RequestValidationSubscriber::validateJsonAgainstSchema() - Code Metrics - Inspection of "Add improved validation component" - nijens/openapi-bundle - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — main (#71)

by Niels

created 2022-08-12 14:14 UTC

validateJsonAgainstSchema() A

↳ Parent: RequestValidationSubscriber

Complexity

Conditions	2
Paths	2

Size

Total Lines	16
Code Lines	9

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	2
eloc	9
c	1
b	0
f	0
nc	2
nop	2
dl	0
loc	16
rs	9.9666

<?php

declare(strict_types=1);

/*
 * This file is part of the OpenapiBundle package.
 *
 * (c) Niels Nijens <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Nijens\OpenapiBundle\Validation\EventSubscriber;

use JsonSchema\Constraints\Constraint;
use JsonSchema\Validator;
use Nijens\OpenapiBundle\ExceptionHandling\Exception\InvalidContentTypeProblemException;
use Nijens\OpenapiBundle\ExceptionHandling\Exception\InvalidRequestBodyProblemException;
use Nijens\OpenapiBundle\ExceptionHandling\Exception\InvalidRequestParameterProblemException;
use Nijens\OpenapiBundle\ExceptionHandling\Exception\ProblemException;
use Nijens\OpenapiBundle\ExceptionHandling\Exception\Violation;
use Nijens\OpenapiBundle\Routing\RouteContext;
use Nijens\OpenapiBundle\Validation\ValidationContext;
use Seld\JsonLint\JsonParser;
use stdClass;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpFoundation\HeaderUtils;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Event\RequestEvent;
use Symfony\Component\HttpKernel\KernelEvents;

/**
 * Validates a request for routes loaded through the OpenAPI specification.
 *
 * @author Niels Nijens <[email protected]>
 */
class RequestValidationSubscriber implements EventSubscriberInterface
{
    /**
     * @var JsonParser
     */
    private $jsonParser;

    /**
     * @var Validator
     */
    private $jsonValidator;

    public static function getSubscribedEvents(): array
    {
        return [
            KernelEvents::REQUEST => [
                ['validateRequest', 28],
            ],
        ];
    }

    public function __construct(JsonParser $jsonParser, Validator $jsonValidator)
    {
        $this->jsonParser = $jsonParser;
        $this->jsonValidator = $jsonValidator;
    }

    public function validateRequest(RequestEvent $event): void
    {
        $request = $event->getRequest();
        if ($this->isManagedRoute($request) === false) {
            return;
        }

        $this->validateRequestParameters($request);
        $this->validateRequestContentType($request);
        $this->validateJsonRequestBody($request);
    }

    private function validateRequestParameters(Request $request): void
    {
        $routeContext = $this->getRouteContext($request);

        $violations = [];
        foreach ($routeContext[RouteContext::REQUEST_VALIDATE_QUERY_PARAMETERS] as $parameterName => $parameter) {
            $parameter = json_decode($parameter);
            if ($request->query->has($parameterName) === false && $parameter->required ?? false) {
                $violations[] = new Violation(
                    'required_query_parameter',
                    sprintf('Query parameter %s is required.', $parameterName),
                    $parameterName
                );

                continue;
            }

            if ($request->query->has($parameterName) === false) {
                continue;
            }

            $parameterValue = $request->query->get($parameterName);

            $this->jsonValidator->validate($parameterValue, $parameter->schema, Constraint::CHECK_MODE_COERCE_TYPES);
            if ($this->jsonValidator->isValid() === false) {
                $validationErrors = $this->jsonValidator->getErrors();
                $this->jsonValidator->reset();

                $violations = array_merge(
                    $violations,
                    array_map(
                        function (array $validationError) use ($parameterName): Violation {
                            $validationError['property'] = $parameterName;

                            return Violation::fromArray($validationError);
                        },
                        $validationErrors
                    )
                );
            }
        }

        if (count($violations) > 0) {
            $this->throwInvalidRequestParameterProblemException($violations);
        }
    }

    private function validateRequestContentType(Request $request): void
    {
        $requestContentType = $this->getRequestContentType($request);
        $routeContext = $this->getRouteContext($request);

        if ($requestContentType === '' && $routeContext[RouteContext::REQUEST_BODY_REQUIRED] === false) {
            return;
        }

        if (empty($routeContext[RouteContext::REQUEST_ALLOWED_CONTENT_TYPES])) {
            return;
        }

        if (in_array($requestContentType, $routeContext[RouteContext::REQUEST_ALLOWED_CONTENT_TYPES])) {
            return;
        }

