zfcampus / zf-content-validation
Zend Framework module providing incoming content validation
Installs: 1 864 880
Dependents: 21
Suggesters: 0
Security: 0
Stars: 20
Watchers: 11
Forks: 32
Open Issues: 8
Requires
- php: ^5.6 || ^7.0
- zendframework/zend-eventmanager: ^2.6.3 || ^3.0.1
- zendframework/zend-filter: ^2.7.1
- zendframework/zend-http: ^2.5.4
- zendframework/zend-inputfilter: ^2.8
- zendframework/zend-mvc: ^2.7.15 || ^3.0.4
- zendframework/zend-servicemanager: ^2.7.6 || ^3.1
- zendframework/zend-stdlib: ^3.2.1
- zendframework/zend-validator: ^2.8.1
- zfcampus/zf-api-problem: ^1.2.1
- zfcampus/zf-content-negotiation: ^1.2.1
Requires (Dev)
- phpunit/phpunit: ^5.7.27 || ^6.5.8 || ^7.1.5
- zendframework/zend-coding-standard: ~1.0.0
- zendframework/zend-db: ^2.8.1
- dev-master / 1.8.x-dev
- dev-develop / 1.9.x-dev
- 1.8.0
- 1.7.1
- 1.7.0
- 1.6.1
- 1.6.0
- 1.5.0
- 1.4.0
- 1.3.6
- 1.3.5
- 1.3.4
- 1.3.3
- 1.3.2
- 1.3.1
- 1.3.0
- 1.2.0
- 1.1.1
- 1.1.0
- 1.0.3
- 1.0.2
- 1.0.1
- 1.0.0
- 1.0.0-beta3
- 1.0.0beta2
- 1.0.0beta1
- 0.9.1
- 0.9.0
- 0.8.0
- dev-feature/readme-documentation
- dev-hotfix/use-input-filter-manager-as-fallback
This package is auto-updated.
Last update: 2020-01-20 17:16:22 UTC
README
Repository abandoned 2019-12-31
This repository has moved to laminas-api-tools/api-tools-content-validation.
Introduction
Zend Framework module for automating validation of incoming input.
Allows the following:
- Defining named input filters.
- Mapping named input filters to named controller services.
- Returning an
ApiProblemResponse
with validation error messages on invalid input.
Requirements
Please see the composer.json file.
Installation
Run the following composer
command:
$ composer require zfcampus/zf-content-validation
Alternately, manually add the following to your composer.json
, in the require
section:
"require": { "zfcampus/zf-content-validation": "^1.4" }
And then run composer update
to ensure the module is installed.
Finally, add the module name to your project's config/application.config.php
under the modules
key:
return [ /* ... */ 'modules' => [ /* ... */ 'ZF\ContentValidation', ], /* ... */ ];
Configuration
User Configuration
This module utilizes two user level configuration keys zf-content-validation
and also
input_filter_specs
(named such that this functionality can be moved into ZF2 in the future).
Service Name key
The zf-content-validation
key is a mapping between controller service names as the key, and the
value being an array of mappings that determine which HTTP method to respond to and what input
filter to map to for the given request. The keys for the mapping can either be an HTTP method that
accepts a request body (i.e., POST
, PUT
, PATCH
, or DELETE
), or it can be the word
input_filter
. The value assigned for the input_filter
key will be used in the case that no input
filter is configured for the current HTTP request method.
Example where there is a default as well as a POST filter:
'zf-content-validation' => [ 'Application\Controller\HelloWorld' => [ 'input_filter' => 'Application\Controller\HelloWorld\Validator', 'POST' => 'Application\Controller\HelloWorld\CreationValidator', ], ],
In the above example, the Application\Controller\HelloWorld\Validator
service will be selected for
PATCH
, PUT
, or DELETE
requests, while the Application\Controller\HelloWorld\CreationValidator
will be selected for POST
requests.
Starting in version 1.1.0, two additional keys can be defined to affect application validation behavior:
-
use_raw_data
: if NOT present, raw data is ALWAYS injected into the "BodyParams" container (defined by zf-content-negotiation). If this key is present and a boolean false, then the validated, filtered data from the input filter will be used instead. -
allows_only_fields_in_filter
: if present, anduse_raw_data
is boolean false, the value of this flag will define whether or not additional fields present in the payload will be merged with the filtered data. -
remove_empty_data
: Should we remove empty data from received data?- If no
remove_empty_data
flag is present, do nothing - use data as is - If
remove_empty_data
flag is present AND is boolean true, then remove empty data from current data array - Does not remove empty data if keys matched received data
- If no
Validating GET requests
- Since 1.3.0.
