phpro / api-problem-bundle Goto Github PK

Symfony Validator component has a built in feature to normalize a ConstraintViolationListInterface to an RFC7807 output. However, you need to do this by returning this yourself like so:

# IndexController.php

public function index(ValidatorInterface $validator) 
{
     $errors = $validator->validate(...);
     return $this->json($errors, 400);
}

It would be much nicer to throw an exception, because in the above example, it is very easy to mis the response status. And with an exception it doesn't.

Maybe something like:

throw new ApiValidationException($errors);

Or does this package already has a solution for it?

• Use github actions
• Use latest grumphp for composer 2 compatibility

It would be great to see an update for Symfony 5!

Would it be possible to limit the execution of the transformation to a route regular expression like ^/api/? So the transformation of the exceptions wouldn't occur on other places of the application which sometimes might throw an HttpException when accepting application/json but shouldn't be transformed.

This might be usefull for some applications which are not yet fully based on api's, or for some who want to migrate to newly structured api's

I am concerned with random exception messages being revealed in the details field by default.

For example, today I've met Symfony's exception was thrown by internal logic of Translations engine with the text Unable to write to the "/var/task/var/cache/lambda/translations" directory. which reveals the internal structure of the project (and the fact project uses Symfony) which could be considered as a security breach.

My proposition is to not show exception's message in details field by default in production environment.

a priority from -5 should be better, because then, the "logKernelException()" call from symfony would not be intercepted.

 ------- ------------------------------------------------------------------------------------------- ----------
  Order   Callable                                                                                    Priority
 ------- ------------------------------------------------------------------------------------------- ----------
  #2      Symfony\Component\HttpKernel\EventListener\ProfilerListener::onKernelException()            0
  #3      Symfony\Component\HttpKernel\EventListener\ExceptionListener::logKernelException()          0
  #4      Symfony\Bundle\SwiftmailerBundle\EventListener\EmailSenderListener::onException()           0
  #5      Phpro\ApiProblemBundle\EventListener\JsonApiProblemExceptionListener::onKernelException()   -5
  #6      Symfony\Component\HttpKernel\EventListener\RouterListener::onKernelException()              -64
  #7      Symfony\Component\HttpKernel\EventListener\ExceptionListener::onKernelException()           -128
  #8      Symfony\Component\HttpKernel\EventListener\ExceptionListener::onKernelException()           -2048
 ------- ------------------------------------------------------------------------------------------- ----------

console debug:event-dispatcher kernel.exception

Bug Report

Summary

Updating to symfony 6.0 gives a compile error in ApiProblemHttpException. The return types are missing in the code.

The type of expected answer should be used rather than the type of the request body content type to define whether to use the library from what I understand.

For instance, say you have a get request: there is no need for a Content-Type, and I believe a Get request should never have a body, hence no content-type.