MediaWiki  master
Validator.php
Go to the documentation of this file.
1 <?php
2 
4 
11 use Wikimedia\ObjectFactory;
23 
31 class Validator {
32 
34  private const TYPE_DEFS = [
35  'boolean' => [ 'class' => BooleanDef::class ],
36  'enum' => [ 'class' => EnumDef::class ],
37  'integer' => [ 'class' => IntegerDef::class ],
38  'float' => [ 'class' => FloatDef::class ],
39  'double' => [ 'class' => FloatDef::class ],
40  'NULL' => [
41  'class' => StringDef::class,
42  'args' => [ [
43  'allowEmptyWhenRequired' => true,
44  ] ],
45  ],
46  'password' => [ 'class' => PasswordDef::class ],
47  'string' => [ 'class' => StringDef::class ],
48  'timestamp' => [ 'class' => TimestampDef::class ],
49  'upload' => [ 'class' => UploadDef::class ],
50  'expiry' => [ 'class' => ExpiryDef::class ],
51  ];
52 
54  private const NO_BODY_METHODS = [ 'GET', 'HEAD', 'DELETE' ];
55 
57  private const BODY_METHODS = [ 'POST', 'PUT' ];
58 
60  private const FORM_DATA_CONTENT_TYPES = [
61  'application/x-www-form-urlencoded',
62  'multipart/form-data',
63  ];
64 
66  private $paramValidator;
67 
75  public function __construct(
76  ObjectFactory $objectFactory,
77  PermissionManager $permissionManager,
78  RequestInterface $request,
79  UserIdentity $user
80  ) {
81  $this->paramValidator = new ParamValidator(
82  new ParamValidatorCallbacks( $permissionManager, $request, $user ),
83  $objectFactory,
84  [
85  'typeDefs' => self::TYPE_DEFS,
86  ]
87  );
88  }
89 
96  public function validateParams( array $paramSettings ) {
97  $validatedParams = [];
98  foreach ( $paramSettings as $name => $settings ) {
99  try {
100  $validatedParams[$name] = $this->paramValidator->getValue( $name, $settings, [
101  'source' => $settings[Handler::PARAM_SOURCE] ?? 'unspecified',
102  ] );
103  } catch ( ValidationException $e ) {
104  throw new LocalizedHttpException( $e->getFailureMessage(), 400, [
105  'error' => 'parameter-validation-failed',
106  'name' => $e->getParamName(),
107  'value' => $e->getParamValue(),
108  'failureCode' => $e->getFailureMessage()->getCode(),
109  'failureData' => $e->getFailureMessage()->getData(),
110  ] );
111  }
112  }
113  return $validatedParams;
114  }
115 
128  public function validateBody( RequestInterface $request, Handler $handler ) {
129  $method = strtoupper( trim( $request->getMethod() ) );
130 
131  // If the method should never have a body, don't bother validating.
132  if ( in_array( $method, self::NO_BODY_METHODS, true ) ) {
133  return null;
134  }
135 
136  // Get the content type
137  list( $ct ) = explode( ';', $request->getHeaderLine( 'Content-Type' ), 2 );
138  $ct = strtolower( trim( $ct ) );
139  if ( $ct === '' ) {
140  // No Content-Type was supplied. RFC 7231 ยง 3.1.1.5 allows this, but since it's probably a
141  // client error let's return a 415. But don't 415 for unknown methods and an empty body.
142  if ( !in_array( $method, self::BODY_METHODS, true ) ) {
143  $body = $request->getBody();
144  $size = $body->getSize();
145  if ( $size === null ) {
146  // No size available. Try reading 1 byte.
147  if ( $body->isSeekable() ) {
148  $body->rewind();
149  }
150  $size = $body->read( 1 ) === '' ? 0 : 1;
151  }
152  if ( $size === 0 ) {
153  return null;
154  }
155  }
156  throw new HttpException( "A Content-Type header must be supplied with a request payload.", 415, [
157  'error' => 'no-content-type',
158  ] );
159  }
160 
161  // Form data is parsed into $_POST and $_FILES by PHP and from there is accessed as parameters,
162  // don't bother trying to handle these via BodyValidator too.
163  if ( in_array( $ct, self::FORM_DATA_CONTENT_TYPES, true ) ) {
164  return null;
165  }
166 
167  // Validate the body. BodyValidator throws an HttpException on failure.
