Exception on POST JSON object with numeric property

api-platform / core

The server component of API Platform: hypermedia and GraphQL APIs in minutes

https://api-platform.com

MIT License

2.44k stars 872 forks source link

Exception on POST JSON object with numeric property #5464

Open alebedev80 opened 1 year ago

alebedev80 commented 1 year ago

API Platform version(s) affected: 3.1.4, 2.7.9 PHP version: 8.2.3 Description
On POST request to endpoint with JSON object where one property is numeric will be exception

"hydra:description": "ApiPlatform\\Serializer\\AbstractItemNormalizer::canAccessAttributePostDenormalize(): Argument #3 ($attribute) must be of type string, int given, called in /srv/app/vendor/api-platform/core/src/Serializer/AbstractItemNormalizer.php on line 227"

How to reproduce

Set-up API Platform
Send request

curl -vk --location 'https://localhost/greetings' \
--header 'Content-Type: application/json' \
--data '{
    "0": 1
}'

curl 'https://demo.api-platform.com/books' -v -H 'content-type: application/ld+json' --data-raw '{"0":"1"}'

Possible Solution
As quick fix i locally inserted a row \ApiPlatform\Serializer\AbstractItemNormalizer:227

$attribute = (string)$attribute;

soyuka commented 1 year ago

Book has no 0 property

alebedev80 commented 1 year ago

@soyuka yes! A book has no property 0, but code raise exception and server response 500 because invalid argument type in method call at ApiPlatform\Serializer\AbstractItemNormalizer:227. You can't expect that users will send proper data. So please re-open this issue. That's a bug!

curl 'https://demo.api-platform.com/books' -v -H 'content-type: application/ld+json' --data-raw '{"0":"1"}' 

...
< status: 500 Internal Server Error
...
{"@context":"\/contexts\/Error","@type":"hydra:Error","hydra:title":"An error occurred","hydra:description":"Internal Server Error"}

soyuka commented 1 year ago

I don't understand, what exception do you expect?

alebedev80 commented 1 year ago

@soyuka i don't expect any exception in that case ;)

soyuka commented 1 year ago

I think that this should throw a 400 Bad Request. Tagging as bug.

alebedev80 commented 1 year ago

@soyuka i'm not sure that this should throw 400 because on post a json string property which is 'unexpected' per service that property just ignoring. I think behavior should be the same - just ignore that numeric property.

alebedev80 commented 1 year ago

@soyuka imho if by this request response is 201:

curl 'https://demo.api-platform.com/books' -v -H 'content-type: application/ld+json' --data-raw '{"author":"a", "title": "t", "description": "d", "publicationDate": "2023-03-16", "x": "0"}'

then by request with numeric property also should be 201:

curl 'https://demo.api-platform.com/books' -v -H 'content-type: application/ld+json' --data-raw '{"author":"a", "title": "t", "description": "d", "publicationDate": "2023-03-16", "0": "0"}'