Merge branch 'master' into multipart-encoding-required

Author: scaytrase

composer.json

@@ -24,13 +24,14 @@
         "php": ">=7.2",
         "ext-bcmath": "*",
         "ext-json": "*",
-        "cebe/php-openapi": "^1.6",
+        "devizzent/cebe-php-openapi": "^1.0",
         "league/uri": "^6.3",
         "psr/cache": "^1.0 || ^2.0 || ^3.0",
         "psr/http-message": "^1.0",
         "psr/http-server-middleware": "^1.0",
         "respect/validation": "^1.1.3 || ^2.0",
         "riverline/multipart-parser": "^2.0.3",
+        "symfony/polyfill-php80": "^1.27",
         "webmozart/assert": "^1.4"
     },
     "require-dev": {

phpstan.neon

@@ -1,4 +1,5 @@
 parameters:
+    phpVersion: 70200
     level: 6
     paths:
         - src

src/PSR7/Exception/Validation/AddressValidationFailed.php

@@ -6,8 +6,11 @@
 
 use League\OpenAPIValidation\PSR7\Exception\ValidationFailed;
 use League\OpenAPIValidation\PSR7\OperationAddress;
+use League\OpenAPIValidation\Schema\Exception\SchemaMismatch;
 use Throwable;
 
+use function implode;
+use function rtrim;
 use function sprintf;
 
 abstract class AddressValidationFailed extends ValidationFailed
@@ -42,6 +45,21 @@ public static function fromAddr(OperationAddress $address): self
         return $ex;
     }
 
+    public function getVerboseMessage(): string
+    {
+        $previous = $this->getPrevious();
+        if (! $previous instanceof SchemaMismatch) {
+            return $this->getMessage();
+        }
+
+        return sprintf(
+            '%s. [%s in %s]',
+            $this->getMessage(),
+            rtrim($previous->getMessage(), '.'),
+            implode('->', $previous->dataBreadCrumb()->buildChain())
+        );
+    }
+
     public function getAddress(): OperationAddress
     {
         return $this->address;

src/PSR7/OperationAddress.php

@@ -7,13 +7,16 @@
 use League\OpenAPIValidation\PSR7\Exception\Validation\InvalidPath;
 use League\OpenAPIValidation\Schema\Exception\InvalidSchema;
 
+use function explode;
 use function implode;
 use function preg_match;
+use function preg_match_all;
 use function preg_quote;
 use function preg_replace;
 use function preg_split;
 use function sprintf;
 use function strtok;
+use function trim;
 
 use const PREG_SPLIT_DELIM_CAPTURE;
 
@@ -62,7 +65,28 @@ public function path(): string
 
     public function hasPlaceholders(): bool
     {
-        return preg_match(self::PATH_PLACEHOLDER, $this->path()) === 1;
+        return (bool) $this->countPlaceholders();
+    }
+
+    public function countPlaceholders(): int
+    {
+        return preg_match_all(self::PATH_PLACEHOLDER, $this->path()) ?? 0;
+    }
+
+    public function countExactMatchParts(string $comparisonPath): int
+    {
+        $comparisonPathParts = explode('/', trim($comparisonPath, '/'));
+        $pathParts           = explode('/', trim($this->path(), '/'));
+        $exactMatchCount     = 0;
+        foreach ($comparisonPathParts as $key => $comparisonPathPart) {
+            if ($comparisonPathPart !== $pathParts[$key]) {
+                continue;
+            }
+
+            $exactMatchCount++;
+        }
+
+        return $exactMatchCount;
     }
 
     /**

src/PSR7/PathFinder.php

@@ -8,14 +8,19 @@
 use cebe\openapi\spec\PathItem;
 use cebe\openapi\spec\Server;
 
+use function array_keys;
+use function array_unique;
 use function count;
 use function ltrim;
+use function max;
 use function parse_url;
 use function preg_match;
+use function preg_match_all;
 use function preg_replace;
 use function rtrim;
 use function sprintf;
 use function strtolower;
+use function trim;
 use function usort;
 
 use const PHP_URL_PATH;
@@ -206,6 +211,60 @@ private function prioritizeStaticPaths(array $paths): array
             return 0;
         });
 
