installed.
+  // @see system_requirements()
+  $info = \Drupal::service('extension.list.module')->getExtensionInfo('govcms_security');
+  $module_handler = \Drupal::moduleHandler();
+  $dependencies = $info['dependencies'] ?? [];
+  // Modules list that haven't been enabled.
+  $disabled_modules = [];
+
+  if (is_array($dependencies)) {
+    foreach ($dependencies as $dependency_name) {
+      // The dependency name could be {module}:{submodule}
+      // or {module}:{module}.
+      $project_module_name = explode(':', $dependency_name);
+      $module_name = $project_module_name[1] ?? $project_module_name[0];
+      // Check if the dependent module has been enabled.
+      if (!($module_handler->moduleExists($module_name))) {
+        $disabled_modules[] = $module_name;
+      }
+    }
+
+    if (!empty($disabled_modules)) {
+      $requirements['govcms_security_dependencies'] = [
+        'title' => t("GovCMS Security"),
+        'value' => t('GovCMS security dependency error. Following module must be enable for security reason.'),
+        'description' => t('%module_list', [
+          '%module_list' => implode(', ', $disabled_modules)]),
+        'severity' => REQUIREMENT_ERROR];
+    }
+  }
+  return $requirements;
+}