MediaWiki  master
Validator.php
Go to the documentation of this file.
1 <?php
2 
4 
11 use Wikimedia\ObjectFactory;
22 
30 class Validator {
31 
33  private const TYPE_DEFS = [
34  'boolean' => [ 'class' => BooleanDef::class ],
35  'enum' => [ 'class' => EnumDef::class ],
36  'integer' => [ 'class' => IntegerDef::class ],
37  'float' => [ 'class' => FloatDef::class ],
38  'double' => [ 'class' => FloatDef::class ],
39  'NULL' => [
40  'class' => StringDef::class,
41  'args' => [ [
42  'allowEmptyWhenRequired' => true,
43  ] ],
44  ],
45  'password' => [ 'class' => PasswordDef::class ],
46  'string' => [ 'class' => StringDef::class ],
47  'timestamp' => [ 'class' => TimestampDef::class ],
48  'upload' => [ 'class' => UploadDef::class ],
49  ];
50 
52  private const NO_BODY_METHODS = [ 'GET', 'HEAD', 'DELETE' ];
53 
55  private const BODY_METHODS = [ 'POST', 'PUT' ];
56 
58  private const FORM_DATA_CONTENT_TYPES = [
59  'application/x-www-form-urlencoded',
60  'multipart/form-data',
61  ];
62 
64  private $paramValidator;
65 
73  public function __construct(
74  ObjectFactory $objectFactory,
75  PermissionManager $permissionManager,
76  RequestInterface $request,
77  UserIdentity $user
78  ) {
79  $this->paramValidator = new ParamValidator(
80  new ParamValidatorCallbacks( $permissionManager, $request, $user ),
81  $objectFactory,
82  [
83  'typeDefs' => self::TYPE_DEFS,
84  ]
85  );
86  }
87 
94  public function validateParams( array $paramSettings ) {
95  $validatedParams = [];
96  foreach ( $paramSettings as $name => $settings ) {
97  try {
98  $validatedParams[$name] = $this->paramValidator->getValue( $name, $settings, [
99  'source' => $settings[Handler::PARAM_SOURCE] ?? 'unspecified',
100  ] );
101  } catch ( ValidationException $e ) {
102  throw new LocalizedHttpException( $e->getFailureMessage(), 400, [
103  'error' => 'parameter-validation-failed',
104  'name' => $e->getParamName(),
105  'value' => $e->getParamValue(),
106  'failureCode' => $e->getFailureMessage()->getCode(),
107  'failureData' => $e->getFailureMessage()->getData(),
108  ] );
109  }
110  }
111  return $validatedParams;
112  }
113 
126  public function validateBody( RequestInterface $request, Handler $handler ) {
127  $method = strtoupper( trim( $request->getMethod() ) );
128 
129  // If the method should never have a body, don't bother validating.
130  if ( in_array( $method, self::NO_BODY_METHODS, true ) ) {
131  return null;
132  }
133 
134  // Get the content type
135  list( $ct ) = explode( ';', $request->getHeaderLine( 'Content-Type' ), 2 );
136  $ct = strtolower( trim( $ct ) );
137  if ( $ct === '' ) {
138  // No Content-Type was supplied. RFC 7231 ยง 3.1.1.5 allows this, but since it's probably a
139  // client error let's return a 415. But don't 415 for unknown methods and an empty body.
140  if ( !in_array( $method, self::BODY_METHODS, true ) ) {
141  $body = $request->getBody();
142  $size = $body->getSize();
143  if ( $size === null ) {
144  // No size available. Try reading 1 byte.
145  if ( $body->isSeekable() ) {
146  $body->rewind();
147  }
148  $size = $body->read( 1 ) === '' ? 0 : 1;
149  }
150  if ( $size === 0 ) {
151  return null;
152  }
153  }
154  throw new HttpException( "A Content-Type header must be supplied with a request payload.", 415, [
155  'error' => 'no-content-type',
156  ] );
157  }
158 
159  // Form data is parsed into $_POST and $_FILES by PHP and from there is accessed as parameters,
160  // don't bother trying to handle these via BodyValidator too.
161  if ( in_array( $ct, self::FORM_DATA_CONTENT_TYPES, true ) ) {
162  return null;
163  }
164 
165  // Validate the body. BodyValidator throws an HttpException on failure.