+        return $this->attemptNarrowDown($paths);
+    }
+
+    /**
+     * Some paths are more static than others.
+     *
+     * @param OperationAddress[] $paths
+     *
+     * @return OperationAddress[]
+     */
+    private function attemptNarrowDown(array $paths): array
+    {
+        if (count($paths) === 1) {
+            return $paths;
+        }
+
+        $partCounts        = [];
+        $placeholderCounts = [];
+        foreach ($paths as $path) {
+            $partCounts[]        = $this->countParts($path->path());
+            $placeholderCounts[] = $path->countPlaceholders();
+        }
+
+        $partCounts[] = $this->countParts($this->path);
+        if (count(array_unique($partCounts)) === 1 && count(array_unique($placeholderCounts)) > 1) {
+            // All paths have the same number of parts but there are differing placeholder counts. We can narrow down!
+            return $this->filterToHighestExactMatchingParts($paths);
+        }
+
         return $paths;
     }
+
+    /**
+     * Scores all paths by how many parts match exactly with $this->path and returns only the highest scoring group
+     *
+     * @param OperationAddress[] $paths
+     *
+     * @return OperationAddress[]
+     */
+    private function filterToHighestExactMatchingParts(array $paths): array
+    {
+        $scoredCandidates = [];
+        foreach ($paths as $candidate) {
+            $score                      = $candidate->countExactMatchParts($this->path);
+            $scoredCandidates[$score][] = $candidate;
+        }
+
+        $highestScoreKey = max(array_keys($scoredCandidates));
+
+        return $scoredCandidates[$highestScoreKey];
+    }
+
+    private function countParts(string $path): int
+    {
+        return preg_match_all('#/#', trim($path, '/')) + 1;
+    }
 }

src/PSR7/SpecFinder.php

@@ -159,7 +159,6 @@ public function findSecuritySpecs(OperationAddress $addr): array
             return $securitySpecs;
         }
 
-        // @phpstan-ignore-next-line security is set on root level (fallback option)
         return $this->openApi->security;
     }
 

src/PSR7/Validators/BodyValidator/FormUrlencodedValidator.php

@@ -50,7 +50,7 @@ public function validate(OperationAddress $addr, MessageInterface $message): voi
 
         // 0. Multipart body message MUST be described with a set of object properties
         if ($schema->type !== CebeType::OBJECT) {
-            throw TypeMismatch::becauseTypeDoesNotMatch('object', $schema->type);
+            throw TypeMismatch::becauseTypeDoesNotMatch(['object'], $schema->type);
         }
 
         // 1. Parse message body

src/PSR7/Validators/BodyValidator/MultipartValidator.php

@@ -27,7 +27,11 @@
 use Riverline\MultiPartParser\Converters\PSR7;
 use Riverline\MultiPartParser\StreamedPart;
 
+use function array_diff_assoc;
+use function array_map;
 use function array_replace;
+use function array_shift;
+use function explode;
 use function in_array;
 use function is_array;
 use function json_decode;
@@ -36,6 +40,8 @@
 use function preg_match;
 use function str_replace;
 use function strpos;
+use function strtolower;
+use function substr;
 
 use const JSON_ERROR_NONE;
 
@@ -71,7 +77,7 @@ public function validate(OperationAddress $addr, MessageInterface $message): voi
 
         // 0. Multipart body message MUST be described with a set of object properties
         if ($schema->type !== CebeType::OBJECT) {
-            throw TypeMismatch::becauseTypeDoesNotMatch('object', $schema->type);
+            throw TypeMismatch::becauseTypeDoesNotMatch(['object'], $schema->type);
         }
 
         if ($message->getBody()->getSize()) {
@@ -109,27 +115,20 @@ private function validatePlainBodyMultipart(
 
