Skip to content

RequestPayloadValueResolver should catch invalid values of backed enums #58208

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
stollr opened this issue Sep 9, 2024 · 5 comments
Closed

RequestPayloadValueResolver should catch invalid values of backed enums #58208

stollr opened this issue Sep 9, 2024 · 5 comments
Labels
Bug HttpKernel Status: Needs Review Status: Waiting feedback

Comments

@stollr
Copy link

stollr commented Sep 9, 2024

Description

If a controller argument is attributed with MapQueryString and the class contains a property, which is a backed enum, the BackedEnumNormalizer is used to denormalize the value. If a user submits an invalid value for the enum, a ValueError is catched and an Symfony\Component\Serializer\Exception\InvalidArgumentException is rethrown.

But this exception is never catched and thus resulting in a 500 internal server error response.

I suggest catching this exception in the RequestPayloadValueResolver and throw an HttpException
with a 422 or 400 status code (or with the validationFailedStatusCode defined in the attribute), because this is a client error.

What do you think?

Example

No response
@derrabus
Copy link
Member

derrabus commented Sep 9, 2024

Please provide a reproducer for your bug.

@xabbuh xabbuh added the Bug label Sep 9, 2024
stollr added a commit to stollr/symfony_issue_58208 that referenced this issue Sep 9, 2024
@stollr
reproducer for symfony/symfony#58208
571a28b
@stollr
Copy link
Author

stollr commented Sep 9, 2024

I have added a reproducer at https://github.com/stollr/symfony_issue_58208. The ReproducerController contains anything you need to reproduce the issue.

Open http://127.0.0.1:8000/?engineType=diesl to see the error.

@Jean-Beru
Copy link
Contributor

It seems to be the same issue as mentioned in #52705, right?

@stollr
Copy link
Author

stollr commented Oct 11, 2024

As [MapRequestPayload] and [MapQueryString] are both handled by the RequestPayloadValueResolver it has indeed the same source.

@xabbuh
Copy link
Member

xabbuh commented Oct 13, 2024

Let's close this one as a duplicate of #52705 then.

@xabbuh xabbuh closed this as not planned Won't fix, can't repro, duplicate, stale Oct 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Bug HttpKernel Status: Needs Review Status: Waiting feedback
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@stollr @derrabus @xabbuh @Jean-Beru @carsonbot