From 47f456da9730489ee1767cd4ff75b04d93fae19b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jo=C3=A3o=20Costa=20Silva?=
 <1574795+joaocsilva@users.noreply.github.com>
Date: Thu, 23 May 2024 18:41:28 +0200
Subject: [PATCH] DQA-9396: Component check not validating constraints (#772)

---
 src/Task/File/Process.php                     |  3 +-
 .../Commands/ComponentCheckCommands.php       | 88 +++++++++----------
 tests/fixtures/commands/component-check.yml   |  5 +-
 3 files changed, 47 insertions(+), 49 deletions(-)

diff --git a/src/Task/File/Process.php b/src/Task/File/Process.php
index 5739cb93b..80beffb2b 100644
--- a/src/Task/File/Process.php
+++ b/src/Task/File/Process.php
@@ -82,10 +82,9 @@ protected function loadContent()
     protected function extractTokens()
     {
         preg_match_all('/\${(([A-Za-z]([A-Za-z0-9_\-]+)?\.?)+)}/', $this->content, $matches);
-        if (isset($matches[0]) && !empty($matches[0]) && is_array($matches[0])) {
+        if (!empty($matches[0]) && is_array($matches[1])) {
             return array_combine($matches[0], $matches[1]);
         }
-
         return [];
     }
 
diff --git a/src/TaskRunner/Commands/ComponentCheckCommands.php b/src/TaskRunner/Commands/ComponentCheckCommands.php
index ccfcf217b..7fb71c418 100644
--- a/src/TaskRunner/Commands/ComponentCheckCommands.php
+++ b/src/TaskRunner/Commands/ComponentCheckCommands.php
@@ -784,12 +784,9 @@ protected function validateComponent(array $package)
         $config = $this->getConfig();
         $modules = $this->packageReviews;
         $packageName = $package['name'];
+        $isRestricted = isset($modules[$packageName]['restricted_use']) && $modules[$packageName]['restricted_use'] !== '0';
         $hasBeenQaEd = isset($modules[$packageName]);
-        $wasRejected = isset($modules[$packageName]['restricted_use']) && $modules[$packageName]['restricted_use'] !== '0';
-        $wasNotRejected = isset($modules[$packageName]['restricted_use']) && $modules[$packageName]['restricted_use'] === '0';
         $packageVersion = isset($package['extra']['drupal']['version']) ? explode('+', str_replace('8.x-', '', $package['extra']['drupal']['version']))[0] : $package['version'];
-        $allowedProjectTypes = !empty($modules[$packageName]['allowed_project_types']) ? $modules[$packageName]['allowed_project_types'] : '';
-        $allowedProfiles = !empty($modules[$packageName]['allowed_profiles']) ? $modules[$packageName]['allowed_profiles'] : '';
 
         // Exclude invalid.
         $packageVersion = in_array($packageVersion, $config->get('toolkit.invalid-versions')) ? $package['version'] : $packageVersion;
@@ -804,56 +801,57 @@ protected function validateComponent(array $package)
             $message = "Package $packageName:$packageVersion has not been reviewed by QA.";
             $messageType = 'Packages not reviewed:';
         }
-
-        // If module was rejected.
-        if ($hasBeenQaEd && $wasRejected) {
-            $projectId = $config->get('toolkit.project_id');
-            // Check if the module is allowed for this project id.
-            $allowedInProject = in_array($projectId, array_map('trim', explode(',', $modules[$packageName]['restricted_use'])));
-            if ($allowedInProject) {
-                $message = "The package $packageName is authorised for the project $projectId";
-                $messageType = 'Packages authorised:';
+        if ($hasBeenQaEd) {
+            // Validate package version against our constraints.
+            $constraints = ['whitelist' => false, 'blacklist' => true];
+            foreach ($constraints as $constraint => $result) {
+                $constraintValue = !empty($modules[$packageName][$constraint]) ? $modules[$packageName][$constraint] : null;
+                if (!is_null($constraintValue) && Semver::satisfies($packageVersion, $constraintValue) === $result) {
+                    $this->evaluationFailed = true;
+                    $message = "Package $packageName:$packageVersion does not meet the $constraint version constraint: $constraintValue.";
+                    $messageType = "Package's version constraints:";
+                }
             }
 
-            // Check if the module is allowed for this type of project.
-            if (!$allowedInProject && !empty($allowedProjectTypes)) {
-                $allowedProjectTypes = array_map('trim', explode(',', $allowedProjectTypes));
-                // Load the project from the website.
-                $project = Website::projectInformation($projectId);
-                if (in_array($project['type'], $allowedProjectTypes)) {
-                    $allowedInProject = true;
-                    $message = "The package $packageName is authorised for the type of project {$project['type']}";
+            if (empty($message) && $isRestricted) {
+                $projectId = $config->get('toolkit.project_id');
+                // Check if the module is allowed for this project id.
+                $allowedInProject = in_array($projectId, array_map('trim', explode(',', $modules[$packageName]['restricted_use'])));
+                if ($allowedInProject) {
+                    $message = "The package $packageName is authorised for the project $projectId";
                     $messageType = 'Packages authorised:';
                 }
-            }
 
