bertramakers
commented
1 year ago @tobyzerner I can make a PR with a fix if you'd like, but I wanted to check with you first if you agree with a change like this or if there are reasons that I'm overlooking why this automatic conversion is needed
tobyzerner
The
Strclass has a validation on the type of the value being astring, as I'd expect to be checked, here: https://github.com/tobyzerner/json-api-server/blob/main/src/Schema/Field/Str.php#L21However, the value is always converted to a
stringhere before it is passed to the validation: https://github.com/tobyzerner/json-api-server/blob/main/src/Schema/Field/Str.php#L18This results in warnings/errors.
For example, given a POST payload like this:
PHP triggers a warning:
Even when ignoring the warning (since it's not fatal), the final value is "Array" which obfuscates the problem but is not a good conversion.
Instead, I'd expect the "must be a string" error defined in the validation function.
The same issue occurs with other types that cannot be safely cast to a string, like an object.
In some other cases, the value can be safely cast to a string but it's probably not optimal either. For example, a boolean "false" will be converted to an empty string. But if a client passes "false" to something that expects a string, it's possible that something went wrong on the client instead and it would be better to return an error so that the issue is detected early on.
Simple solution would be to not cast the type to string in the deserialize function, but I'm not sure if that would influence/break something else.
Note: The
Integer,NumberandBooleanfields have a similar issue.