Contrib.social

Key file not loaded when Stream Wrapper is used for file location before Drupal bootstrap completes

Open on Drupal.org →
Created on 27 July 2022, over 2 years ago
Updated 18 April 2025, 8 days ago

Problem/Motivation

I have Key and Shield modules installed for a project and I want to use Shield with credentials stored outside the database (in a .key file). The configured .key file's location is set as "private://my_key_file.key" (stream wrapper is allowed here). When getKeyValue() is invoked (in src/Plugin/KeyProvider/FileKeyProvider.php), the key file gets checked for existence and readability. But it always returns FALSE since it can't recognise the path "private://..." (bootstrap still not loaded since this is HTTP Auth provided by Shield). When absolute path is used (like /var/www/files-private), it works. But I need the stream wrapper path for my case.

Steps to reproduce

Add a key in the Key module (Section "Type settings" > Key type > "User/password"; Section "Provider Settings" > Key provider > "File" and for "File location", add "private://..." or "public://..."), and use the same key when configuring Shield (Credentials > Credential Provider > "Key module (User/password)" and under "User/password", select your key).

Proposed resolution

We can get the file's real path by just adding \Drupal::service('file_system')->realpath($file) when the stream wrapper is used.

🐛 Bug report
Status

Needs work

Version

1.15

Component

Code

Created by

🇧🇬Bulgaria kmakaveev

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • First commit to issue fork.
  • Comment 3 days ago
    🇮🇳India rajeshreeputra Pune

    We can use the realpath() method of FileSystem.

    I have validated the MR changes with shield module and it work as expected. Hence requesting review.

  • Comment 3 days ago
    🇺🇸United States cmlara
    We can use the realpath() method of FileSystem.

    Given the following documentation of the API Method can you provide more justification?

        * The use of this method is discouraged, because it does not work for
     * remote URIs. Except in rare cases, URIs should not be manually resolved.
     *
     * Only use this function if you know that the stream wrapper in the URI uses
     * the local file system, and you need to pass an absolute path to a function
     * that is incompatible with stream URIs.
     *

    — FileSystemInterface::realpath()

    Does the key module know that a path is a local filesystem? Is this a rare case? If so why? Does the module need to pass an absolute path to a function? If so which function only accepts absolute paths?

  • Comment 1 day ago
    🇮🇳India ankitv18

    Minor suggestion ~~ Please check, moving into NW

  • Comment 1 day ago
    🇮🇳India rajeshreeputra Pune

    Hello @cmlara,

    I am currently experiencing an issue when provided file path located on a different server or outside the Drupal project scope, as it is returning an following error. Hence I mentioned that we can use the realpath() method of FileSystem.

    Could you please let me know if there's anything I'm missing that would enable me to provide a file path located on a different server or outside the Drupal project scope?

  • Comment 1 day ago
    🇺🇸United States cmlara

    Could you please let me know if there's anything I'm missing that would enable me to provide a file path located on a different server or outside the Drupal project scope?

    Using the S3fs module with the file at s3://test.txt would be an example that works key when this patch is not applied. Once this patch enforces realpath I would expect the following to no longer function.

    > file_put_contents('s3://test.txt', 'testkey');
= 7

> file_get_contents('s3://test.txt');
= "testkey"

> Drupal::service('key.repository')->getKey('s3key')->getKeyValue()
= "testkey"
  • Comment 1 day ago
    🇮🇳India rajeshreeputra Pune

    Hello @cmlara, updated to work with realpath, stream wrapper and remote urls. Could you please validate with s3 once. Will keep this in needs work status.

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024