add 'Yaml', 'Xml, and 'Jwt' constraints #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
8087d87 to
7764365
Compare
ostrolucky
reviewed
Jun 10, 2024
Comment on lines
+35
to
+41
| // Check if the decoded header and payload are valid JSON | ||
| if (!json_validate($decodedHeader) || !json_validate($decodedPayload)) { | ||
| return false; | ||
| } | ||
|
|
||
| // At this point, it looks like a JWT | ||
| return true; |
There was a problem hiding this comment.
Suggested change
| // Check if the decoded header and payload are valid JSON | |
| if (!json_validate($decodedHeader) || !json_validate($decodedPayload)) { | |
| return false; | |
| } | |
| // At this point, it looks like a JWT | |
| return true; | |
| return json_validate($decodedHeader) && json_validate($decodedPayload) |
| return false; | ||
| } | ||
|
|
||
| [$header, $payload, $signature] = $parts; |
There was a problem hiding this comment.
$signature is unused
Suggested change
| [$header, $payload, $signature] = $parts; | |
| [$header, $payload] = $parts; |
| protected function validateFormat(string $value): bool | ||
| { | ||
| try { | ||
| SymfonyYaml::parse($value); |
There was a problem hiding this comment.
Consider adding some flags to make it recognize custom tags like !php/const and so on
sfmok
pushed a commit
that referenced
this pull request
Nov 5, 2024
…rsimpsons) This PR was merged into the 5.4 branch. Discussion ---------- [Yaml] 🐛 throw ParseException on invalid date | Q | A | ------------- | --- | Branch? | 5.4 <!-- see below --> | Bug fix? | yes | New feature? | no <!-- please update src/**/CHANGELOG.md files --> | Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files --> | Issues | None <!-- prefix each issue number with "Fix #", no need to create an issue if none exists, explain below instead --> | License | MIT (found in symfony-tools/docs-builder#179) When parsing the following yaml: ``` date: 6418-75-51 ``` `symfony/yaml` will throw an exception: ``` $ php main.php PHP Fatal error: Uncaught Exception: Failed to parse time string (6418-75-51) at position 6 (5): Unexpected character in /tmp/symfony-yaml/vendor/symfony/yaml/Inline.php:714 Stack trace: #0 /tmp/symfony-yaml/vendor/symfony/yaml/Inline.php(714): DateTimeImmutable->__construct() #1 /tmp/symfony-yaml/vendor/symfony/yaml/Inline.php(312): Symfony\Component\Yaml\Inline::evaluateScalar() symfony#2 /tmp/symfony-yaml/vendor/symfony/yaml/Inline.php(80): Symfony\Component\Yaml\Inline::parseScalar() symfony#3 /tmp/symfony-yaml/vendor/symfony/yaml/Parser.php(790): Symfony\Component\Yaml\Inline::parse() symfony#4 /tmp/symfony-yaml/vendor/symfony/yaml/Parser.php(341): Symfony\Component\Yaml\Parser->parseValue() symfony#5 /tmp/symfony-yaml/vendor/symfony/yaml/Parser.php(86): Symfony\Component\Yaml\Parser->doParse() symfony#6 /tmp/symfony-yaml/vendor/symfony/yaml/Yaml.php(77): Symfony\Component\Yaml\Parser->parse() symfony#7 /tmp/symfony-yaml/main.php(8): Symfony\Component\Yaml\Yaml::parse() symfony#8 {main} thrown in /tmp/symfony-yaml/vendor/symfony/yaml/Inline.php on line 714 ``` This is because the "month" is invalid. Fixing the "month" will trigger about the same issue because the "day" would be invalid. With the current change it will throw a `ParseException`. Commits ------- 6d71a7e 🐛 throw ParseException on invalid date
sfmok
pushed a commit
that referenced
this pull request
Nov 5, 2024
…nse from transport (ZhukV)
This PR was squashed before being merged into the 6.4 branch.
Discussion
----------
[Notifier][TurboSMS] Process partial accepted response from transport
| Q | A
| ------------- | ---
| Branch? | 6.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Issues | None
| License | MIT
TurboSMS can return `null` as message id, if sms not sent to recipient. Example:
```json
{
"response_code": 802,
"response_status": "SUCCESS_MESSAGE_PARTIAL_ACCEPTED",
"response_result": [
{
"phone": "recipient_1",
"response_code": 406,
"message_id": null,
"response_status": "NOT_ALLOWED_RECIPIENT_COUNTRY"
},
{
"phone": "recipient_2",
"response_code": 0,
"message_id": "f83f8868-5e46-c6cf-e4fb-615e5a293754",
"response_status": "OK"
}
]
}
```
And we receive error:
```
Symfony\Component\Notifier\Message\SentMessage::setMessageId(): Argument #1 ($id) must be of type string, null given, called in /code/vendor/symfony/turbo-sms-notifier/TurboSmsTransport.php on line 93
```
Symfony use only one phone number for sent, as result we check only first `response_result`.
