Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feature #27735 [Validator][DoctrineBridge][FWBundle] Automatic data v…
…alidation (dunglas) This PR was merged into the 4.3-dev branch. Discussion ---------- [Validator][DoctrineBridge][FWBundle] Automatic data validation | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes<!-- don't forget to update src/**/CHANGELOG.md files --> | BC breaks? | no <!-- see https://symfony.com/bc --> | Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files --> | Tests pass? | yes <!-- please add some, will be required by reviewers --> | Fixed tickets | n/a <!-- #-prefixed issue number(s), if any --> | License | MIT | Doc PR | symfony/symfony-docs#11132 This feature automatically adds some validation constraints by inferring existing metadata. To do so, it uses the PropertyInfo component and Doctrine metadata, but it has been designed to be easily extendable. Example: ```php use Doctrine\ORM\Mapping as ORM; /** * @Orm\Entity */ class Dummy { /** * @Orm\Id * @Orm\GeneratedValue(strategy="AUTO") * @Orm\Column(type="integer") */ public $id; /** * @Orm\Column(nullable=true) */ public $columnNullable; /** * @Orm\Column(length=20) */ public $columnLength; /** * @Orm\Column(unique=true) */ public $columnUnique; } $manager = $this->managerRegistry->getManager(); $manager->getRepository(Dummy::class); $firstOne = new Dummy(); $firstOne->columnUnique = 'unique'; $firstOne->columnLength = '0'; $manager->persist($firstOne); $manager->flush(); $dummy = new Dummy(); $dummy->columnNullable = 1; // type mistmatch $dummy->columnLength = '012345678901234567890'; // too long $dummy->columnUnique = 'unique'; // not unique $res = $this->validator->validate($dummy); dump((string) $res); /* Object(App\Entity\Dummy).columnUnique:\n This value is already used. (code 23bd9dbf-6b9b-41cd-a99e-4844bcf3077f)\n Object(App\Entity\Dummy).columnLength:\n This value is too long. It should have 20 characters or less. (code d94b19cc-114f-4f44-9cc4-4138e80a87b9)\n Object(App\Entity\Dummy).id:\n This value should not be null. (code ad32d13f-c3d4-423b-909a-857b961eb720)\n Object(App\Entity\Dummy).columnNullable:\n This value should be of type string. (code ba785a8c-82cb-4283-967c-3cf342181b40)\n */ ``` It also works for DTOs: ```php class MyDto { /** @var string */ public $name; } $dto = new MyDto(); $dto->name = 1; // type error dump($validator->validate($dto)); /* Object(MyDto).name:\n This value should be of type string. (code ba785a8c-82cb-4283-967c-3cf342181b40)\n */ ``` Supported constraints currently are: * `@NotNull` (using PropertyInfo type extractor, so supports Doctrine metadata, getters/setters and PHPDoc) * `@Type` (using PropertyInfo type extractor, so supports Doctrine metadata, getters/setters and PHPDoc) * `@UniqueEntity` (using Doctrine's `unique` metadata) * `@Length` (using Doctrine's `length` metadata) Many users don't understand that the Doctrine mapping doesn't validate anything (it's just a hint for the schema generator). It leads to usability and security issues (that are not entirely fixed by this PR!!). Even the ones who add constraints often omit important ones like `@Length`, or `@Type` (important when building web APIs). This PR aims to improve things a bit, and ease the development process in RAD and when prototyping. It provides an upgrade path to use proper validation constraints. I plan to make it opt-in, disabled by default, but enabled in the default Flex recipe. (= off by default when using components, on by default when using the full stack framework) TODO: * [x] Add configuration flags * [x] Move the Doctrine-related DI logic from the extension to DoctrineBundle: doctrine/DoctrineBundle#831 * [x] Commit the tests Commits ------- 2d64e703c2 [Validator][DoctrineBridge][FWBundle] Automatic data validation
