fix(doctrine): handle invalid uuid in ORM SearchFilter

alexndlm · alexndlm · commit fabee6faf526 · 2024-12-07T00:28:37.000+01:00
diff --git a/src/Doctrine/Common/Filter/SearchFilterTrait.php b/src/Doctrine/Common/Filter/SearchFilterTrait.php
@@ -122,6 +122,14 @@ abstract protected function normalizePropertyName(string $property): string;
      */
     protected function getIdFromValue(string $value): mixed
     {
+        if (is_numeric($value)) {
+            return $value;
+        }
+
+        if ($this->isValidUuid($value)) {
+            return $value;
+        }
+
         try {
             $iriConverter = $this->getIriConverter();
             $item = $iriConverter->getResourceFromIri($value, ['fetch_data' => false]);
@@ -163,16 +171,41 @@ protected function normalizeValues(array $values, string $property): ?array
     }
 
     /**
-     * When the field should be an integer, check that the given value is a valid one.
+     * Check if the values are valid for the given Doctrine type.
      */
     protected function hasValidValues(array $values, ?string $type = null): bool
     {
         foreach ($values as $value) {
-            if (null !== $value && \in_array($type, (array) self::DOCTRINE_INTEGER_TYPE, true) && false === filter_var($value, \FILTER_VALIDATE_INT)) {
+            if (null === $value) {
+                continue;
+            }
+
+            if (\in_array($type, (array) self::DOCTRINE_INTEGER_TYPE, true) && false === filter_var($value, \FILTER_VALIDATE_INT)) {
+                return false;
+            }
+
+            if (\in_array($type, (array) self::DOCTRINE_UUID_TYPE, true) && false === $this->isValidUuid($value)) {
                 return false;
             }
         }
 
         return true;
     }
+
+    protected function isValidUuid(mixed $value): bool
+    {
+        if (!\is_string($value)) {
+            return false;
+        }
+
+        if (class_exists('\Symfony\Component\Uid\Uuid')) {
+            return \Symfony\Component\Uid\Uuid::isValid($value);
+        }
+
+        if (class_exists('\Ramsey\Uuid\Uuid')) {
+            return \Ramsey\Uuid\Uuid::isValid($value);
+        }
+
+        return 1 === preg_match('/^[0-9a-f]{8}-[0-9a-f]{4}-[1-5][0-9a-f]{3}-[89ab][0-9a-f]{3}-[0-9a-f]{12}$/i', $value);
+    }
 }
diff --git a/src/Doctrine/Odm/Filter/SearchFilter.php b/src/Doctrine/Odm/Filter/SearchFilter.php
@@ -141,6 +141,7 @@ final class SearchFilter extends AbstractFilter implements SearchFilterInterface
     use SearchFilterTrait;
 
     public const DOCTRINE_INTEGER_TYPE = [MongoDbType::INTEGER, MongoDbType::INT];
+    public const DOCTRINE_UUID_TYPE = [];
 
     public function __construct(ManagerRegistry $managerRegistry, IriConverterInterface|LegacyIriConverterInterface $iriConverter, IdentifiersExtractorInterface|LegacyIdentifiersExtractorInterface|null $identifiersExtractor, ?PropertyAccessorInterface $propertyAccessor = null, ?LoggerInterface $logger = null, ?array $properties = null, ?NameConverterInterface $nameConverter = null)
     {
diff --git a/src/Doctrine/Orm/Filter/SearchFilter.php b/src/Doctrine/Orm/Filter/SearchFilter.php
@@ -140,6 +140,7 @@ final class SearchFilter extends AbstractFilter implements SearchFilterInterface
     use SearchFilterTrait;
 
     public const DOCTRINE_INTEGER_TYPE = Types::INTEGER;
+    public const DOCTRINE_UUID_TYPE = 'uuid';
 
