10790047473

Committed 10 Sep 2024 09:50AM UTC coverage: 7.659% (-0.001%) from 7.66%

Build # 10790047473

Build Type

push

github

Committed by

web-flow

Commit Message

feat(laravel): parameter validator + security (#6603)

Run Details

0 of 38 new or added lines in 4 files covered. (0.0%)

1192 existing lines in 74 files now uncovered.

12581 of 164273 relevant lines covered (7.66%)

22.85 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

0.0

/src/Laravel/State/ValidateProvider.php

<?php

/*
 * This file is part of the API Platform project.
 *
 * (c) Kévin Dunglas <dunglas@gmail.com>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

declare(strict_types=1);

namespace ApiPlatform\Laravel\State;

use ApiPlatform\Metadata\Error;
use ApiPlatform\Metadata\Operation;
use ApiPlatform\State\ProviderInterface;
use Illuminate\Contracts\Foundation\Application;
use Illuminate\Foundation\Http\FormRequest;
use Illuminate\Support\Facades\Validator;
use Illuminate\Validation\ValidationException;

/**
 * @implements ProviderInterface<object>
 */
final class ValidateProvider implements ProviderInterface
{
    use ValidationErrorTrait;

    /**
     * @param ProviderInterface<object> $inner
     */
    public function __construct(
        private readonly ProviderInterface $inner,
        private readonly Application $app,
    ) {
    }

    public function provide(Operation $operation, array $uriVariables = [], array $context = []): object|array|null
    {
        $request = $context['request'];
        $body = $this->inner->provide($operation, $uriVariables, $context);

        if (!$operation->canValidate() || $operation instanceof Error) {
            return $body;
        }

        $rules = $operation->getRules();
        if (\is_callable($rules)) {
            $rules = $rules();
        }

        if (\is_string($rules) && is_a($rules, FormRequest::class, true)) {
            try {
                $this->app->make($rules);
                // } catch (AuthorizationException $e) { // TODO: we may want to catch this to transform to an error
            } catch (ValidationException $e) { // @phpstan-ignore-line make->($rules) may throw this
                throw $this->getValidationError($e->validator, $e);
            }

            return $body;
        }

        if (!\is_array($rules)) {
            return $body;
        }

        $validator = Validator::make($request->request->all(), $rules);
        if ($validator->fails()) {
            throw $this->getValidationError($validator, new ValidationException($validator));
        }

        return $body;
    }
}

1	<?php
2
3	/*
4	* This file is part of the API Platform project.
5	*
6	* (c) Kévin Dunglas <dunglas@gmail.com>
7	*
8	* For the full copyright and license information, please view the LICENSE
9	* file that was distributed with this source code.
10	*/
11
12	declare(strict_types=1);
13
14	namespace ApiPlatform\Laravel\State;
15
16	use ApiPlatform\Metadata\Error;
17	use ApiPlatform\Metadata\Operation;
18	use ApiPlatform\State\ProviderInterface;
19	use Illuminate\Contracts\Foundation\Application;
20	use Illuminate\Foundation\Http\FormRequest;
21	use Illuminate\Support\Facades\Validator;
22	use Illuminate\Validation\ValidationException;
23
24	/**
25	* @implements ProviderInterface<object>
26	*/
27	final class ValidateProvider implements ProviderInterface
28	{
29	use ValidationErrorTrait;
30
31	/**
32	* @param ProviderInterface<object> $inner
33	*/
34	public function __construct(
35	private readonly ProviderInterface $inner,
36	private readonly Application $app,
37	) {
38	}	×
39
40	public function provide(Operation $operation, array $uriVariables = [], array $context = []): object\|array\|null
41	{
42	$request = $context['request'];	×
43	$body = $this->inner->provide($operation, $uriVariables, $context);	×
44
45	if (!$operation->canValidate() \|\| $operation instanceof Error) {	×
46	return $body;	×
47	}
48
49	$rules = $operation->getRules();	×
50	if (\is_callable($rules)) {	×
51	$rules = $rules();	×
52	}
53
54	if (\is_string($rules) && is_a($rules, FormRequest::class, true)) {	×
55	try {
56	$this->app->make($rules);	×
57	// } catch (AuthorizationException $e) { // TODO: we may want to catch this to transform to an error
58	} catch (ValidationException $e) { // @phpstan-ignore-line make->($rules) may throw this	×
NEW 59	throw $this->getValidationError($e->validator, $e);	×
60	}
61
62	return $body;	×
63	}
64
65	if (!\is_array($rules)) {	×
66	return $body;	×
67	}
68
NEW 69	$validator = Validator::make($request->request->all(), $rules);	×
70	if ($validator->fails()) {	×
NEW 71	throw $this->getValidationError($validator, new ValidationException($validator));	×
72	}
73
74	return $body;	×
75	}
76	}

api-platform / core / 10790047473

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous