6067528200

Committed 04 Sep 2023 12:12AM UTC coverage: 36.875% (-21.9%) from 58.794%

Build # 6067528200

Build Type

Pull #5791

github

Committed by

web-flow

Commit Message

Merge 64157e578 into d09cfc9d2

Pull Request Pull Request #5791: fix: strip down any sql function name

Run Details

3096 of 3096 new or added lines in 205 files covered. (100.0%)

9926 of 26918 relevant lines covered (36.87%)

6.5 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

72.29

/src/Symfony/EventListener/ErrorListener.php

<?php

/*
 * This file is part of the API Platform project.
 *
 * (c) Kévin Dunglas <dunglas@gmail.com>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

namespace ApiPlatform\Symfony\EventListener;

use ApiPlatform\Api\IdentifiersExtractorInterface;
use ApiPlatform\ApiResource\Error;
use ApiPlatform\Metadata\Error as ErrorOperation;
use ApiPlatform\Metadata\HttpOperation;
use ApiPlatform\Metadata\Resource\Factory\ResourceMetadataCollectionFactoryInterface;
use ApiPlatform\Metadata\ResourceClassResolverInterface;
use ApiPlatform\Metadata\Util\ContentNegotiationTrait;
use ApiPlatform\Symfony\Util\RequestAttributesExtractor;
use ApiPlatform\Symfony\Validator\Exception\ConstraintViolationListAwareExceptionInterface;
use ApiPlatform\Util\OperationRequestInitiatorTrait;
use ApiPlatform\Validator\Exception\ValidationException;
use Negotiation\Negotiator;
use Psr\Log\LoggerInterface;
use Symfony\Component\HttpFoundation\Exception\RequestExceptionInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\EventListener\ErrorListener as SymfonyErrorListener;
use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface as SymfonyHttpExceptionInterface;

/**
 * This error listener extends the Symfony one in order to add
 * the `_api_operation` attribute when the request is duplicated.
 * It will later be used to retrieve the exceptionToStatus from the operation ({@see ApiPlatform\Action\ExceptionAction}).
 */
final class ErrorListener extends SymfonyErrorListener
{
    use ContentNegotiationTrait;
    use OperationRequestInitiatorTrait;

    public function __construct(
        object|array|string|null $controller,
        LoggerInterface $logger = null,
        bool $debug = false,
        array $exceptionsMapping = [],
        ResourceMetadataCollectionFactoryInterface $resourceMetadataCollectionFactory = null,
        private readonly array $errorFormats = [],
        private readonly array $exceptionToStatus = [],
        private readonly ?IdentifiersExtractorInterface $identifiersExtractor = null,
        private readonly ?ResourceClassResolverInterface $resourceClassResolver = null,
        Negotiator $negotiator = null
    ) {
        parent::__construct($controller, $logger, $debug, $exceptionsMapping);
        $this->resourceMetadataCollectionFactory = $resourceMetadataCollectionFactory;
        $this->negotiator = $negotiator ?? new Negotiator();
    }

    protected function duplicateRequest(\Throwable $exception, Request $request): Request
    {
        $dup = parent::duplicateRequest($exception, $request);
        $apiOperation = $this->initializeOperation($request);
        $format = $this->getRequestFormat($request, $this->errorFormats, false);

        if ($this->resourceClassResolver?->isResourceClass($exception::class)) {
            $resourceCollection = $this->resourceMetadataCollectionFactory->create($exception::class);

            $operation = null;
            foreach ($resourceCollection as $resource) {
                foreach ($resource->getOperations() as $op) {
                    foreach ($op->getOutputFormats() as $key => $value) {
                        if ($key === $format) {
                            $operation = $op;
                            break 3;
                        }
                    }
                }
            }

            // No operation found for the requested format, we take the first available
            if (!$operation) {
                $operation = $resourceCollection->getOperation();
            }
            $errorResource = $exception;
        } elseif ($this->resourceMetadataCollectionFactory) {
            // Create a generic, rfc7807 compatible error according to the wanted format
            /** @var HttpOperation $operation */
            $operation = $this->resourceMetadataCollectionFactory->create(Error::class)->getOperation($this->getFormatOperation($format));
            $operation = $operation->withStatus($this->getStatusCode($apiOperation, $request, $operation, $exception));
            $errorResource = Error::createFromException($exception, $operation->getStatus());
        } else {
            /** @var HttpOperation $operation */
            $operation = new ErrorOperation(name: '_api_errors_problem', class: Error::class, outputFormats: ['jsonld' => ['application/ld+json']], normalizationContext: ['groups' => ['jsonld'], 'skip_null_values' => true]);
            $operation = $operation->withStatus($this->getStatusCode($apiOperation, $request, $operation, $exception));
            $errorResource = Error::createFromException($exception, $operation->getStatus());
        }

        if (!$operation->getProvider()) {
            $operation = $operation->withProvider(provider: fn () => 'jsonapi' === $format && $errorResource instanceof ConstraintViolationListAwareExceptionInterface ? $errorResource->getConstraintViolationList() : $errorResource);
        }