Commits
-------
932dbe3 [Notifier][TurboSMS] Process partial accepted response from transport
fabpot
pushed a commit
that referenced
this pull request
Mar 28, 2025
Without the fix running `SYMFONY_PHPUNIT_SKIPPED_TESTS='phpunit.skipped' php
./phpunit src/Symfony/Component/Lock/Tests/Store/DoctrineDbalPostgreSqlStoreTest.php`
without the pdo_pgsql extension enabled the generated skip file looked like this:
```
<?php return array (
'PHPUnit\\Framework\\DataProviderTestSuite' =>
array (
'Symfony\\Component\\Lock\\Tests\\Store\\DoctrineDbalPostgreSqlStoreTest::testInvalidDriver' => 1,
),
'Symfony\\Component\\Lock\\Tests\\Store\\DoctrineDbalPostgreSqlStoreTest' =>
array (
'testSaveAfterConflict' => 1,
'testWaitAndSaveAfterConflictReleasesLockFromInternalStore' => 1,
'testWaitAndSaveReadAfterConflictReleasesLockFromInternalStore' => 1,
'testSave' => 1,
'testSaveWithDifferentResources' => 1,
'testSaveWithDifferentKeysOnSameResources' => 1,
'testSaveTwice' => 1,
'testDeleteIsolated' => 1,
'testBlockingLocks' => 1,
'testSharedLockReadFirst' => 1,
'testSharedLockWriteFirst' => 1,
'testSharedLockPromote' => 1,
'testSharedLockPromoteAllowed' => 1,
'testSharedLockDemote' => 1,
),
);
```
Thus, running the tests again with the extension enabled would only run 14
tests instead of the expected total number of 16 tests.
With the patch applied the generated skip file looks like this:
```
<?php return array (
'Symfony\\Component\\Lock\\Tests\\Store\\DoctrineDbalPostgreSqlStoreTest' =>
array (
'testInvalidDriver with data set #0' => 1,
'testInvalidDriver with data set #1' => 1,
'testSaveAfterConflict' => 1,
'testWaitAndSaveAfterConflictReleasesLockFromInternalStore' => 1,
'testWaitAndSaveReadAfterConflictReleasesLockFromInternalStore' => 1,
'testSave' => 1,
'testSaveWithDifferentResources' => 1,
'testSaveWithDifferentKeysOnSameResources' => 1,
'testSaveTwice' => 1,
'testDeleteIsolated' => 1,
'testBlockingLocks' => 1,
'testSharedLockReadFirst' => 1,
'testSharedLockWriteFirst' => 1,
'testSharedLockPromote' => 1,
'testSharedLockPromoteAllowed' => 1,
'testSharedLockDemote' => 1,
),
);
```
fabpot
pushed a commit
that referenced
this pull request
Mar 28, 2025
… providers (xabbuh)
This PR was merged into the 5.4 branch.
Discussion
----------
[PhpUnitBridge] fix dumping tests to skip with data providers
| Q | A
| ------------- | ---
| Branch? | 5.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Issues |
| License | MIT
Without the fix running `SYMFONY_PHPUNIT_SKIPPED_TESTS='phpunit.skipped' php ./phpunit src/Symfony/Component/Lock/Tests/Store/DoctrineDbalPostgreSqlStoreTest.php` without the `pdo_pgsql` extension enabled the generated skip file looked like this:
```
<?php return array (
'PHPUnit\\Framework\\DataProviderTestSuite' =>
array (
'Symfony\\Component\\Lock\\Tests\\Store\\DoctrineDbalPostgreSqlStoreTest::testInvalidDriver' => 1,
),
'Symfony\\Component\\Lock\\Tests\\Store\\DoctrineDbalPostgreSqlStoreTest' =>
array (
'testSaveAfterConflict' => 1,
'testWaitAndSaveAfterConflictReleasesLockFromInternalStore' => 1,
'testWaitAndSaveReadAfterConflictReleasesLockFromInternalStore' => 1,
'testSave' => 1,
'testSaveWithDifferentResources' => 1,
'testSaveWithDifferentKeysOnSameResources' => 1,
'testSaveTwice' => 1,
'testDeleteIsolated' => 1,
'testBlockingLocks' => 1,
'testSharedLockReadFirst' => 1,
'testSharedLockWriteFirst' => 1,
'testSharedLockPromote' => 1,
'testSharedLockPromoteAllowed' => 1,
'testSharedLockDemote' => 1,
),
);
```
Thus, running the tests again with the extension enabled would only run 14 tests instead of the expected total number of 16 tests.