168  return $handler->getBodyValidator( $ct )->validateBody( $request );
169  }
170 
171 }
MediaWiki\Rest\Handler
Definition: ActionModuleBasedHandler.php:3
MediaWiki\Rest\Validator\Validator\__construct
__construct(ObjectFactory $objectFactory, PermissionManager $permissionManager, RequestInterface $request, UserIdentity $user)
Definition: Validator.php:75
Wikimedia\ParamValidator\ValidationException
Error reporting for ParamValidator.
Definition: ValidationException.php:16
MediaWiki\Rest\Validator\Validator
Wrapper for ParamValidator.
Definition: Validator.php:31
MediaWiki\Rest\Handler\PARAM_SOURCE
const PARAM_SOURCE
(string) ParamValidator constant to specify the source of the parameter.
Definition: Handler.php:17
Wikimedia\ParamValidator\TypeDef\EnumDef
Type definition for enumeration types.
Definition: EnumDef.php:32
Wikimedia\ParamValidator\ValidationException\getParamName
getParamName()
Fetch the parameter name that failed validation.
Definition: ValidationException.php:71
MediaWiki\User\UserIdentity
Interface for objects representing user identity.
Definition: UserIdentity.php:32
MediaWiki\Rest\Handler
Definition: Handler.php:11
MediaWiki\Rest\Validator\ParamValidatorCallbacks
Definition: ParamValidatorCallbacks.php:13
MediaWiki\Rest\RequestInterface\getBody
getBody()
Gets the body of the message.
Wikimedia\ParamValidator\ValidationException\getParamValue
getParamValue()
Fetch the parameter value that failed validation.
Definition: ValidationException.php:79
Wikimedia\ParamValidator\TypeDef\ExpiryDef
Type definition for expiry timestamps.
Definition: ExpiryDef.php:16
Wikimedia\ParamValidator\ValidationException\getFailureMessage
getFailureMessage()
Fetch the validation failure message.
Definition: ValidationException.php:63
MediaWiki\Rest\Validator\Validator\validateParams
validateParams(array $paramSettings)
Validate parameters.
Definition: Validator.php:96
MediaWiki\Rest\RequestInterface\getMethod
getMethod()
Retrieves the HTTP method of the request.
Wikimedia\ParamValidator\TypeDef\FloatDef
Type definition for a floating-point type.
Definition: FloatDef.php:29
Wikimedia\ParamValidator\TypeDef\StringDef
Type definition for string types.
Definition: StringDef.php:24
Wikimedia\ParamValidator\TypeDef\BooleanDef
Type definition for boolean types.
Definition: BooleanDef.php:23
MediaWiki\Permissions\PermissionManager
A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()-...
Definition: PermissionManager.php:49
Wikimedia\ParamValidator\TypeDef\TimestampDef
Type definition for timestamp types.
Definition: TimestampDef.php:32
MediaWiki\Rest\RequestInterface
A request interface similar to PSR-7's ServerRequestInterface.
Definition: RequestInterface.php:39
MediaWiki\Rest\HttpException
This is the base exception class for non-fatal exceptions thrown from REST handlers.
Definition: HttpException.php:12
Wikimedia\ParamValidator\TypeDef\PasswordDef
Type definition for "password" types.
Definition: PasswordDef.php:16
MediaWiki\Rest\Validator\Validator\validateBody
validateBody(RequestInterface $request, Handler $handler)
Validate the body of a request.
Definition: Validator.php:128
Wikimedia\ParamValidator\TypeDef\IntegerDef
Type definition for integer types.
Definition: IntegerDef.php:23
Wikimedia\ParamValidator\TypeDef\UploadDef
Type definition for upload types.
Definition: UploadDef.php:34
MediaWiki\Rest\Validator
Definition: BodyValidator.php:3
MediaWiki\Rest\RequestInterface\getHeaderLine
getHeaderLine( $name)
Retrieves a comma-separated string of the values for a single header.
MediaWiki\Rest\Validator\Validator\$paramValidator
ParamValidator $paramValidator
Definition: Validator.php:59
Wikimedia\ParamValidator\ParamValidator
Service for formatting and validating API parameters.
Definition: ParamValidator.php:42
MediaWiki\Rest\Handler\getBodyValidator
getBodyValidator( $contentType)
Fetch the BodyValidator.
Definition: Handler.php:205
MediaWiki\Rest\LocalizedHttpException
@newable
Definition: LocalizedHttpException.php:10