        // For our swagger Ui errors
        if ('html' === $format) {
            $operation = $operation->withOutputFormats(['html' => ['text/html']]);
        }

        $identifiers = [];
        try {
            $identifiers = $this->identifiersExtractor?->getIdentifiersFromItem($errorResource, $operation) ?? [];
        } catch (\Exception $e) {
        }

        if ($exception instanceof ValidationException) {
            if (!($apiOperation?->getExtraProperties()['rfc_7807_compliant_errors'] ?? false)) {
                $operation = $operation->withNormalizationContext([
                    'groups' => ['legacy_'.$format],
                    'force_iri_generation' => false,
                ]);
            }
        }

        $dup->attributes->set('_api_resource_class', $operation->getClass());
        $dup->attributes->set('_api_previous_operation', $apiOperation);
        $dup->attributes->set('_api_operation', $operation);
        $dup->attributes->set('_api_operation_name', $operation->getName());
        $dup->attributes->remove('exception');
        // These are for swagger
        $dup->attributes->set('_api_original_route', $request->attributes->get('_route'));
        $dup->attributes->set('_api_original_route_params', $request->attributes->get('_route_params'));
        $dup->attributes->set('_api_requested_operation', $request->attributes->get('_api_requested_operation'));

        foreach ($identifiers as $name => $value) {
            $dup->attributes->set($name, $value);
        }

        return $dup;
    }

    private function getOperationExceptionToStatus(Request $request): array
    {
        $attributes = RequestAttributesExtractor::extractAttributes($request);

        if ([] === $attributes) {
            return [];
        }

        $resourceMetadataCollection = $this->resourceMetadataCollectionFactory->create($attributes['resource_class']);
        /** @var HttpOperation $operation */
        $operation = $resourceMetadataCollection->getOperation($attributes['operation_name'] ?? null);
        $exceptionToStatus = [$operation->getExceptionToStatus() ?: []];

        foreach ($resourceMetadataCollection as $resourceMetadata) {
            /* @var ApiResource $resourceMetadata */
            $exceptionToStatus[] = $resourceMetadata->getExceptionToStatus() ?: [];
        }

        return array_merge(...$exceptionToStatus);
    }

    private function getStatusCode(?HttpOperation $apiOperation, Request $request, ?HttpOperation $errorOperation, \Throwable $exception): int
    {
        $exceptionToStatus = array_merge(
            $this->exceptionToStatus,
            $apiOperation ? $apiOperation->getExceptionToStatus() ?? [] : $this->getOperationExceptionToStatus($request),
            $errorOperation ? $errorOperation->getExceptionToStatus() ?? [] : []
        );

        foreach ($exceptionToStatus as $class => $status) {
            if (is_a($exception::class, $class, true)) {
                return $status;
            }
        }

        if ($exception instanceof SymfonyHttpExceptionInterface) {
            return $exception->getStatusCode();
        }

        if ($exception instanceof RequestExceptionInterface) {
            return 400;
        }

        if ($exception instanceof ValidationException) {
            return 422;
        }

        if ($status = $errorOperation?->getStatus()) {
            return $status;
        }

        return 500;
    }

    private function getFormatOperation(?string $format): string
    {
        return match ($format) {
            'json' => '_api_errors_problem',
            'jsonproblem' => '_api_errors_problem',
            'jsonld' => '_api_errors_hydra',
            'jsonapi' => '_api_errors_jsonapi',
            'html' => '_api_errors_problem', // This will be intercepted by the SwaggerUiProvider
            default => '_api_errors_problem'
        };
    }
}