With the patch applied the generated skip file looks like this:
```
<?php return array (
'Symfony\\Component\\Lock\\Tests\\Store\\DoctrineDbalPostgreSqlStoreTest' =>
array (
'testInvalidDriver with data set #0' => 1,
'testInvalidDriver with data set #1' => 1,
'testSaveAfterConflict' => 1,
'testWaitAndSaveAfterConflictReleasesLockFromInternalStore' => 1,
'testWaitAndSaveReadAfterConflictReleasesLockFromInternalStore' => 1,
'testSave' => 1,
'testSaveWithDifferentResources' => 1,
'testSaveWithDifferentKeysOnSameResources' => 1,
'testSaveTwice' => 1,
'testDeleteIsolated' => 1,
'testBlockingLocks' => 1,
'testSharedLockReadFirst' => 1,
'testSharedLockWriteFirst' => 1,
'testSharedLockPromote' => 1,
'testSharedLockPromoteAllowed' => 1,
'testSharedLockDemote' => 1,
),
);
```
Commits
-------
95f41cc fix dumping tests to skip with data providers
fabpot
pushed a commit
that referenced
this pull request
Mar 28, 2025
… not throw exception (lyrixx) This PR was merged into the 5.4 branch. Discussion ---------- [HttpKernel] Ensure `HttpCache::getTraceKey()` does not throw exception | Q | A | ------------- | --- | Branch? | 5.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | - | License | MIT We have such logs in our logs. It's in our raw PHP logs. They are not caught by monolog, it's too early ``` [11-Oct-2024 01:23:33 UTC] PHP Fatal error: Uncaught Symfony\Component\HttpFoundation\Exception\SuspiciousOperationException: Invalid method override "__CONSTRUCT". in /var/www/redirection.io/backend/blue/vendor/symfony/http-foundation/Request.php:1234 Stack trace: #0 /var/www/redirection.io/backend/blue/vendor/symfony/http-kernel/HttpCache/HttpCache.php(728): Symfony\Component\HttpFoundation\Request->getMethod() #1 /var/www/redirection.io/backend/blue/vendor/symfony/http-kernel/HttpCache/HttpCache.php(207): Symfony\Component\HttpKernel\HttpCache\HttpCache->getTraceKey() symfony#2 /var/www/redirection.io/backend/blue/vendor/symfony/http-kernel/Kernel.php(188): Symfony\Component\HttpKernel\HttpCache\HttpCache->handle() symfony#3 /var/www/redirection.io/backend/blue/web/app.php(9): Symfony\Component\HttpKernel\Kernel->handle() symfony#4 {main} thrown in /var/www/redirection.io/backend/blue/vendor/symfony/http-foundation/Request.php on line 1234 ``` I managed to reproduced locally. * Before the patch, without the http_cache, symfony returns a 405 * After the patch, without the http_cache, symfony returns a 405 * Before the patch, with the http_cache, symfony returns a 500, without any information (too early) * After the patch, with the http_cache, symfony returns a 405 Commits ------- a2ebbe0 [HttpKernel] Ensure HttpCache::getTraceKey() does not throw exception
fabpot
pushed a commit
that referenced
this pull request
Mar 28, 2025
…ctor (MaximePinot)
This PR was merged into the 6.4 branch.
Discussion
----------
[Mime] Fix wrong PHPDoc in `FormDataPart` constructor
| Q | A
| ------------- | ---
| Branch? | 6.4
| Bug fix? | no
| New feature? | no <!-- please update src/**/CHANGELOG.md files -->
| Deprecations? | no <!-- please update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Issues | - <!-- prefix each issue number with "Fix #", no need to create an issue if none exists, explain below instead -->
| License | MIT
I believe the PHPDoc is wrong.
As far as I understand, the `FormDataPart` expects instances of `TextPart`:
```php
if (!\is_string($item) && !$item instanceof TextPart) {
throw new InvalidArgumentException(sprintf('The value of the form field "%s" can only be a string, an array, or an instance of TextPart, "%s" given.', $fieldName, get_debug_type($item)));
}
```
https://github.com/symfony/symfony/blob/6.4/src/Symfony/Component/Mime/Part/Multipart/FormDataPart.php#L74
The following code is rejected by PHPStan while it works:
```php
final readonly class Foo
{
public function bar(): void
{
new FormDataPart([
new TextPart('baz'),
]);
}
}
```
```shell
------ -------------------------------------------------------------------------------------------------------------------
Line src/Foo.php
------ -------------------------------------------------------------------------------------------------------------------
14 Parameter #1 $fields of class Symfony\Component\Mime\Part\Multipart\FormDataPart constructor expects
array<array|string|Symfony\Component\Mime\Part\DataPart>, array<int, Symfony\Component\Mime\Part\TextPart> given.
------ -------------------------------------------------------------------------------------------------------------------
```
(cc `@B`-Galati)
Commits
-------
886d4ed [Mime] Fix wrong PHPDoc in `FormDataPart` constructor
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Add
Yaml,Xml, andJwtconstraints