api-platform · soyuka · May 22, 2025 · May 22, 2025 · May 22, 2025 · May 22, 2025
diff --git a/src/Laravel/ApiPlatformDeferredProvider.php b/src/Laravel/ApiPlatformDeferredProvider.php
@@ -46,6 +46,7 @@
 use ApiPlatform\Laravel\Metadata\ParameterValidationResourceMetadataCollectionFactory;
 use ApiPlatform\Laravel\State\ParameterValidatorProvider;
 use ApiPlatform\Laravel\State\SwaggerUiProcessor;
+use ApiPlatform\Laravel\State\ValidateProvider;
 use ApiPlatform\Metadata\InflectorInterface;
 use ApiPlatform\Metadata\Operation\PathSegmentNameGeneratorInterface;
 use ApiPlatform\Metadata\Property\Factory\PropertyMetadataFactoryInterface;
@@ -76,7 +77,6 @@
 use ApiPlatform\State\Pagination\Pagination;
 use ApiPlatform\State\ParameterProviderInterface;
 use ApiPlatform\State\ProcessorInterface;
-use ApiPlatform\State\Provider\DeserializeProvider;
 use ApiPlatform\State\Provider\ParameterProvider;
 use ApiPlatform\State\Provider\SecurityParameterProvider;
 use ApiPlatform\State\ProviderInterface;
@@ -133,7 +133,7 @@
             return new ParameterProvider(
                 new ParameterValidatorProvider(
                     new SecurityParameterProvider(
-                        $app->make(DeserializeProvider::class),
+                        $app->make(ValidateProvider::class),
                         $app->make(ResourceAccessCheckerInterface::class)
                     ),
                 ),

diff --git a/src/Laravel/ApiPlatformProvider.php b/src/Laravel/ApiPlatformProvider.php
@@ -88,7 +88,6 @@
 use ApiPlatform\Laravel\Eloquent\Metadata\ResourceClassResolver as EloquentResourceClassResolver;
 use ApiPlatform\Laravel\Eloquent\PropertyAccess\PropertyAccessor as EloquentPropertyAccessor;
 use ApiPlatform\Laravel\Eloquent\Serializer\SerializerContextBuilder as EloquentSerializerContextBuilder;
-use ApiPlatform\Laravel\Eloquent\Serializer\SnakeCaseToCamelCaseNameConverter;
 use ApiPlatform\Laravel\Exception\ErrorHandler;
 use ApiPlatform\Laravel\GraphQl\Controller\EntrypointController as GraphQlEntrypointController;
 use ApiPlatform\Laravel\GraphQl\Controller\GraphiQlController;
@@ -178,6 +177,7 @@
 use Symfony\Component\Serializer\Mapping\Loader\LoaderInterface;
 use Symfony\Component\Serializer\NameConverter\MetadataAwareNameConverter;
 use Symfony\Component\Serializer\NameConverter\NameConverterInterface;
+use Symfony\Component\Serializer\NameConverter\SnakeCaseToCamelCaseNameConverter;
 use Symfony\Component\Serializer\Normalizer\ArrayDenormalizer;
 use Symfony\Component\Serializer\Normalizer\BackedEnumNormalizer;
 use Symfony\Component\Serializer\Normalizer\DateIntervalNormalizer;
@@ -343,12 +343,18 @@
             return new SwaggerUiProvider($app->make(ReadProvider::class), $app->make(OpenApiFactoryInterface::class), $config->get('api-platform.swagger_ui.enabled', false));
         });
 
-        $this->app->singleton(ValidateProvider::class, function (Application $app) {
-            return new ValidateProvider($app->make(SwaggerUiProvider::class), $app);
+        $this->app->singleton(DeserializeProvider::class, function (Application $app) {
+            return new DeserializeProvider($app->make(SwaggerUiProvider::class), $app->make(SerializerInterface::class), $app->make(SerializerContextBuilderInterface::class));
         });
 