     public function __construct(ManagerRegistry $managerRegistry, IriConverterInterface|LegacyIriConverterInterface $iriConverter, ?PropertyAccessorInterface $propertyAccessor = null, ?LoggerInterface $logger = null, ?array $properties = null, IdentifiersExtractorInterface|LegacyIdentifiersExtractorInterface|null $identifiersExtractor = null, ?NameConverterInterface $nameConverter = null)
     {
@@ -231,6 +232,11 @@ protected function filterProperty(string $property, $value, QueryBuilder $queryB
             if (is_numeric($value)) {
                 return $value;
             }
+
+            if ($this->isValidUuid($value)) {
+                return $value;
+            }
+
             try {
                 $item = $this->getIriConverter()->getResourceFromIri($value, ['fetch_data' => false]);
 
diff --git a/src/Doctrine/Orm/Tests/DoctrineOrmFilterTestCase.php b/src/Doctrine/Orm/Tests/DoctrineOrmFilterTestCase.php
@@ -42,7 +42,7 @@ protected function setUp(): void
         self::bootKernel();
 
         $this->managerRegistry = self::$kernel->getContainer()->get('doctrine');
-        $this->repository = $this->managerRegistry->getManagerForClass(Dummy::class)->getRepository(Dummy::class);
+        $this->repository = $this->managerRegistry->getManagerForClass($this->resourceClass)->getRepository($this->resourceClass);
     }
 
