[Question best practice] How do you handle invalid input type in forms? #1798

acorbel · 2017-11-25T10:20:05Z

Hi there,

I'm building a REST API with SF3.4 and FOSRestBundle and I use forms to filter and validate input data.

Here is an example:

class UserType extends AbstractType
{
    public function buildForm(FormBuilderInterface $builder, array $options)
    {
        $builder
            ->add('name', CoreType\TextType::class)
        ;
    }

    public function configureOptions(OptionsResolver $resolver)
    {
        $resolver->setDefaults(array(
            'data_class' => User::class,
            'csrf_protection' => false,
        ));
    }
}

And my form handler:

        $form = $formFactory->createForm(UserType::class, $user);
        $form->submit(array_intersect_key($request->request->all(), $form->all()), true); // delete extra fields
        if ($form->isValid()) ...

When I submit {"name": "test"}, it works well, but when I send {"name": ["test"]}, I get a Symfony\Component\Validator\Exception\UnexpectedTypeException.

Is there a best practice to protect REST apis from invalid input? For now, I just output this exception as 400 status code.

Thank you!

The text was updated successfully, but these errors were encountered:

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Question best practice] How do you handle invalid input type in forms? #1798

[Question best practice] How do you handle invalid input type in forms? #1798

acorbel commented Nov 25, 2017 •

edited

[Question best practice] How do you handle invalid input type in forms? #1798

[Question best practice] How do you handle invalid input type in forms? #1798

Comments

acorbel commented Nov 25, 2017 • edited

acorbel commented Nov 25, 2017 •

edited