166  return $handler->getBodyValidator( $ct )->validateBody( $request );
167  }
168 
169 }
MediaWiki\Rest\Handler
Definition: CompareHandler.php:3
MediaWiki\Rest\Validator\Validator\__construct
__construct(ObjectFactory $objectFactory, PermissionManager $permissionManager, RequestInterface $request, UserIdentity $user)
Definition: Validator.php:73
Wikimedia\ParamValidator\ValidationException
Error reporting for ParamValidator.
Definition: ValidationException.php:16
MediaWiki\Rest\Validator\Validator
Wrapper for ParamValidator.
Definition: Validator.php:30
MediaWiki\Rest\Handler\PARAM_SOURCE
const PARAM_SOURCE
(string) ParamValidator constant to specify the source of the parameter.
Definition: Handler.php:15
Wikimedia\ParamValidator\TypeDef\EnumDef
Type definition for enumeration types.
Definition: EnumDef.php:32
Wikimedia\ParamValidator\ValidationException\getParamName
getParamName()
Fetch the parameter name that failed validation.
Definition: ValidationException.php:70
MediaWiki\User\UserIdentity
Interface for objects representing user identity.
Definition: UserIdentity.php:32
MediaWiki\Rest\Handler
Definition: Handler.php:9
MediaWiki\Rest\Validator\ParamValidatorCallbacks
Definition: ParamValidatorCallbacks.php:13
MediaWiki\Rest\RequestInterface\getBody
getBody()
Gets the body of the message.
Wikimedia\ParamValidator\ValidationException\getParamValue
getParamValue()
Fetch the parameter value that failed validation.
Definition: ValidationException.php:78
Wikimedia\ParamValidator\ValidationException\getFailureMessage
getFailureMessage()
Fetch the validation failure message.
Definition: ValidationException.php:62
MediaWiki\Rest\Validator\Validator\validateParams
validateParams(array $paramSettings)
Validate parameters.
Definition: Validator.php:94
MediaWiki\Rest\RequestInterface\getMethod
getMethod()
Retrieves the HTTP method of the request.
Wikimedia\ParamValidator\TypeDef\FloatDef
Type definition for a floating-point type.
Definition: FloatDef.php:29
Wikimedia\ParamValidator\TypeDef\StringDef
Type definition for string types.
Definition: StringDef.php:24
Wikimedia\ParamValidator\TypeDef\BooleanDef
Type definition for boolean types.
Definition: BooleanDef.php:23
MediaWiki\Permissions\PermissionManager
A service class for checking permissions To obtain an instance, use MediaWikiServices::getInstance()-...
Definition: PermissionManager.php:48
Wikimedia\ParamValidator\TypeDef\TimestampDef
Type definition for timestamp types.
Definition: TimestampDef.php:31
MediaWiki\Rest\RequestInterface
A request interface similar to PSR-7's ServerRequestInterface.
Definition: RequestInterface.php:39
MediaWiki\Rest\HttpException
This is the base exception class for non-fatal exceptions thrown from REST handlers.
Definition: HttpException.php:10
Wikimedia\ParamValidator\TypeDef\PasswordDef
Type definition for "password" types.
Definition: PasswordDef.php:16
MediaWiki\Rest\Validator\Validator\validateBody
validateBody(RequestInterface $request, Handler $handler)
Validate the body of a request.
Definition: Validator.php:126
Wikimedia\ParamValidator\TypeDef\IntegerDef
Type definition for integer types.
Definition: IntegerDef.php:23
Wikimedia\ParamValidator\TypeDef\UploadDef
Type definition for upload types.
Definition: UploadDef.php:34
MediaWiki\Rest\Validator
Definition: BodyValidator.php:3
MediaWiki\Rest\RequestInterface\getHeaderLine
getHeaderLine( $name)
Retrieves a comma-separated string of the values for a single header.
MediaWiki\Rest\Validator\Validator\$paramValidator
ParamValidator $paramValidator
Definition: Validator.php:57
Wikimedia\ParamValidator\ParamValidator
Service for formatting and validating API parameters.
Definition: ParamValidator.php:42
MediaWiki\Rest\Handler\getBodyValidator
getBodyValidator( $contentType)
Fetch the BodyValidator.
Definition: Handler.php:177
MediaWiki\Rest\LocalizedHttpException
Definition: LocalizedHttpException.php:7