Merge pull request FriendsOfSymfony#590 from edmondscommerce/master

throw exception on invalid message recieved

EventListener/BodyListener.php

@@ -12,9 +12,9 @@
 namespace FOS\RestBundle\EventListener;
 
 use FOS\RestBundle\Decoder\DecoderProviderInterface;
-
 use Symfony\Component\HttpFoundation\ParameterBag;
 use Symfony\Component\HttpKernel\Event\GetResponseEvent;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 
 /**
  * This listener handles Request body decoding.
@@ -61,10 +61,15 @@ public function onKernelRequest(GetResponseEvent $event)
             }
 
             $decoder = $this->decoderProvider->getDecoder($format);
+            $content = $request->getContent();
 
-            $data = $decoder->decode($request->getContent(), $format);
-            if (is_array($data)) {
-                $request->request = new ParameterBag($data);
+            if (!empty($content)) {
+                $data = $decoder->decode($content, $format);
+                if (is_array($data)) {
+                    $request->request = new ParameterBag($data);
+                } else {
+                    throw new BadRequestHttpException('Invalid ' . $format . ' message received');
+                }
             }
         }
     }

Resources/doc/3-listener-support.md

@@ -203,6 +203,9 @@ Your custom decoder service must use a class that implements the
 
 If you want to be able to use form with checkbox and have true and false value (without any issue) you have to use : fos_rest.decoder.jsontoform (available since fosrest 0.8.0)
 
+If the listener receives content that it tries to decode but the decode fails then a BadRequestHttpException will be thrown with the message:
+``'Invalid ' . $format . ' message received'``. When combined with the [exception controller support](4-exception-controller-support.md) this means your API will provide useful error messages to your API users if they are making invalid requests.
+
 ### Request Body Converter Listener
 
 [Converters](http://symfony.com/doc/master/bundles/SensioFrameworkExtraBundle/annotations/converters.html)

Tests/EventListener/BodyListenerTest.php

@@ -15,6 +15,7 @@
 use Symfony\Component\HttpFoundation\HeaderBag;
 use FOS\RestBundle\Decoder\ContainerDecoderProvider;
 use FOS\RestBundle\EventListener\BodyListener;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 
 /**
  * Request listener test
@@ -79,9 +80,17 @@ public static function testOnKernelRequestDataProvider()
             'Empty GET request' => array(false, new Request(array(), array(), array(), array(), array(), array(), array('foo')), 'GET', 'application/json', array()),
             'POST request with parameters' => array(false, new Request(array(), array('bar'), array(), array(), array(), array(), array('foo')), 'POST', 'application/json', array('bar')),
             'POST request with unallowed format' => array(false, new Request(array(), array(), array(), array(), array(), array(), array('foo')), 'POST', 'application/fooformat', array()),
-            'POST request with no Content-Type' => array(true, new Request(array(), array(), array('_format' => 'json'), array(), array(), array(), array('foo')), 'POST', null, array('foo')),
-            'POST request malformed content' => array(true, new Request(array(), array(), array(), array(), array(), array(), 'foo'), 'POST', 'application/json', array()),
+            'POST request with no Content-Type' => array(true, new Request(array(), array(), array('_format' => 'json'), array(), array(), array(), array('foo')), 'POST', null, array('foo'))
         );
     }
 
+    /**
+     * Test that a malformed request will cause a BadRequestHttpException to be thrown
+     */
+    public function testBadRequestExceptionOnMalformedContent()
+    {
+        $this->setExpectedException('\Symfony\Component\HttpKernel\Exception\BadRequestHttpException');
+        $this->testOnKernelRequest(true, new Request(array(), array(), array(), array(), array(), array(), 'foo'), 'POST', 'application/json', array());
+    }
+
 }