        $exception = new InvalidContentTypeProblemException(
            ProblemException::DEFAULT_TYPE_URI,
            ProblemException::DEFAULT_TITLE,
            Response::HTTP_UNSUPPORTED_MEDIA_TYPE,
            sprintf(
                "The request content-type '%s' is not supported. (Supported: %s)",
                $requestContentType,
                implode(', ', $routeContext[RouteContext::REQUEST_ALLOWED_CONTENT_TYPES])
            )
        );

        throw $exception;
    }

    private function validateJsonRequestBody(Request $request): void
    {
        $requestContentType = $this->getRequestContentType($request);
        if ($requestContentType !== 'application/json') {
            return;
        }

        $routeContext = $this->getRouteContext($request);
        if (isset($routeContext[RouteContext::REQUEST_BODY_SCHEMA]) === false) {
            return;
        }

        $requestBody = $request->getContent();
        $decodedJsonRequestBody = $this->validateJsonSyntax($requestBody);

        $this->validateJsonAgainstSchema(
            json_decode($routeContext[RouteContext::REQUEST_BODY_SCHEMA]),
            $decodedJsonRequestBody
        );

        $request->attributes->set(
            ValidationContext::REQUEST_ATTRIBUTE,
            [
                ValidationContext::VALIDATED => true,
                ValidationContext::REQUEST_BODY => json_encode($decodedJsonRequestBody),
            ]
        );
    }

    /**
     * Validates if the request body is valid JSON.
     *
     * @return mixed
     */
    private function validateJsonSyntax(string $requestBody)
    {
        $decodedJsonRequestBody = json_decode($requestBody);
        if ($decodedJsonRequestBody !== null || $requestBody === 'null') {
            return $decodedJsonRequestBody;
        }

        $exception = $this->jsonParser->lint($requestBody);

        $this->throwInvalidRequestBodyProblemException([
            new Violation('valid_json', $exception->getMessage()),
        ]);
    }

    /**
     * Validates the JSON request body against the JSON Schema within the OpenAPI document.
     *
     * @param array|stdClass|string|int|float|bool|null $decodedJsonRequestBody
     */
    private function validateJsonAgainstSchema(stdClass $jsonSchema, &$decodedJsonRequestBody): void
    {
        $this->jsonValidator->validate($decodedJsonRequestBody, $jsonSchema);

        if ($this->jsonValidator->isValid() === false) {
            $validationErrors = $this->jsonValidator->getErrors();
            $this->jsonValidator->reset();

            $violations = array_map(
                function (array $validationError): Violation {
                    return Violation::fromArray($validationError);
                },
                $validationErrors
            );

            $this->throwInvalidRequestBodyProblemException($violations);
        }
    }

    private function throwInvalidRequestParameterProblemException(array $violations): void
    {
        $exception = new InvalidRequestParameterProblemException(
            'about:blank',
            'The request contains errors.',
            Response::HTTP_BAD_REQUEST,
            'Validation of query parameters failed.'
        );

        throw $exception->withViolations($violations);
    }

    /**
     * @param Violation[] $violations
     */
    private function throwInvalidRequestBodyProblemException(array $violations): void
    {
        $exception = new InvalidRequestBodyProblemException(
            'about:blank',
            'The request body contains errors.',
            Response::HTTP_BAD_REQUEST,
            'Validation of JSON request body failed.'
        );

        throw $exception->withViolations($violations);
    }

    private function isManagedRoute(Request $request): bool
    {
        return $request->attributes->has(RouteContext::REQUEST_ATTRIBUTE);
    }

    private function getRouteContext(Request $request): ?array
    {
        return $request->attributes->get(RouteContext::REQUEST_ATTRIBUTE);
    }