- Loading branch information
Showing
6 changed files
with
539 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,93 @@ | ||
| <?php | ||
|
|
||
| /* | ||
| * This file is part of the Symfony package. | ||
| * | ||
| * (c) Fabien Potencier <fabien@symfony.com> | ||
| * | ||
| * For the full copyright and license information, please view the LICENSE | ||
| * file that was distributed with this source code. | ||
| */ | ||
|
|
||
| namespace Symfony\Component\Validator\DependencyInjection; | ||
|
|
||
| use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface; | ||
| use Symfony\Component\DependencyInjection\ContainerBuilder; | ||
| use Symfony\Component\DependencyInjection\Reference; | ||
|
|
||
| /** | ||
| * Injects the automapping configuration as last argument of loaders tagged with the "validator.auto_mapper" tag. | ||
| * | ||
| * @author Kévin Dunglas <dunglas@gmail.com> | ||
| */ | ||
| class AddAutoMappingConfigurationPass implements CompilerPassInterface | ||
| { | ||
| private $validatorBuilderService; | ||
| private $tag; | ||
|
|
||
| public function __construct(string $validatorBuilderService = 'validator.builder', string $tag = 'validator.auto_mapper') | ||
| { | ||
| $this->validatorBuilderService = $validatorBuilderService; | ||
| $this->tag = $tag; | ||
| } | ||
|
|
||
| /** | ||
| * {@inheritdoc} | ||
| */ | ||
| public function process(ContainerBuilder $container) | ||
| { | ||
| if (!$container->hasParameter('validator.auto_mapping') || !$container->hasDefinition($this->validatorBuilderService)) { | ||
| return; | ||
| } | ||
|
|
||
| $config = $container->getParameter('validator.auto_mapping'); | ||
|
|
||
| $globalNamespaces = []; | ||
| $servicesToNamespaces = []; | ||
| foreach ($config as $namespace => $value) { | ||
| if ([] === $value['services']) { | ||
| $globalNamespaces[] = $namespace; | ||
|
|
||
| continue; | ||
| } | ||
|
|
||
| foreach ($value['services'] as $service) { | ||
| $servicesToNamespaces[$service][] = $namespace; | ||
| } | ||
| } | ||
|
|
||
| $validatorBuilder = $container->getDefinition($this->validatorBuilderService); | ||
| foreach ($container->findTaggedServiceIds($this->tag) as $id => $tags) { | ||
| $regexp = $this->getRegexp(array_merge($globalNamespaces, $servicesToNamespaces[$id] ?? [])); | ||
|
|
||
| $container->getDefinition($id)->setArgument('$classValidatorRegexp', $regexp); | ||
| $validatorBuilder->addMethodCall('addLoader', [new Reference($id)]); | ||
| } | ||
|
|
||
| $container->getParameterBag()->remove('validator.auto_mapping'); | ||
| } | ||
|
|
||
| /** | ||
| * Builds a regexp to check if a class is auto-mapped. | ||
| */ | ||
| private function getRegexp(array $patterns): string | ||
| { | ||
| $regexps = []; | ||
| foreach ($patterns as $pattern) { | ||
| // Escape namespace | ||
| $regex = preg_quote(ltrim($pattern, '\\')); | ||
|
|
||
| // Wildcards * and ** | ||
| $regex = strtr($regex, ['\\*\\*' => '.*?', '\\*' => '[^\\\\]*?']); | ||
|
|
||
| // If this class does not end by a slash, anchor the end | ||
