ShopApiPlugin icon indicating copy to clipboard operation
ShopApiPlugin copied to clipboard

Published 20 hours ago verified publisher icon Sylius

Controllers missing proper validation of provided data

Open TiMESPLiNTER opened this issue 5 years ago • 3 comments

Problem

Some controllers currently missing proper validation with the Symfony validator component. This results in uncaught exceptions from the Asserts in the handlers which will end in a 500 error as a response.

Solution

A correct example with Symfony validator validation in place: https://github.com/Sylius/ShopApiPlugin/blob/master/src/Controller/Cart/AddCouponAction.php#L51-L57

An example of a controller that's lacking proper validation before triggering the bus: https://github.com/Sylius/ShopApiPlugin/blob/master/src/Controller/Checkout/ChoosePaymentMethodAction.php

This makes the REST API rather difficult to use as it's not clear what went wrong during the request.

Endpoints with missing validations are:

Cart

  • [ ] AssignCustomerToCartRequest

Checkout

  • [ ] AddressOrderRequest
  • [x] ChoosePaymentMethodRequest
  • [ ] ChooseShippingMethodRequest

Customer

  • [x] SendResetPasswordTokenRequest
  • [x] GenerateResetPasswordTokenRequest

edited by mamazu to track a list of requests that don't have validation

TiMESPLiNTER avatar Oct 17 '19 11:10 TiMESPLiNTER

You are completely right this should be fixed.

mamazu avatar Oct 18 '19 08:10 mamazu

This is still an issue for the checkout process. However the complete checkout action is now done.

mamazu avatar Nov 23 '19 15:11 mamazu

I think ResetPassword Endpoint handled is this PR

Amr3zzat avatar Jan 22 '20 21:01 Amr3zzat