1	<?php
2
3	/*
4	* This file is part of the API Platform project.
5	*
6	* (c) Kévin Dunglas <dunglas@gmail.com>
7	*
8	* For the full copyright and license information, please view the LICENSE
9	* file that was distributed with this source code.
10	*/
11
12	declare(strict_types=1);
13
14	namespace ApiPlatform\Symfony\EventListener;
15
16	use ApiPlatform\Api\IdentifiersExtractorInterface;
17	use ApiPlatform\ApiResource\Error;
18	use ApiPlatform\Metadata\Error as ErrorOperation;
19	use ApiPlatform\Metadata\HttpOperation;
20	use ApiPlatform\Metadata\Resource\Factory\ResourceMetadataCollectionFactoryInterface;
21	use ApiPlatform\Metadata\ResourceClassResolverInterface;
22	use ApiPlatform\Metadata\Util\ContentNegotiationTrait;
23	use ApiPlatform\Symfony\Util\RequestAttributesExtractor;
24	use ApiPlatform\Symfony\Validator\Exception\ConstraintViolationListAwareExceptionInterface;
25	use ApiPlatform\Util\OperationRequestInitiatorTrait;
26	use ApiPlatform\Validator\Exception\ValidationException;
27	use Negotiation\Negotiator;
28	use Psr\Log\LoggerInterface;
29	use Symfony\Component\HttpFoundation\Exception\RequestExceptionInterface;
30	use Symfony\Component\HttpFoundation\Request;
31	use Symfony\Component\HttpKernel\EventListener\ErrorListener as SymfonyErrorListener;
32	use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface as SymfonyHttpExceptionInterface;
33
34	/**
35	* This error listener extends the Symfony one in order to add
36	* the `_api_operation` attribute when the request is duplicated.
37	* It will later be used to retrieve the exceptionToStatus from the operation ({@see ApiPlatform\Action\ExceptionAction}).
38	*/
39	final class ErrorListener extends SymfonyErrorListener
40	{
41	use ContentNegotiationTrait;
42	use OperationRequestInitiatorTrait;
43
44	public function __construct(
45	object\|array\|string\|null $controller,
46	LoggerInterface $logger = null,
47	bool $debug = false,
48	array $exceptionsMapping = [],
49	ResourceMetadataCollectionFactoryInterface $resourceMetadataCollectionFactory = null,
50	private readonly array $errorFormats = [],
51	private readonly array $exceptionToStatus = [],
52	private readonly ?IdentifiersExtractorInterface $identifiersExtractor = null,
53	private readonly ?ResourceClassResolverInterface $resourceClassResolver = null,
54	Negotiator $negotiator = null
55	) {
56	parent::__construct($controller, $logger, $debug, $exceptionsMapping);	81✔
57	$this->resourceMetadataCollectionFactory = $resourceMetadataCollectionFactory;	81✔
58	$this->negotiator = $negotiator ?? new Negotiator();	81✔
59	}
60
61	protected function duplicateRequest(\Throwable $exception, Request $request): Request
62	{
63	$dup = parent::duplicateRequest($exception, $request);	9✔
64	$apiOperation = $this->initializeOperation($request);	9✔
65	$format = $this->getRequestFormat($request, $this->errorFormats, false);	9✔
66
67	if ($this->resourceClassResolver?->isResourceClass($exception::class)) {	9✔
68	$resourceCollection = $this->resourceMetadataCollectionFactory->create($exception::class);	3✔
69
70	$operation = null;	3✔
71	foreach ($resourceCollection as $resource) {	3✔
72	foreach ($resource->getOperations() as $op) {	3✔
73	foreach ($op->getOutputFormats() as $key => $value) {	3✔
74	if ($key === $format) {	3✔
75	$operation = $op;	3✔
76	break 3;	3✔
77	}
78	}
79	}
80	}
81
82	// No operation found for the requested format, we take the first available
83	if (!$operation) {	3✔
84	$operation = $resourceCollection->getOperation();	×
85	}
86	$errorResource = $exception;	3✔
87	} elseif ($this->resourceMetadataCollectionFactory) {	6✔
88	// Create a generic, rfc7807 compatible error according to the wanted format
89	/** @var HttpOperation $operation */
90	$operation = $this->resourceMetadataCollectionFactory->create(Error::class)->getOperation($this->getFormatOperation($format));	6✔
91	$operation = $operation->withStatus($this->getStatusCode($apiOperation, $request, $operation, $exception));	6✔
92	$errorResource = Error::createFromException($exception, $operation->getStatus());	6✔
93	} else {
94	/** @var HttpOperation $operation */
95	$operation = new ErrorOperation(name: '_api_errors_problem', class: Error::class, outputFormats: ['jsonld' => ['application/ld+json']], normalizationContext: ['groups' => ['jsonld'], 'skip_null_values' => true]);	×