    private function getRequestContentType(Request $request): string
    {
        return current(HeaderUtils::split($request->headers->get('Content-Type', ''), ';')) ?: '';
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			/*
6			* This file is part of the OpenapiBundle package.
7			*
8			* (c) Niels Nijens <[email protected]>
9			*
10			* For the full copyright and license information, please view the LICENSE
11			* file that was distributed with this source code.
12			*/
13
14			namespace Nijens\OpenapiBundle\Validation\EventSubscriber;
15
16			use JsonSchema\Constraints\Constraint;
17			use JsonSchema\Validator;
18			use Nijens\OpenapiBundle\ExceptionHandling\Exception\InvalidContentTypeProblemException;
19			use Nijens\OpenapiBundle\ExceptionHandling\Exception\InvalidRequestBodyProblemException;
20			use Nijens\OpenapiBundle\ExceptionHandling\Exception\InvalidRequestParameterProblemException;
21			use Nijens\OpenapiBundle\ExceptionHandling\Exception\ProblemException;
22			use Nijens\OpenapiBundle\ExceptionHandling\Exception\Violation;
23			use Nijens\OpenapiBundle\Routing\RouteContext;
24			use Nijens\OpenapiBundle\Validation\ValidationContext;
25			use Seld\JsonLint\JsonParser;
26			use stdClass;
27			use Symfony\Component\EventDispatcher\EventSubscriberInterface;
28			use Symfony\Component\HttpFoundation\HeaderUtils;
29			use Symfony\Component\HttpFoundation\Request;
30			use Symfony\Component\HttpFoundation\Response;
31			use Symfony\Component\HttpKernel\Event\RequestEvent;
32			use Symfony\Component\HttpKernel\KernelEvents;
33
34			/**
35			* Validates a request for routes loaded through the OpenAPI specification.
36			*
37			* @author Niels Nijens <[email protected]>
38			*/
39			class RequestValidationSubscriber implements EventSubscriberInterface
40			{
41			/**
42			* @var JsonParser
43			*/
44			private $jsonParser;
45
46			/**
47			* @var Validator
48			*/
49			private $jsonValidator;
50
51			public static function getSubscribedEvents(): array
52			{
53			return [
54			KernelEvents::REQUEST => [
55			['validateRequest', 28],
56			],
57			];
58			}
59
60			public function __construct(JsonParser $jsonParser, Validator $jsonValidator)
61			{
62			$this->jsonParser = $jsonParser;
63			$this->jsonValidator = $jsonValidator;
64			}
65
66			public function validateRequest(RequestEvent $event): void
67			{
68			$request = $event->getRequest();
69			if ($this->isManagedRoute($request) === false) {
70			return;
71			}
72
73			$this->validateRequestParameters($request);
74			$this->validateRequestContentType($request);
75			$this->validateJsonRequestBody($request);
76			}
77
78			private function validateRequestParameters(Request $request): void
79			{
80			$routeContext = $this->getRouteContext($request);
81
82			$violations = [];
83			foreach ($routeContext[RouteContext::REQUEST_VALIDATE_QUERY_PARAMETERS] as $parameterName => $parameter) {
84			$parameter = json_decode($parameter);
85			if ($request->query->has($parameterName) === false && $parameter->required ?? false) {
86			$violations[] = new Violation(
87			'required_query_parameter',
88			sprintf('Query parameter %s is required.', $parameterName),
89			$parameterName
90			);
91
92			continue;
93			}
94
95			if ($request->query->has($parameterName) === false) {
96			continue;
97			}
98
99			$parameterValue = $request->query->get($parameterName);
100
101			$this->jsonValidator->validate($parameterValue, $parameter->schema, Constraint::CHECK_MODE_COERCE_TYPES);
102			if ($this->jsonValidator->isValid() === false) {
103			$validationErrors = $this->jsonValidator->getErrors();
104			$this->jsonValidator->reset();
105
106			$violations = array_merge(
107			$violations,
108			array_map(
109			function (array $validationError) use ($parameterName): Violation {
110			$validationError['property'] = $parameterName;
111
112			return Violation::fromArray($validationError);
113			},
114			$validationErrors
115			)
116			);
117			}
118			}
119
120			if (count($violations) > 0) {
121			$this->throwInvalidRequestParameterProblemException($violations);
122			}
123			}
124
125			private function validateRequestContentType(Request $request): void
126			{
127			$requestContentType = $this->getRequestContentType($request);
128			$routeContext = $this->getRouteContext($request);
129
130			if ($requestContentType === '' && $routeContext[RouteContext::REQUEST_BODY_REQUIRED] === false) {
131			return;