             foreach ($parts as $part) {
                 // 2.1 parts encoding
-                $partContentType     = $part->getHeader(self::HEADER_CONTENT_TYPE);
-                $encodingContentType = $this->detectEncondingContentType($encoding, $part, $schema->properties[$partName]);
-                if (strpos($encodingContentType, '*') === false) {
-                    // strict comparison (ie "image/jpeg")
-                    if ($encodingContentType !== $partContentType) {
-                        throw InvalidBody::becauseBodyDoesNotMatchSchemaMultipart(
-                            $partName,
-                            $partContentType,
-                            $addr
-                        );
-                    }
-                } else {
-                    // loose comparison (ie "image/*")
-                    $encodingContentType = str_replace('*', '.*', $encodingContentType);
-                    if (! preg_match('#' . $encodingContentType . '#', $partContentType)) {
-                        throw InvalidBody::becauseBodyDoesNotMatchSchemaMultipart(
-                            $partName,
-                            $partContentType,
-                            $addr
-                        );
-                    }
+                $partContentType   = $part->getHeader(self::HEADER_CONTENT_TYPE);
+                $validContentTypes = $this->detectEncodingContentTypes($encoding, $part, $schema->properties[$partName]);
+                $match             = false;
+
+                foreach ($validContentTypes as $contentType) {
+                    $match = $match || $this->contentTypeMatches($contentType, $partContentType);
+                }
+
+                if (! $match) {
+                    throw InvalidBody::becauseBodyDoesNotMatchSchemaMultipart(
+                        $partName,
+                        $partContentType,
+                        $addr
+                    );
                 }
 
                 // 2.2. parts headers
@@ -187,7 +186,10 @@ private function parseMultipartData(OperationAddress $addr, StreamedPart $docume
         return $multipartData;
     }
 
-    private function detectEncondingContentType(Encoding $encoding, StreamedPart $part, Schema $partSchema): string
+    /**
+     * @return string[]
+     */
+    private function detectEncodingContentTypes(Encoding $encoding, StreamedPart $part, Schema $partSchema): array
     {
         $contentType = $encoding->contentType;
 
@@ -211,7 +213,69 @@ private function detectEncondingContentType(Encoding $encoding, StreamedPart $pa
             }
         }
 
-        return $contentType;
+        return array_map('trim', explode(',', $contentType));
+    }
+
+    private function contentTypeMatches(string $expected, string $match): bool
+    {
+        $expectedNormalized = $this->normalizedContentTypeParts($expected);
+        $matchNormalized    = $this->normalizedContentTypeParts($match);
+        $expectedType       = array_shift($expectedNormalized);
+        $matchType          = array_shift($matchNormalized);
+
+        if (strpos($expectedType, '*') === false) {
+            // strict comparison (ie "image/jpeg")
+            if ($expectedType !== $matchType) {
+                return false;
+            }
+        } else {
+            // loose comparison (ie "image/*")
+            $expectedType = str_replace('*', '.*', $expectedType);
+            if (! preg_match('#' . $expectedType . '#', $matchType)) {
+                return false;
+            }
+        }
+
+        // Any expected parameter values must also match
+        return ! array_diff_assoc($expectedNormalized, $matchNormalized);
+    }
+
+    /**
+     * Per RFC-7231 Section 3.1.1.1:
+     * "The type, subtype, and parameter name tokens are case-insensitive. Parameter values might or might not be case-sensitive..."
+     *
+     * And section 3.1.1.2: "A charset is identified by a case-insensitive token."
+     *
+     * The following are equivalent:
+     *
+     * text/html;charset=utf-8
+     * text/html;charset=UTF-8
+     * Text/HTML;Charset="utf-8"
+     * text/html; charset="utf-8"
+     *
+     * @return array<int|string, string>
+     */
+    private function normalizedContentTypeParts(string $contentType): array
+    {
+        $parts  = array_map('trim', explode(';', $contentType));
+        $result = [strtolower(array_shift($parts))];
+
+        foreach ($parts as $part) {
+            [$parameter, $value] = explode('=', $part, 2);
+            $parameter           = strtolower($parameter);
+
+            if ($value[0] === '"') { // quoted-string
+                $value = str_replace('\\', '', substr($value, 1, -1));
+            }
+
+            if ($parameter === 'charset') {
+                $value = strtolower($value);
+            }
+
+            $result[$parameter] = $value;
+        }
+
+        return $result;
     }
 
     /**