96	$operation = $operation->withStatus($this->getStatusCode($apiOperation, $request, $operation, $exception));	×
97	$errorResource = Error::createFromException($exception, $operation->getStatus());	×
98	}
99
100	if (!$operation->getProvider()) {	9✔
101	$operation = $operation->withProvider(provider: fn () => 'jsonapi' === $format && $errorResource instanceof ConstraintViolationListAwareExceptionInterface ? $errorResource->getConstraintViolationList() : $errorResource);	9✔
102	}
103
104	// For our swagger Ui errors
105	if ('html' === $format) {	9✔
106	$operation = $operation->withOutputFormats(['html' => ['text/html']]);	×
107	}
108
109	$identifiers = [];	9✔
110	try {
111	$identifiers = $this->identifiersExtractor?->getIdentifiersFromItem($errorResource, $operation) ?? [];	9✔
112	} catch (\Exception $e) {	×
113	}
114
115	if ($exception instanceof ValidationException) {	9✔
116	if (!($apiOperation?->getExtraProperties()['rfc_7807_compliant_errors'] ?? false)) {	×
117	$operation = $operation->withNormalizationContext([	×
118	'groups' => ['legacy_'.$format],	×
119	'force_iri_generation' => false,	×
120	]);	×
121	}
122	}
123
124	$dup->attributes->set('_api_resource_class', $operation->getClass());	9✔
125	$dup->attributes->set('_api_previous_operation', $apiOperation);	9✔
126	$dup->attributes->set('_api_operation', $operation);	9✔
127	$dup->attributes->set('_api_operation_name', $operation->getName());	9✔
128	$dup->attributes->remove('exception');	9✔
129	// These are for swagger
130	$dup->attributes->set('_api_original_route', $request->attributes->get('_route'));	9✔
131	$dup->attributes->set('_api_original_route_params', $request->attributes->get('_route_params'));	9✔
132	$dup->attributes->set('_api_requested_operation', $request->attributes->get('_api_requested_operation'));	9✔
133
134	foreach ($identifiers as $name => $value) {	9✔
135	$dup->attributes->set($name, $value);	3✔
136	}
137
138	return $dup;	9✔
139	}
140
141	private function getOperationExceptionToStatus(Request $request): array
142	{
143	$attributes = RequestAttributesExtractor::extractAttributes($request);	6✔
144
145	if ([] === $attributes) {	6✔
146	return [];	6✔
147	}
148
149	$resourceMetadataCollection = $this->resourceMetadataCollectionFactory->create($attributes['resource_class']);	×
150	/** @var HttpOperation $operation */
151	$operation = $resourceMetadataCollection->getOperation($attributes['operation_name'] ?? null);	×
152	$exceptionToStatus = [$operation->getExceptionToStatus() ?: []];	×
153
154	foreach ($resourceMetadataCollection as $resourceMetadata) {	×
155	/* @var ApiResource $resourceMetadata */
156	$exceptionToStatus[] = $resourceMetadata->getExceptionToStatus() ?: [];	×
157	}
158
159	return array_merge(...$exceptionToStatus);	×
160	}
161
162	private function getStatusCode(?HttpOperation $apiOperation, Request $request, ?HttpOperation $errorOperation, \Throwable $exception): int
163	{
164	$exceptionToStatus = array_merge(	6✔
165	$this->exceptionToStatus,	6✔
166	$apiOperation ? $apiOperation->getExceptionToStatus() ?? [] : $this->getOperationExceptionToStatus($request),	6✔
167	$errorOperation ? $errorOperation->getExceptionToStatus() ?? [] : []	6✔
168	);	6✔
169
170	foreach ($exceptionToStatus as $class => $status) {	6✔
171	if (is_a($exception::class, $class, true)) {	×
172	return $status;	×
173	}
174	}
175
176	if ($exception instanceof SymfonyHttpExceptionInterface) {	6✔
177	return $exception->getStatusCode();	×
178	}
179
180	if ($exception instanceof RequestExceptionInterface) {	6✔
181	return 400;	×
182	}
183
184	if ($exception instanceof ValidationException) {	6✔
185	return 422;	×
186	}
187
188	if ($status = $errorOperation?->getStatus()) {	6✔
189	return $status;	6✔
190	}
191
192	return 500;	×
193	}
194
195	private function getFormatOperation(?string $format): string
196	{
197	return match ($format) {	6✔
198	'json' => '_api_errors_problem',	6✔
199	'jsonproblem' => '_api_errors_problem',	6✔
200	'jsonld' => '_api_errors_hydra',	6✔
201	'jsonapi' => '_api_errors_jsonapi',	6✔
202	'html' => '_api_errors_problem', // This will be intercepted by the SwaggerUiProvider	6✔
203	default => '_api_errors_problem'	6✔
204	};	6✔
205	}
206	}

api-platform / core / 6067528200

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous