reworked the solution to have a whitelist of formats instead

konradoboza · konradoboza · commit 48ac4f009c14 · 2025-06-16T12:01:21.000+02:00
diff --git a/src/bundle/EventListener/SupportedMediaTypesSubscriber.php b/src/bundle/EventListener/SupportedMediaTypesSubscriber.php
@@ -0,0 +1,67 @@
+<?php
+
+/**
+ * @copyright Copyright (C) Ibexa AS. All rights reserved.
+ * @license For full copyright and license information view LICENSE file distributed with this source code.
+ */
+declare(strict_types=1);
+
+namespace Ibexa\Bundle\Rest\EventListener;
+
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Event\RequestEvent;
+use Symfony\Component\HttpKernel\Exception\UnsupportedMediaTypeHttpException;
+use Symfony\Component\HttpKernel\KernelEvents;
+
+final class SupportedMediaTypesSubscriber implements EventSubscriberInterface
+{
+    private const SUPPORTED_MEDIA_TYPES_PATTERN = '(^application/vnd\.ibexa\.api(\.[A-Za-z]+)+\+%s$)';
+
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            KernelEvents::REQUEST => [
+                ['allowOnlySupportedMediaTypes', 0],
+            ],
+        ];
+    }
+
+    public function allowOnlySupportedMediaTypes(RequestEvent $event): void
+    {
+        $request = $event->getRequest();
+        if (!$request->attributes->has('supported_media_types')) {
+            return;
+        }
+
+        $supportedMediaTypes = $request->attributes->get('supported_media_types');
+        $regexps = array_map(
+            static fn (string $mediaType): string => sprintf(
+                self::SUPPORTED_MEDIA_TYPES_PATTERN,
+                strtolower($mediaType)
+            ),
+            $supportedMediaTypes
+        );
+
+        $contentTypeHeader = $request->headers->get('Content-Type') ?? '';
+        $acceptHeader = $request->headers->get('Accept') ?? '';
+
+        foreach ($regexps as $regexp) {
+            if (
+                preg_match($regexp, $contentTypeHeader) === 1
+                || preg_match($regexp, $acceptHeader) === 1
+            ) {
+                break;
+            }
+
+            throw new UnsupportedMediaTypeHttpException(
+                sprintf(
+                    'Unsupported media type was used. Available ones are: %s',
+                    implode(', ', $supportedMediaTypes)
+                ),
+                null,
+                Response::HTTP_UNSUPPORTED_MEDIA_TYPE
+            );
+        }
+    }
+}
diff --git a/src/bundle/EventListener/XmlUnsupportedMediaTypeSubscriber.php b/src/bundle/EventListener/XmlUnsupportedMediaTypeSubscriber.php
diff --git a/src/bundle/Resources/config/services.yml b/src/bundle/Resources/config/services.yml
@@ -235,9 +235,7 @@ services:
             - { name: kernel.event_subscriber }
             - { name: monolog.logger, channel: request }
 
-    Ibexa\Bundle\Rest\EventListener\XmlUnsupportedMediaTypeSubscriber:
-        arguments:
-            $xmlRegexps: '%ibexa.rest.output.visitor.xml.regexps%'
+    Ibexa\Bundle\Rest\EventListener\SupportedMediaTypesSubscriber:
         tags:
             - { name: kernel.event_subscriber }
 
diff --git a/tests/bundle/EventListener/SupportedMediaTypesSubscriberTest.php b/tests/bundle/EventListener/SupportedMediaTypesSubscriberTest.php
@@ -8,17 +8,17 @@
 
 namespace Ibexa\Tests\Bundle\Rest\EventListener;
 
-use Ibexa\Bundle\Rest\EventListener\XmlUnsupportedMediaTypeSubscriber;
+use Ibexa\Bundle\Rest\EventListener\SupportedMediaTypesSubscriber;
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\HttpFoundation\HeaderBag;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpKernel\Event\RequestEvent;
 use Symfony\Component\HttpKernel\Exception\UnsupportedMediaTypeHttpException;
 use Symfony\Component\HttpKernel\HttpKernelInterface;
 
-final class XmlUnsupportedMediaTypeSubscriberTest extends TestCase
+final class SupportedMediaTypesSubscriberTest extends TestCase
 {
-    private const XML_REGEXP = '(^application/vnd\.ibexa\.api(\.[A-Za-z]+)+\+xml$)';
+    private const XML_REGEXP = '^application/vnd\.ibexa\.api(\.[A-Za-z]+)+\+xml$';
 
     /** @var \Symfony\Component\HttpKernel\HttpKernelInterface&\PHPUnit\Framework\MockObject\MockObject */
     private HttpKernelInterface $kernel;
@@ -30,76 +30,74 @@ protected function setUp(): void
         $this->kernel = $this->createMock(HttpKernelInterface::class);
     }
 