| if ('\\' !== substr($regex, -1)) { | ||
| $regex .= '$'; | ||
| } | ||
|
|
||
| $regexps[] = '^'.$regex; | ||
| } | ||
|
|
||
| return sprintf('{%s}', implode('|', $regexps)); | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,151 @@ | ||
| <?php | ||
|
|
||
| /* | ||
| * This file is part of the Symfony package. | ||
| * | ||
| * (c) Fabien Potencier <fabien@symfony.com> | ||
| * | ||
| * For the full copyright and license information, please view the LICENSE | ||
| * file that was distributed with this source code. | ||
| */ | ||
|
|
||
| namespace Symfony\Component\Validator\Mapping\Loader; | ||
|
|
||
| use Symfony\Component\PropertyInfo\PropertyListExtractorInterface; | ||
| use Symfony\Component\PropertyInfo\PropertyTypeExtractorInterface; | ||
| use Symfony\Component\PropertyInfo\Type as PropertyInfoType; | ||
| use Symfony\Component\Validator\Constraints\All; | ||
| use Symfony\Component\Validator\Constraints\NotBlank; | ||
| use Symfony\Component\Validator\Constraints\NotNull; | ||
| use Symfony\Component\Validator\Constraints\Type; | ||
| use Symfony\Component\Validator\Mapping\ClassMetadata; | ||
|
|
||
| /** | ||
| * Guesses and loads the appropriate constraints using PropertyInfo. | ||
| * | ||
| * @author Kévin Dunglas <dunglas@gmail.com> | ||
| */ | ||
| final class PropertyInfoLoader implements LoaderInterface | ||
| { | ||
| private $listExtractor; | ||
| private $typeExtractor; | ||
| private $classValidatorRegexp; | ||
|
|
||
| public function __construct(PropertyListExtractorInterface $listExtractor, PropertyTypeExtractorInterface $typeExtractor, string $classValidatorRegexp = null) | ||
| { | ||
| $this->listExtractor = $listExtractor; | ||
| $this->typeExtractor = $typeExtractor; | ||
| $this->classValidatorRegexp = $classValidatorRegexp; | ||
| } | ||
|
|
||
| /** | ||
| * {@inheritdoc} | ||
| */ | ||
| public function loadClassMetadata(ClassMetadata $metadata) | ||
| { | ||
| $className = $metadata->getClassName(); | ||
| if (null !== $this->classValidatorRegexp && !preg_match($this->classValidatorRegexp, $className)) { | ||
| return false; | ||
| } | ||
|
|
||
| if (!$properties = $this->listExtractor->getProperties($className)) { | ||
| return false; | ||
| } | ||
|
|
||
| foreach ($properties as $property) { | ||
| $types = $this->typeExtractor->getTypes($className, $property); | ||
| if (null === $types) { | ||
| continue; | ||
| } | ||
|
|
||
| $hasTypeConstraint = false; | ||
| $hasNotNullConstraint = false; | ||
| $hasNotBlankConstraint = false; | ||
| $allConstraint = null; | ||
| foreach ($metadata->getPropertyMetadata($property) as $propertyMetadata) { | ||
| foreach ($propertyMetadata->getConstraints() as $constraint) { | ||
| if ($constraint instanceof Type) { | ||
| $hasTypeConstraint = true; | ||
| } elseif ($constraint instanceof NotNull) { | ||
| $hasNotNullConstraint = true; | ||
| } elseif ($constraint instanceof NotBlank) { | ||
| $hasNotBlankConstraint = true; | ||
| } elseif ($constraint instanceof All) { | ||
| $allConstraint = $constraint; | ||
| } | ||
| } | ||
| } | ||
|
|
||
| $builtinTypes = []; | ||
| $nullable = false; | ||
| $scalar = true; | ||
| foreach ($types as $type) { | ||
| $builtinTypes[] = $type->getBuiltinType(); | ||
|
|
||
| if ($scalar && !\in_array($type->getBuiltinType(), [PropertyInfoType::BUILTIN_TYPE_INT, PropertyInfoType::BUILTIN_TYPE_FLOAT, PropertyInfoType::BUILTIN_TYPE_STRING, PropertyInfoType::BUILTIN_TYPE_BOOL], true)) { | ||
