fix(file-upldoad): Validate files in the correct order

Author: klausi

src/GraphQL/Utility/FileUpload.php

@@ -241,17 +241,20 @@ public function saveFileUpload(UploadedFile $uploaded_file, array $settings): Fi
       $file->setOwnerId($this->currentUser->id());
       $file->setFilename($prepared_filename);
       $file->setMimeType($this->mimeTypeGuesser->guess($prepared_filename));
-      $file->setFileUri($file_uri);
+      $file->setFileUri($temp_file_path);
       // Set the size. This is done in File::preSave() but we validate the file
       // before it is saved.
       $file->setSize(@filesize($temp_file_path));
 
-      // Validate the file entity against entity-level validation and
-      // field-level validators.
-      if (!$this->validate($file, $validators, $response)) {
+      // Validate against file_validate() first with the temporary path.
+      $errors = file_validate($file, $validators);
+
+      if (!empty($errors)) {
+        $response->addViolations($errors);
         return $response;
       }
 
+      $file->setFileUri($file_uri);
       // Move the file to the correct location after validation. Use
       // FileSystemInterface::EXISTS_ERROR as the file location has already been
       // determined above in FileSystem::getDestinationFilename().
@@ -269,6 +272,12 @@ public function saveFileUpload(UploadedFile $uploaded_file, array $settings): Fi
         return $response;
       }
 
+      // Validate the file entity against entity-level validation now after the
+      // file has moved.
+      if (!$this->validate($file, $validators, $response)) {
+        return $response;
+      }
+
       $file->save();
 
       $response->setFileEntity($file);
@@ -347,14 +356,6 @@ protected function validate(FileInterface $file, array $validators, FileUploadRe
       }
     }
 
-    // Validate the file based on the field definition configuration.
-    $errors = file_validate($file, $validators);
-
-    if (!empty($errors)) {
-      $response->addViolations($errors);
-      return FALSE;
-    }
-
     return TRUE;
   }
 

tests/modules/graphql_file_validate/graphql_file_validate.info.yml

@@ -0,0 +1,6 @@
+type: module
+name: GraphQL File Validate Test
+description: Tests hook_file_validate() on uploads.
+package: Testing
+core_version_requirement: ^8 || ^9
+hidden: TRUE

tests/modules/graphql_file_validate/graphql_file_validate.module

@@ -0,0 +1,17 @@
+<?php
+
+/**
+ * @file
+ * Test module for file validation.
+ */
+
+use Drupal\file\FileInterface;
+
+/**
+ * Implements hook_file_validate().
+ */
+function graphql_file_validate(FileInterface $file) {
+  if (!file_exists($file->getFileUri())) {
+    throw new \Exception('File does not exist during validation: ' . $file->getFileUri());
+  }
+}

tests/src/Kernel/Framework/UploadFileServiceTest.php

@@ -18,7 +18,7 @@ class UploadFileServiceTest extends GraphQLTestBase {
   /**
    * {@inheritdoc}
    */
-  protected static $modules = ['file'];
+  protected static $modules = ['file', 'graphql_file_validate'];
 
   /**
    * The FileUpload object we want to test, gets prepared in setUp().