-    public function testDoesNothingWhenXmlDisabledIsNotTrue(): void
+    public function testDoesNothingWhenSupportedMediaTypesParameterIsNotSet(): void
     {
         $request = new Request();
-        $request->attributes->set('xml_disabled', false);
-
         $event = new RequestEvent($this->kernel, $request, HttpKernelInterface::MAIN_REQUEST);
 
-        $subscriber = new XmlUnsupportedMediaTypeSubscriber([self::XML_REGEXP]);
-        $subscriber->blockXmlUnsupportedMediaType($event);
+        $subscriber = new SupportedMediaTypesSubscriber();
+        $subscriber->allowOnlySupportedMediaTypes($event);
 
         self::expectNotToPerformAssertions();
     }
 
-    public function testDoesNothingWhenNoRegexps(): void
+    public function testDoesNothingWhenSupportedMediaTypesParameterIsEmpty(): void
     {
         $request = new Request();
-        $request->attributes->set('xml_disabled', true);
+        $request->attributes->set('supported_media_types', []);
 
-        $subscriber = new XmlUnsupportedMediaTypeSubscriber([]);
+        $subscriber = new SupportedMediaTypesSubscriber();
         $event = new RequestEvent($this->kernel, $request, HttpKernelInterface::MAIN_REQUEST);
 
-        $subscriber->blockXmlUnsupportedMediaType($event);
+        $subscriber->allowOnlySupportedMediaTypes($event);
 
         self::expectNotToPerformAssertions();
     }
 
-    public function testDoesNothingWhenNoMatch(): void
+    public function testDoesNothingWhenMediaTypeIsSupported(): void
     {
         $request = new Request();
-        $request->attributes->set('xml_disabled', true);
+        $request->attributes->set('supported_media_types', ['json', 'xml']);
         $request->headers = new HeaderBag([
-            'Content-Type' => 'application/json',
-            'Accept' => 'application/json',
+            'Content-Type' => 'application/vnd.ibexa.api.ContentCreat+json',
+            'Accept' => 'application/vnd.ibexa.api.ContentCreat+json',
         ]);
 
-        $subscriber = new XmlUnsupportedMediaTypeSubscriber([self::XML_REGEXP]);
+        $subscriber = new SupportedMediaTypesSubscriber();
         $event = new RequestEvent($this->kernel, $request, HttpKernelInterface::MAIN_REQUEST);
 
-        $subscriber->blockXmlUnsupportedMediaType($event);
+        $subscriber->allowOnlySupportedMediaTypes($event);
 
         self::expectNotToPerformAssertions();
     }
 
-    public function testThrowsExceptionWhenContentTypeHeaderMatches(): void
+    public function testThrowsExceptionWhenContentTypeHeaderTypeIsNotSupported(): void
     {
         $request = new Request();
-        $request->attributes->set('xml_disabled', true);
+        $request->attributes->set('supported_media_types', ['json']);
         $request->headers = new HeaderBag([
             'Content-Type' => 'application/vnd.ibexa.api.ContentCreate+xml',
         ]);
 
-        $subscriber = new XmlUnsupportedMediaTypeSubscriber([self::XML_REGEXP]);
+        $subscriber = new SupportedMediaTypesSubscriber();
         $event = new RequestEvent($this->kernel, $request, HttpKernelInterface::MAIN_REQUEST);
 
         $this->expectException(UnsupportedMediaTypeHttpException::class);
-        $subscriber->blockXmlUnsupportedMediaType($event);
+        $subscriber->allowOnlySupportedMediaTypes($event);
     }
 
-    public function testThrowsExceptionWhenAcceptHeaderMatches(): void
+    public function testThrowsExceptionWhenAcceptHeaderTypeIsNotSupported(): void
     {
         $request = new Request();
-        $request->attributes->set('xml_disabled', true);
+        $request->attributes->set('supported_media_types', ['json']);
         $request->headers = new HeaderBag([
             'Accept' => 'application/vnd.ibexa.api.ContentCreate+xml',
         ]);
 
-        $subscriber = new XmlUnsupportedMediaTypeSubscriber([self::XML_REGEXP]);
+        $subscriber = new SupportedMediaTypesSubscriber();
         $event = new RequestEvent($this->kernel, $request, HttpKernelInterface::MAIN_REQUEST);
 
         $this->expectException(UnsupportedMediaTypeHttpException::class);
-        $subscriber->blockXmlUnsupportedMediaType($event);
+        $subscriber->allowOnlySupportedMediaTypes($event);
     }
 }
