From 23e61fdc38fa98b9e23175cd0a7d233ddbd50e94 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Timoth=C3=A9e=20Jaussoin?= Date: Wed, 11 Sep 2024 15:52:35 +0200 Subject: [PATCH] Fix FLEXIAPI-211 Add a JSON validation middleware + test --- CHANGELOG.md | 1 + flexiapi/app/Http/Kernel.php | 2 ++ flexiapi/app/Http/Middleware/ValidateJSON.php | 23 +++++++++++++++++++ .../Feature/ApiAccountCreationTokenTest.php | 22 ++++++++++++++++++ 4 files changed, 48 insertions(+) create mode 100644 flexiapi/app/Http/Middleware/ValidateJSON.php diff --git a/CHANGELOG.md b/CHANGELOG.md index d07156c..0da9d03 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,7 @@ v1.6 - Fix FLEXIAPI-196 Add a phone validation system by country code with configuration panels and related tests and documentation - Fix FLEXIAPI-203 Implement domain based Linphone configuration, add documentation, complete API endpoints, complete provisioning XML - Fix FLEXIAPI-208 Add SMS templates documentation +- Fix FLEXIAPI-211 Add a JSON validation middleware + test v1.5 --- diff --git a/flexiapi/app/Http/Kernel.php b/flexiapi/app/Http/Kernel.php index cbb88ae..4eda340 100644 --- a/flexiapi/app/Http/Kernel.php +++ b/flexiapi/app/Http/Kernel.php @@ -57,6 +57,7 @@ class Kernel extends HttpKernel 'api' => [ 'throttle:600,1', // move to 600 instead of 60 'bindings', + 'validate_json', 'localization', ], ]; @@ -76,6 +77,7 @@ class Kernel extends HttpKernel 'auth.digest_or_key' => \App\Http\Middleware\AuthenticateDigestOrKey::class, 'auth.jwt' => \App\Http\Middleware\AuthenticateJWT::class, 'auth.check_blocked' => \App\Http\Middleware\CheckBlocked::class, + 'validate_json' => \App\Http\Middleware\ValidateJSON::class, 'web_panel_enabled' => \App\Http\Middleware\IsWebPanelEnabled::class, 'bindings' => \Illuminate\Routing\Middleware\SubstituteBindings::class, 'cache.headers' => \Illuminate\Http\Middleware\SetCacheHeaders::class, diff --git a/flexiapi/app/Http/Middleware/ValidateJSON.php b/flexiapi/app/Http/Middleware/ValidateJSON.php new file mode 100644 index 0000000..0869c69 --- /dev/null +++ b/flexiapi/app/Http/Middleware/ValidateJSON.php @@ -0,0 +1,23 @@ +expectsJson()) { + json_decode($request->getContent()); + if (json_last_error() !== JSON_ERROR_NONE) { + abort(400, self::$message . ': ' . json_last_error_msg()); + } + } + + return $next($request); + } +} diff --git a/flexiapi/tests/Feature/ApiAccountCreationTokenTest.php b/flexiapi/tests/Feature/ApiAccountCreationTokenTest.php index 63d620c..9f40bcb 100644 --- a/flexiapi/tests/Feature/ApiAccountCreationTokenTest.php +++ b/flexiapi/tests/Feature/ApiAccountCreationTokenTest.php @@ -22,6 +22,7 @@ namespace Tests\Feature; use App\Account; use App\AccountCreationRequestToken; use App\AccountCreationToken; +use App\Http\Middleware\ValidateJSON; use Tests\TestCase; use Carbon\Carbon; @@ -39,6 +40,27 @@ class ApiAccountCreationTokenTest extends TestCase protected $pnParam = 'param'; protected $pnPrid = 'id'; + public function testInvalidJSON() + { + $this->call( + $this->method, + $this->tokenRoute, + [], + [], + [], + $this->transformHeadersToServerVars( + [ + 'content-type' => 'application/json', + 'accept' => 'application/json', + ] + ), + '{"first_name": "John", "last_name": "Smith", "is_alive": true, "age": 27,' + )->assertStatus(400) + ->assertJsonPath( + 'message', + fn ($error) => substr($error, 0, strlen(ValidateJSON::$message)) == ValidateJSON::$message + ); + } public function testCorrectParameters() { $this->assertSame(AccountCreationToken::count(), 0);