     /**
diff --git a/src/Doctrine/Orm/Tests/Filter/SearchFilterWithUuidTest.php b/src/Doctrine/Orm/Tests/Filter/SearchFilterWithUuidTest.php
@@ -0,0 +1,129 @@
+<?php
+
+/*
+ * This file is part of the API Platform project.
+ *
+ * (c) Kévin Dunglas <dunglas@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace ApiPlatform\Doctrine\Orm\Tests\Filter;
+
+use ApiPlatform\Doctrine\Orm\Filter\SearchFilter;
+use ApiPlatform\Doctrine\Orm\Tests\DoctrineOrmFilterTestCase;
+use ApiPlatform\Doctrine\Orm\Tests\Fixtures\CustomConverter;
+use ApiPlatform\Doctrine\Orm\Tests\Fixtures\Entity\UuidIdentifierDummy;
+use ApiPlatform\Metadata\Exception\InvalidArgumentException;
+use ApiPlatform\Metadata\IriConverterInterface;
+use Doctrine\Persistence\ManagerRegistry;
+use Prophecy\Argument;
+use Prophecy\PhpUnit\ProphecyTrait;
+
+/**
+ * @author Oleksii Polyvanyi <alexndlm@gmail.com>
+ */
+class SearchFilterWithUuidTest extends DoctrineOrmFilterTestCase
+{
+    use ProphecyTrait;
+
+    protected string $resourceClass = UuidIdentifierDummy::class;
+    protected string $filterClass = SearchFilter::class;
+
+    public static function provideApplyTestData(): array
+    {
+        $filterFactory = self::buildSearchFilter(...);
+        $validUuid = '9584fbef-e849-41e3-912b-f2c509874a70';
+
+        return [
+            'invalid uuid for id' => [
+                [
+                    'id' => 'exact',
+                ],
+                [
+                    'id' => 'some-invalid-uuid',
+                ],
+                'SELECT o FROM ApiPlatform\Doctrine\Orm\Tests\Fixtures\Entity\UuidIdentifierDummy o',
+                [],
+                $filterFactory,
+            ],
+
+            'valid uuid for id' => [
+                [
+                    'id' => 'exact',
+                ],
+                [
+                    'id' => $validUuid,
+                ],
+                'SELECT o FROM ApiPlatform\Doctrine\Orm\Tests\Fixtures\Entity\UuidIdentifierDummy o WHERE o.id = :id_p1',
+                ['id_p1' => $validUuid],
+                $filterFactory,
+            ],
+
+            'invalid uuid for uuidField' => [
+                [
+                    'uuidField' => 'exact',
+                ],
+                [
+                    'uuidField' => 'some-invalid-uuid',
+                ],
+                'SELECT o FROM ApiPlatform\Doctrine\Orm\Tests\Fixtures\Entity\UuidIdentifierDummy o',
+                [],
+                $filterFactory,
+            ],
+
+            'valid uuid for uuidField' => [
+                [
+                    'uuidField' => 'exact',
+                ],
+                [
+                    'uuidField' => $validUuid,
+                ],
+                'SELECT o FROM ApiPlatform\Doctrine\Orm\Tests\Fixtures\Entity\UuidIdentifierDummy o WHERE o.uuidField = :uuidField_p1',
+                ['uuidField_p1' => $validUuid],
+                $filterFactory,
+            ],
+
+            'invalid uuid for relatedUuidIdentifierDummy' => [
+                [
+                    'relatedUuidIdentifierDummy' => 'exact',
+                ],
+                [
+                    'relatedUuidIdentifierDummy' => 'some-invalid-uuid',
+                ],
+                'SELECT o FROM ApiPlatform\Doctrine\Orm\Tests\Fixtures\Entity\UuidIdentifierDummy o',
+                [],
+                $filterFactory,
+            ],
+
+            'valid uuid for relatedUuidIdentifierDummy' => [
+                [
+                    'relatedUuidIdentifierDummy' => 'exact',
+                ],
+                [
+                    'relatedUuidIdentifierDummy' => $validUuid,
+                ],
+                'SELECT o FROM ApiPlatform\Doctrine\Orm\Tests\Fixtures\Entity\UuidIdentifierDummy o WHERE o.relatedUuidIdentifierDummy = :relatedUuidIdentifierDummy_p1',
+                ['relatedUuidIdentifierDummy_p1' => $validUuid],
+                $filterFactory,
+            ],
+        ];
+    }
+
+    protected static function buildSearchFilter(self $that, ManagerRegistry $managerRegistry, ?array $properties = null): SearchFilter
+    {
+        $iriConverterProphecy = $that->prophesize(IriConverterInterface::class);
+
+        $iriConverterProphecy->getResourceFromIri(Argument::type('string'), ['fetch_data' => false])->will(function (): void {
+            throw new InvalidArgumentException();
+        });
+
+        $iriConverter = $iriConverterProphecy->reveal();
+        $propertyAccessor = static::$kernel->getContainer()->get('test.property_accessor');
+
+        return new SearchFilter($managerRegistry, $iriConverter, $propertyAccessor, null, $properties, null, new CustomConverter());
+    }
+}
diff --git a/src/Doctrine/Orm/Tests/Fixtures/Entity/DummyCar.php b/src/Doctrine/Orm/Tests/Fixtures/Entity/DummyCar.php
@@ -49,10 +49,10 @@ class DummyCar
     #[ORM\OneToMany(targetEntity: DummyCarColor::class, mappedBy: 'car')]
     private Collection|iterable|null $thirdColors = null;
     #[ApiFilter(SearchFilter::class, strategy: 'exact')]
-    #[ORM\ManyToMany(targetEntity: UuidIdentifierDummy::class, indexBy: 'uuid')]
+    #[ORM\ManyToMany(targetEntity: GuidIdentifierDummy::class, indexBy: 'guid')]
     #[ORM\JoinColumn(name: 'car_id', referencedColumnName: 'id_id')]
-    #[ORM\InverseJoinColumn(name: 'uuid_uuid', referencedColumnName: 'uuid')]
-    #[ORM\JoinTable(name: 'uuid_cars')]
+    #[ORM\InverseJoinColumn(name: 'guid_guid', referencedColumnName: 'guid')]
+    #[ORM\JoinTable(name: 'guid_cars')]
     private Collection|iterable|null $uuid = null;
 