Starting in 1.3.0, you may also specify
GET
as an HTTP method, mapping it to an input filter in order to validate your query parameters. Configuration is exactly as described in the above section.This feature is only available when manually configuring your API; it is not exposed in the Admin UI.
Validating collection requests
- Since 1.5.0
Starting in 1.5.0, you may specify any of:
POST_COLLECTION
PUT_COLLECTION
PATCH_COLLECTION
as keys. These will then be used specifically with the given HTTP method, but only on requests matching the collection endpoint.
Validating DELETE requests
- Since 1.6.0
Starting in 1.6.0, you may specify each of the following keys for input filters:
DELETE
DELETE_COLLECTION
The input filter associated with the key will be used to validate data sent in the request body.
input_filter_spec
input_filter_spec
is for configuration-driven creation of input filters. The keys for this array
will be a unique name, but more often based off the service name it is mapped to under the
zf-content-validation
key. The values will be an input filter configuration array, as is
described in the ZF2 manual section on input
filters.
Example:
'input_filter_specs' => [ 'Application\Controller\HelloWorldGet' => [ 0 => [ 'name' => 'name', 'required' => true, 'filters' => [ 0 => [ 'name' => 'Zend\Filter\StringTrim', 'options' => [], ], ], 'validators' => [], 'description' => 'Hello to name', 'allow_empty' => false, 'continue_if_empty' => false, ], ],
System Configuration
The following configuration is defined by the module in order to function within a ZF2 application.
namespace ZF\ContentValidation; use Zend\InputFiler\InputFilterAbstractServiceFactory; use Zend\ServiceManager\Factory\InvokableFactory; return [ 'controller_plugins' => [ 'aliases' => [ 'getinputfilter' => InputFilter\InputFilterPlugin::class, 'getInputfilter' => InputFilter\InputFilterPlugin::class, 'getInputFilter' => InputFilter\InputFilterPlugin::class, ], 'factories' => [ InputFilter\InputFilterPlugin::class => InvokableFactory::class, ], ], 'input_filters' => [ 'abstract_factories' => [ InputFilterAbstractServiceFactory::class, ], ], 'service_manager' => [ 'factories' => [ ContentValidationListener::class => ContentValidationListenerFactory::class, ], ], 'validators' => [ 'factories' => [ 'ZF\ContentValidation\Validator\DbRecordExists' => Validator\Db\RecordExistsFactory::class, 'ZF\ContentValidation\Validator\DbNoRecordExists' => Validator\Db\NoRecordExistsFactory::class, ], ], ];
ZF Events
Listeners
ZF\ContentValidation\ContentValidationListener
This listener is attached to the MvcEvent::EVENT_ROUTE
event at priority -650
. Its purpose is
to utilize the zf-content-validation
configuration in order to determine if the current request's
selected controller service name has a configured input filter. If it does, it will traverse the
mappings from the configuration file to create the appropriate input filter (from configuration or
the Zend Framework 2 input filter plugin manager) in order to validate the incoming data. This
particular listener utilizes the data from the zf-content-negotiation
data container in order to
get the deserialized content body parameters.
Events
ZF\ContentValidation\ContentValidationListener::EVENT_BEFORE_VALIDATE
This event is emitted by ZF\ContentValidation\ContentValidationListener::onRoute()
(described above) in between aggregating data to validate and determining the
input filter, and the actual validation of data. Its purpose is to allow users:
- the ability to manipulate input filters.
- to modify the data set to validate (available since 1.4.0).
As an example, you might want to validate an identifier provided via the URI, and matched during routing. You may do this as follows:
$events->listen(ContentValidationListener::EVENT_BEFORE_VALIDATE, function ($e) { if ($e->getController() !== MyRestController::class) { return; } $matches = $e->getRouteMatch(); $data = $e->getParam('ZF\ContentValidation\ParameterData') ?: []; $data['id'] = $matches->getParam('id'); $e->setParam('ZF\ContentValidation\ParameterData', $data); });
ZF Services
Controller Plugins
ZF\ContentValidation\InputFilter\InputFilterPlugin (aka getInputFilter)
This plugin is available to Zend Framework 2 controllers. When invoked ($this->getInputFilter()
or
$this->plugin('getinputfilter')->__invoke()
), it returns whatever is in the MVC event parameter
ZF\ContentValidation\InputFilter
, returning null for any value that is not an implementation of
Zend\InputFilter\InputFilter
.
Service
Zend\InputFilter\InputFilterAbstractServiceFactory
This abstract factory is responsible for creating and returning an appropriate input filter given
a name and the configuration from the top-level key input_filter_specs
. It is registered with
Zend\InputFilter\InputFilterPluginManager
.