-            // Check if the module is allowed for this profile.
-            if (!$allowedInProject && !empty($allowedProfiles)) {
-                $allowedProfiles = array_map('trim', explode(',', $allowedProfiles));
-                $profile = $this->getProjectProfile($projectId);
-                if (in_array($profile, $allowedProfiles)) {
-                    $allowedInProject = true;
-                    $message = "The package $packageName is authorised for the profile $profile";
-                    $messageType = 'Packages authorised:';
+                // Check if the module is allowed for this type of project.
+                $allowedProjectTypes = !empty($modules[$packageName]['allowed_project_types']) ? $modules[$packageName]['allowed_project_types'] : '';
+                if (!$allowedInProject && !empty($allowedProjectTypes)) {
+                    $allowedProjectTypes = array_map('trim', explode(',', $allowedProjectTypes));
+                    // Load the project from the website.
+                    $project = Website::projectInformation($projectId);
+                    if (in_array($project['type'], $allowedProjectTypes)) {
+                        $allowedInProject = true;
+                        $message = "The package $packageName is authorised for the type of project {$project['type']}";
+                        $messageType = 'Packages authorised:';
+                    }
                 }
-            }
 
-            // If module was not allowed in project.
-            if (!$allowedInProject) {
-                $this->evaluationFailed = true;
-                $message = "The use of $packageName:$packageVersion is {$modules[$packageName]['status']}.";
-                $messageType = 'Packages rejected/restricted:';
-            }
-        }
+                // Check if the module is allowed for this profile.
+                $allowedProfiles = !empty($modules[$packageName]['allowed_profiles']) ? $modules[$packageName]['allowed_profiles'] : '';
+                if (!$allowedInProject && !empty($allowedProfiles)) {
+                    $allowedProfiles = array_map('trim', explode(',', $allowedProfiles));
+                    $profile = $this->getProjectProfile($projectId);
+                    if (in_array($profile, $allowedProfiles)) {
+                        $allowedInProject = true;
+                        $message = "The package $packageName is authorised for the profile $profile";
+                        $messageType = 'Packages authorised:';
+                    }
+                }
 
-        if ($wasNotRejected) {
-            $constraints = ['whitelist' => false, 'blacklist' => true];
-            foreach ($constraints as $constraint => $result) {
-                $constraintValue = !empty($modules[$packageName][$constraint]) ? $modules[$packageName][$constraint] : null;
-                if (!is_null($constraintValue) && Semver::satisfies($packageVersion, $constraintValue) === $result) {
+                // If module was not allowed in project.
+                if (!$allowedInProject) {
                     $this->evaluationFailed = true;
-                    $message = "Package $packageName:$packageVersion does not meet the $constraint version constraint: $constraintValue.";
-                    $messageType = "Package's version constraints:";
+                    $message = "The use of $packageName:$packageVersion is {$modules[$packageName]['status']}.";
+                    $messageType = 'Packages rejected/restricted:';
                 }
             }
         }
diff --git a/tests/fixtures/commands/component-check.yml b/tests/fixtures/commands/component-check.yml
index 7392767be..5343de22b 100644
--- a/tests/fixtures/commands/component-check.yml
+++ b/tests/fixtures/commands/component-check.yml
@@ -55,10 +55,11 @@
 
         Packages rejected/restricted:
         The use of drupal/codesnippet:1.8 is restricted.
-        The use of drupal/github_connect:2.0.0-alpha1 is restricted.
         The use of drupal/responsive_tables_filter:1.17 is restricted.
         The use of drupal/restui:1.21 is rejected.
         In the case you want to use one of the modules listed as restricted, please open a ticket to Quality Assurance indicating the use case for evaluation and more information.
+        Package's version constraints:
+        Package drupal/github_connect:2.0.0-alpha1 does not meet the whitelist version constraint: ^1.0.
 
 
         Checking Development components.
@@ -369,7 +370,7 @@
     - touch: composer.json
     - file: composer.lock
       content: |
-        { "packages": [ { "name": "drupal/codesnippet", "type": "drupal-module", "version": "1.0.0" } ] }
+        { "packages": [ { "name": "drupal/codesnippet", "type": "drupal-module", "version": "1.8.0" } ] }
   expectations:
     - string_contains: The package drupal/codesnippet is authorised for the project digit-dqa