     #[ApiFilter(SearchFilter::class, strategy: 'partial')]
diff --git a/src/Doctrine/Orm/Tests/Fixtures/Entity/GuidIdentifierDummy.php b/src/Doctrine/Orm/Tests/Fixtures/Entity/GuidIdentifierDummy.php
@@ -0,0 +1,51 @@
+<?php
+
+/*
+ * This file is part of the API Platform project.
+ *
+ * (c) Kévin Dunglas <dunglas@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace ApiPlatform\Doctrine\Orm\Tests\Fixtures\Entity;
+
+use ApiPlatform\Metadata\ApiResource;
+use Doctrine\ORM\Mapping as ORM;
+
+/**
+ * Custom identifier dummy.
+ */
+#[ApiResource]
+#[ORM\Entity]
+class GuidIdentifierDummy
+{
+    #[ORM\Column(type: 'guid')]
+    #[ORM\Id]
+    private ?string $guid = null;
+    #[ORM\Column(length: 30)]
+    private ?string $name = null;
+
+    public function getGuid(): ?string
+    {
+        return $this->guid;
+    }
+
+    public function setGuid(string $guid): void
+    {
+        $this->guid = $guid;
+    }
+
+    public function getName(): ?string
+    {
+        return $this->name;
+    }
+
+    public function setName(string $name): void
+    {
+        $this->name = $name;
+    }
+}
diff --git a/src/Doctrine/Orm/Tests/Fixtures/Entity/RelatedUuidIdentifierDummy.php b/src/Doctrine/Orm/Tests/Fixtures/Entity/RelatedUuidIdentifierDummy.php
@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * This file is part of the API Platform project.
+ *
+ * (c) Kévin Dunglas <dunglas@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace ApiPlatform\Doctrine\Orm\Tests\Fixtures\Entity;
+
+use ApiPlatform\Metadata\ApiResource;
+use Doctrine\ORM\Mapping as ORM;
+use Symfony\Component\Uid\Uuid;
+
+#[ApiResource]
+#[ORM\Entity]
+class RelatedUuidIdentifierDummy
+{
+    #[ORM\Column(type: 'uuid')]
+    #[ORM\Id]
+    private Uuid $id;
+
+    public function getId(): Uuid
+    {
+        return $this->id;
+    }
+
+    public function setId(Uuid $id): void
+    {
+        $this->id = $id;
+    }
+}
diff --git a/src/Doctrine/Orm/Tests/Fixtures/Entity/UuidIdentifierDummy.php b/src/Doctrine/Orm/Tests/Fixtures/Entity/UuidIdentifierDummy.php
diff --git a/src/Doctrine/Orm/Tests/config.yml b/src/Doctrine/Orm/Tests/config.yml

Original file line number	Diff line number	Diff line change
`@@ -141,6 +141,7 @@ final class SearchFilter extends AbstractFilter implements SearchFilterInterface`
`141`	`141`	`use SearchFilterTrait;`
`142`	`142`
`143`	`143`	`public const DOCTRINE_INTEGER_TYPE = [MongoDbType::INTEGER, MongoDbType::INT];`
	`144`	`+ public const DOCTRINE_UUID_TYPE = [];`
`144`	`145`
`145`	`146`	`public function __construct(ManagerRegistry $managerRegistry, IriConverterInterface\|LegacyIriConverterInterface $iriConverter, IdentifiersExtractorInterface\|LegacyIdentifiersExtractorInterface\|null $identifiersExtractor, ?PropertyAccessorInterface $propertyAccessor = null, ?LoggerInterface $logger = null, ?array $properties = null, ?NameConverterInterface $nameConverter = null)`
`146`	`147`	`{`
Original file line number	Diff line number	Diff line change
`@@ -42,7 +42,7 @@ protected function setUp(): void`
`42`	`42`	`self::bootKernel();`
`43`	`43`
`44`	`44`	`$this->managerRegistry = self::$kernel->getContainer()->get('doctrine');`
`45`		`- $this->repository = $this->managerRegistry->getManagerForClass(Dummy::class)->getRepository(Dummy::class);`
	`45`	`+ $this->repository = $this->managerRegistry->getManagerForClass($this->resourceClass)->getRepository($this->resourceClass);`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	`/**`