| $scalar = false; | ||
| } | ||
|
|
||
| if (!$nullable && $type->isNullable()) { | ||
| $nullable = true; | ||
| } | ||
| } | ||
| if (!$hasTypeConstraint) { | ||
| if (1 === \count($builtinTypes)) { | ||
| if ($types[0]->isCollection() && (null !== $collectionValueType = $types[0]->getCollectionValueType())) { | ||
| $this->handleAllConstraint($property, $allConstraint, $collectionValueType, $metadata); | ||
| } | ||
|
|
||
| $metadata->addPropertyConstraint($property, $this->getTypeConstraint($builtinTypes[0], $types[0])); | ||
| } elseif ($scalar) { | ||
| $metadata->addPropertyConstraint($property, new Type(['type' => 'scalar'])); | ||
| } | ||
| } | ||
|
|
||
| if (!$nullable && !$hasNotBlankConstraint && !$hasNotNullConstraint) { | ||
| $metadata->addPropertyConstraint($property, new NotNull()); | ||
| } | ||
| } | ||
|
|
||
| return true; | ||
| } | ||
|
|
||
| private function getTypeConstraint(string $builtinType, PropertyInfoType $type): Type | ||
| { | ||
| if (PropertyInfoType::BUILTIN_TYPE_OBJECT === $builtinType && null !== $className = $type->getClassName()) { | ||
| return new Type(['type' => $className]); | ||
| } | ||
|
|
||
| return new Type(['type' => $builtinType]); | ||
| } | ||
|
|
||
| private function handleAllConstraint(string $property, ?All $allConstraint, PropertyInfoType $propertyInfoType, ClassMetadata $metadata) | ||
| { | ||
| $containsTypeConstraint = false; | ||
| $containsNotNullConstraint = false; | ||
| if (null !== $allConstraint) { | ||
| foreach ($allConstraint->constraints as $constraint) { | ||
| if ($constraint instanceof Type) { | ||
| $containsTypeConstraint = true; | ||
| } elseif ($constraint instanceof NotNull) { | ||
| $containsNotNullConstraint = true; | ||
| } | ||
| } | ||
| } | ||
|
|
||
| $constraints = []; | ||
| if (!$containsNotNullConstraint && !$propertyInfoType->isNullable()) { | ||
| $constraints[] = new NotNull(); | ||
| } | ||
|
|
||
| if (!$containsTypeConstraint) { | ||
| $constraints[] = $this->getTypeConstraint($propertyInfoType->getBuiltinType(), $propertyInfoType); | ||
| } | ||
|
|
||
| if (null === $allConstraint) { | ||
| $metadata->addPropertyConstraint($property, new All(['constraints' => $constraints])); | ||
| } else { | ||
| $allConstraint->constraints = array_merge($allConstraint->constraints, $constraints); | ||
| } | ||
| } | ||
| } |
73 changes: 73 additions & 0 deletions
73
Tests/DependencyInjection/AddAutoMappingConfigurationPassTest.php
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,73 @@ | ||
| <?php | ||
|
|
||
| /* | ||
| * This file is part of the Symfony package. | ||
| * | ||
| * (c) Fabien Potencier <fabien@symfony.com> | ||
| * | ||
| * For the full copyright and license information, please view the LICENSE | ||
| * file that was distributed with this source code. | ||
| */ | ||
|
|
||
| namespace Symfony\Component\Validator\Tests\DependencyInjection; | ||
|
|
||
| use PHPUnit\Framework\TestCase; | ||
| use Symfony\Component\DependencyInjection\ContainerBuilder; | ||
| use Symfony\Component\Validator\DependencyInjection\AddAutoMappingConfigurationPass; | ||
| use Symfony\Component\Validator\Tests\Fixtures\PropertyInfoLoaderEntity; | ||
| use Symfony\Component\Validator\ValidatorBuilder; | ||
|
|
||
| /** | ||
| * @author Kévin Dunglas <dunglas@gmail.com> | ||
| */ | ||
| class AddAutoMappingConfigurationPassTest extends TestCase | ||
| { | ||