132			}
133
134			if (empty($routeContext[RouteContext::REQUEST_ALLOWED_CONTENT_TYPES])) {
135			return;
136			}
137
138			if (in_array($requestContentType, $routeContext[RouteContext::REQUEST_ALLOWED_CONTENT_TYPES])) {
139			return;
140			}
141
142			$exception = new InvalidContentTypeProblemException(
143			ProblemException::DEFAULT_TYPE_URI,
144			ProblemException::DEFAULT_TITLE,
145			Response::HTTP_UNSUPPORTED_MEDIA_TYPE,
146			sprintf(
147			"The request content-type '%s' is not supported. (Supported: %s)",
148			$requestContentType,
149			implode(', ', $routeContext[RouteContext::REQUEST_ALLOWED_CONTENT_TYPES])
150			)
151			);
152
153			throw $exception;
154			}
155
156			private function validateJsonRequestBody(Request $request): void
157			{
158			$requestContentType = $this->getRequestContentType($request);
159			if ($requestContentType !== 'application/json') {
160			return;
161			}
162
163			$routeContext = $this->getRouteContext($request);
164			if (isset($routeContext[RouteContext::REQUEST_BODY_SCHEMA]) === false) {
165			return;
166			}
167
168			$requestBody = $request->getContent();
169			$decodedJsonRequestBody = $this->validateJsonSyntax($requestBody);
170
171			$this->validateJsonAgainstSchema(
172			json_decode($routeContext[RouteContext::REQUEST_BODY_SCHEMA]),
173			$decodedJsonRequestBody
174			);
175
176			$request->attributes->set(
177			ValidationContext::REQUEST_ATTRIBUTE,
178			[
179			ValidationContext::VALIDATED => true,
180			ValidationContext::REQUEST_BODY => json_encode($decodedJsonRequestBody),
181			]
182			);
183			}
184
185			/**
186			* Validates if the request body is valid JSON.
187			*
188			* @return mixed
189			*/
190			private function validateJsonSyntax(string $requestBody)
191			{
192			$decodedJsonRequestBody = json_decode($requestBody);
193			if ($decodedJsonRequestBody !== null \|\| $requestBody === 'null') {
194			return $decodedJsonRequestBody;
195			}
196
197			$exception = $this->jsonParser->lint($requestBody);
198
199			$this->throwInvalidRequestBodyProblemException([
200			new Violation('valid_json', $exception->getMessage()),
201			]);
202			}
203
204			/**
205			* Validates the JSON request body against the JSON Schema within the OpenAPI document.
206			*
207			* @param array\|stdClass\|string\|int\|float\|bool\|null $decodedJsonRequestBody
208			*/
209			private function validateJsonAgainstSchema(stdClass $jsonSchema, &$decodedJsonRequestBody): void
210			{
211			$this->jsonValidator->validate($decodedJsonRequestBody, $jsonSchema);
212
213			if ($this->jsonValidator->isValid() === false) {
214			$validationErrors = $this->jsonValidator->getErrors();
215			$this->jsonValidator->reset();
216
217			$violations = array_map(
218			function (array $validationError): Violation {
219			return Violation::fromArray($validationError);
220			},
221			$validationErrors
222			);
223
224			$this->throwInvalidRequestBodyProblemException($violations);
225			}
226			}
227
228			private function throwInvalidRequestParameterProblemException(array $violations): void
229			{
230			$exception = new InvalidRequestParameterProblemException(
231			'about:blank',
232			'The request contains errors.',
233			Response::HTTP_BAD_REQUEST,
234			'Validation of query parameters failed.'
235			);
236
237			throw $exception->withViolations($violations);
238			}
239
240			/**
241			* @param Violation[] $violations
242			*/
243			private function throwInvalidRequestBodyProblemException(array $violations): void
244			{
245			$exception = new InvalidRequestBodyProblemException(
246			'about:blank',
247			'The request body contains errors.',
248			Response::HTTP_BAD_REQUEST,
249			'Validation of JSON request body failed.'
250			);
251
252			throw $exception->withViolations($violations);
253			}
254
255			private function isManagedRoute(Request $request): bool
256			{
257			return $request->attributes->has(RouteContext::REQUEST_ATTRIBUTE);
258			}
259
260			private function getRouteContext(Request $request): ?array
261			{
262			return $request->attributes->get(RouteContext::REQUEST_ATTRIBUTE);
263			}
264
265			private function getRequestContentType(Request $request): string
266			{
267			return current(HeaderUtils::split($request->headers->get('Content-Type', ''), ';')) ?: '';
268			}
269			}
270

nijens / openapi-bundle

Pull Request — main (#71)

validateJsonAgainstSchema() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like