[#2198] Added support for ACME challenge in Shield.

[AlexSkrypnyk]

Closes #2198

Summary by CodeRabbit

Release Notes

• New Features

  • Added ACME challenge passthrough support, enabling Let's Encrypt HTTP-01 validation to work seamlessly with Shield authentication in development and local environments.

• Tests

  • Added comprehensive test cases covering ACME challenge scenarios, including enabled/disabled states, various configuration combinations, and proper credential handling.

[coderabbitai]

Walkthrough

This pull request adds support for Let's Encrypt ACME HTTP-01 challenge path passthrough in Drupal Shield, controlled via the DRUPAL_SHIELD_ALLOW_ACME_CHALLENGE environment variable, with corresponding comprehensive test coverage for various ACME configuration scenarios.

Changes

Cohort / File(s)	Summary
Shield ACME Configuration web/sites/default/includes/modules/settings.shield.php	Added environment-driven override to allow ACME challenge path (/.well-known/acme-challenge/*) for Let's Encrypt certificate generation when DRUPAL_SHIELD_ALLOW_ACME_CHALLENGE is set.
ACME Challenge Test Coverage tests/phpunit/Drupal/SwitchableSettingsTest.php	Added test cases to dataProviderShield covering ACME passthrough scenarios: enabled with environment variables, disabled (absent), and edge cases with empty/zero values; tests verify shield configuration, credentials, method, and path expectations.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Suggested labels

PR: Needs review

Poem

🐰 Let's Encrypt hops through the shield with glee,
/.well-known/acme-challenge/* set free,
Environment whispers "allow me through,"
Method zero, paths anew—certificates debut! 🔐

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title directly and clearly references issue #2198 and accurately describes the primary change: adding ACME challenge support to Shield configuration.
Linked Issues check	✅ Passed	The code changes successfully implement ACME challenge passthrough by configuring shield method and paths as specified in issue #2198, with comprehensive test coverage for various scenarios.
Out of Scope Changes check	✅ Passed	All changes are directly related to implementing ACME challenge support in Shield; no out-of-scope modifications detected.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/2198-Allow-ACME-challenge-shield

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Fix all issues with AI agents

In `@tests/phpunit/Drupal/SwitchableSettingsTest.php`:
- Around line 546-563: Add a PROD environment test case to the ACME passthrough
data set in SwitchableSettingsTest similar to the DEV/LOCAL entries: add an
array entry using self::ENVIRONMENT_PROD with DRUPAL_SHIELD_USER,
DRUPAL_SHIELD_PASS and DRUPAL_SHIELD_ALLOW_ACME_CHALLENGE=1 as the environment
input, and assert the expected 'shield.settings' output contains credentials
(['shield' => ['user' => 'drupal_shield_user','pass' => 'drupal_shield_pass']])
plus 'method' => 0 and 'paths' => '/.well-known/acme-challenge/*' but omit
'shield_enable' (since in PROD it is UI-managed); place this new case alongside
the existing ACME challenge entries so it gets exercised by the same data
provider used by the test methods.

[coderabbitai]

🧹 Nitpick | 🔵 Trivial

Consider adding a PROD environment test case for ACME passthrough.

The current tests cover DEV and LOCAL environments. Adding a PROD test case would verify ACME passthrough works correctly in production where shield_enable is typically managed through the UI rather than environment variables.

💡 Suggested test case for PROD environment

      [
        self::ENVIRONMENT_PROD,
        [
          'DRUPAL_SHIELD_USER' => 'drupal_shield_user',
          'DRUPAL_SHIELD_PASS' => 'drupal_shield_pass',
          'DRUPAL_SHIELD_ALLOW_ACME_CHALLENGE' => 1,
        ],
        [
          'shield.settings' => [
            'credentials' => ['shield' => ['user' => 'drupal_shield_user', 'pass' => 'drupal_shield_pass']],
            'method' => 0,
            'paths' => '/.well-known/acme-challenge/*',
          ],
        ],
      ],

🤖 Prompt for AI Agents

In `@tests/phpunit/Drupal/SwitchableSettingsTest.php` around lines 546 - 563, Add
a PROD environment test case to the ACME passthrough data set in
SwitchableSettingsTest similar to the DEV/LOCAL entries: add an array entry
using self::ENVIRONMENT_PROD with DRUPAL_SHIELD_USER, DRUPAL_SHIELD_PASS and
DRUPAL_SHIELD_ALLOW_ACME_CHALLENGE=1 as the environment input, and assert the
expected 'shield.settings' output contains credentials (['shield' => ['user' =>
'drupal_shield_user','pass' => 'drupal_shield_pass']]) plus 'method' => 0 and
'paths' => '/.well-known/acme-challenge/*' but omit 'shield_enable' (since in
PROD it is UI-managed); place this new case alongside the existing ACME
challenge entries so it gets exercised by the same data provider used by the
test methods.

[AlexSkrypnyk]

Code Coverage Report:
  2026-02-08 01:30:02

 Summary:
  Classes:  0.00% (0/1)
  Methods:  0.00% (0/2)
  Lines:   93.92% (170/181)

[github-actions]

Code Coverage Report:
  2026-02-08 01:30:55

 Summary:
  Classes:  0.00% (0/1)
  Methods:  0.00% (0/2)
  Lines:   93.92% (170/181)

[AlexSkrypnyk]

Code Coverage Report:
  2026-02-08 01:33:02

 Summary:
  Classes:  0.00% (0/1)
  Methods:  0.00% (0/2)
  Lines:   93.92% (170/181)

[AlexSkrypnyk]

Code Coverage Report:
  2026-02-08 01:33:09

 Summary:
  Classes:  0.00% (0/1)
  Methods:  0.00% (0/2)
  Lines:   93.92% (170/181)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 76.22%. Comparing base (47d41a0) to head (535f739).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2254      +/-   ##
==========================================
- Coverage   76.85%   76.22%   -0.63%     
==========================================
  Files         112      105       -7     
  Lines        5846     5687     -159     
  Branches       44        0      -44     
==========================================
- Hits         4493     4335     -158     
+ Misses       1353     1352       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.