| public function testNoConfigParameter() | ||
| { | ||
| $container = new ContainerBuilder(); | ||
| (new AddAutoMappingConfigurationPass())->process($container); | ||
| $this->assertCount(1, $container->getDefinitions()); | ||
| } | ||
|
|
||
| public function testNoValidatorBuilder() | ||
| { | ||
| $container = new ContainerBuilder(); | ||
| (new AddAutoMappingConfigurationPass())->process($container); | ||
| $this->assertCount(1, $container->getDefinitions()); | ||
| } | ||
|
|
||
| /** | ||
| * @dataProvider mappingProvider | ||
| */ | ||
| public function testProcess(string $namespace, array $services, string $expectedRegexp) | ||
| { | ||
| $container = new ContainerBuilder(); | ||
| $container->setParameter('validator.auto_mapping', [ | ||
| 'App\\' => ['services' => []], | ||
| $namespace => ['services' => $services], | ||
| ]); | ||
|
|
||
| $container->register('validator.builder', ValidatorBuilder::class); | ||
| foreach ($services as $service) { | ||
| $container->register($service)->addTag('validator.auto_mapper'); | ||
| } | ||
|
|
||
| (new AddAutoMappingConfigurationPass())->process($container); | ||
|
|
||
| foreach ($services as $service) { | ||
| $this->assertSame($expectedRegexp, $container->getDefinition($service)->getArgument('$classValidatorRegexp')); | ||
| } | ||
| $this->assertCount(\count($services), $container->getDefinition('validator.builder')->getMethodCalls()); | ||
| } | ||
|
|
||
| public function mappingProvider(): array | ||
| { | ||
| return [ | ||
| ['Foo\\', ['foo', 'baz'], '{^App\\\\|^Foo\\\\}'], | ||
| [PropertyInfoLoaderEntity::class, ['class'], '{^App\\\\|^Symfony\\\\Component\\\\Validator\\\\Tests\\\\Fixtures\\\\PropertyInfoLoaderEntity$}'], | ||
| ['Symfony\Component\Validator\Tests\Fixtures\\', ['trailing_antislash'], '{^App\\\\|^Symfony\\\\Component\\\\Validator\\\\Tests\\\\Fixtures\\\\}'], | ||
| ['Symfony\Component\Validator\Tests\Fixtures\\*', ['trailing_star'], '{^App\\\\|^Symfony\\\\Component\\\\Validator\\\\Tests\\\\Fixtures\\\\[^\\\\]*?$}'], | ||
| ['Symfony\Component\Validator\Tests\Fixtures\\**', ['trailing_double_star'], '{^App\\\\|^Symfony\\\\Component\\\\Validator\\\\Tests\\\\Fixtures\\\\.*?$}'], | ||
| ]; | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| <?php | ||
|
|
||
| /* | ||
| * This file is part of the Symfony package. | ||
| * | ||
| * (c) Fabien Potencier <fabien@symfony.com> | ||
| * | ||
| * For the full copyright and license information, please view the LICENSE | ||
| * file that was distributed with this source code. | ||
| */ | ||
|
|
||
| namespace Symfony\Component\Validator\Tests\Fixtures; | ||
|
|
||
| use Symfony\Component\Validator\Constraints as Assert; | ||
|
|
||
| /** | ||
| * @author Kévin Dunglas <dunglas@gmail.com> | ||
| */ | ||
| class PropertyInfoLoaderEntity | ||
| { | ||
| public $nullableString; | ||
| public $string; | ||
| public $scalar; | ||
| public $object; | ||
| public $collection; | ||
|
|
||
| /** | ||
| * @Assert\Type(type="int") | ||
| */ | ||
| public $alreadyMappedType; | ||
|
|
||
| /** | ||
| * @Assert\NotNull | ||
| */ | ||
| public $alreadyMappedNotNull; | ||
|
|
||
| /** | ||
| * @Assert\NotBlank | ||
| */ | ||
| public $alreadyMappedNotBlank; | ||
|
|
||
| /** | ||
| * @Assert\All({ | ||
| * @Assert\Type(type="string"), | ||
| * @Assert\Iban | ||
| * }) | ||
| */ | ||
| public $alreadyPartiallyMappedCollection; | ||
| } |
Oops, something went wrong.