-        $this->app->singleton(DeserializeProvider::class, function (Application $app) {
-            return new DeserializeProvider($app->make(ValidateProvider::class), $app->make(SerializerInterface::class), $app->make(SerializerContextBuilderInterface::class));
+        $this->app->singleton(ValidateProvider::class, function (Application $app) {
+            $config = $app['config'];
+            $nameConverter = $config->get('api-platform.name_converter', SnakeCaseToCamelCaseNameConverter::class);
+            if ($nameConverter && class_exists($nameConverter)) {
+                $nameConverter = $app->make($nameConverter);
+            }
+
+            return new ValidateProvider($app->make(DeserializeProvider::class), $app, $app->make(ObjectNormalizer::class), $nameConverter);
         });
 
         if (class_exists(JsonApiProvider::class)) {

diff --git a/src/Laravel/Eloquent/Serializer/SnakeCaseToCamelCaseNameConverter.php b/src/Laravel/Eloquent/Serializer/SnakeCaseToCamelCaseNameConverter.php
diff --git a/src/Laravel/State/ValidateProvider.php b/src/Laravel/State/ValidateProvider.php
@@ -14,12 +14,16 @@
 namespace ApiPlatform\Laravel\State;
 
 use ApiPlatform\Metadata\Error;
+use ApiPlatform\Metadata\Exception\RuntimeException;
 use ApiPlatform\Metadata\Operation;
 use ApiPlatform\State\ProviderInterface;
 use Illuminate\Contracts\Foundation\Application;
+use Illuminate\Database\Eloquent\Model;
 use Illuminate\Foundation\Http\FormRequest;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Validation\ValidationException;
+use Symfony\Component\Serializer\NameConverter\NameConverterInterface;
+use Symfony\Component\Serializer\Normalizer\NormalizerInterface;
 
 /**
  * @implements ProviderInterface<object>
@@ -34,12 +38,15 @@
     public function __construct(
         private readonly ProviderInterface $inner,
         private readonly Application $app,
+        // TODO: trigger deprecation in API Platform 4.2 when this is not defined
+        private readonly ?NormalizerInterface $normalizer = null,
+        ?NameConverterInterface $nameConverter = null,
     ) {
+        $this->nameConverter = $nameConverter;
     }
 
     public function provide(Operation $operation, array $uriVariables = [], array $context = []): object|array|null
     {
-        $request = $context['request'];
         $body = $this->inner->provide($operation, $uriVariables, $context);
 
         if ($operation instanceof Error) {
@@ -74,12 +81,7 @@
             return $body;
         }
 
-        // In Symfony, validation is done on the Resource object (here $body) using Deserialization before Validation
-        // Here, we did not deserialize yet, we validate on the raw body before.
-        $validationBody = $request->request->all();
-        if ('jsonapi' === $request->getRequestFormat()) {
-            $validationBody = $validationBody['data']['attributes'];
-        }
+        $validationBody = $this->getBodyForValidation($body);
 
         $validator = Validator::make($validationBody, $rules);
         if ($validator->fails()) {
@@ -88,4 +90,35 @@
 
         return $body;
     }
+
+    /**
+     * @return array<string, mixed>
+     */
+    private function getBodyForValidation(mixed $body): array
+    {
+        if (!$body) {
+            return [];
+        }
+
+        if ($body instanceof Model) {
+            return $body->toArray();
+        }
+
+        if ($this->normalizer) {
+            if (!\is_array($v = $this->normalizer->normalize($body))) {
+                throw new RuntimeException('An array is expected.');
+            }
+
+            return $v;
+        }
+
+        // hopefully this path never gets used, its there for BC-layer only
+        // TODO: deprecation in API Platform 4.2
+        // TODO: remove in 5.0
+        if ($s = json_encode($body)) {
+            return json_decode($s, true);
+        }
+
+        throw new RuntimeException('Could not transform the denormalized body in an array for validation');
+    }
 }
diff --git a/src/Laravel/State/ValidationErrorTrait.php b/src/Laravel/State/ValidationErrorTrait.php
@@ -16,16 +16,19 @@
 use ApiPlatform\Laravel\ApiResource\ValidationError;
 use Illuminate\Contracts\Validation\Validator;
 use Illuminate\Validation\ValidationException;
+use Symfony\Component\Serializer\NameConverter\NameConverterInterface;
 
 trait ValidationErrorTrait
 {
+    private ?NameConverterInterface $nameConverter = null;
+
     private function getValidationError(Validator $validator, ValidationException $e): ValidationError
     {
         $errors = $validator->errors();
         $violations = [];
         $id = hash('xxh3', implode(',', $errors->keys()));
         foreach ($errors->messages() as $prop => $message) {
-            $violations[] = ['propertyPath' => $prop, 'message' => implode(\PHP_EOL, $message)];
+            $violations[] = ['propertyPath' => $this->nameConverter ? $this->nameConverter->normalize($prop) : $prop, 'message' => implode(\PHP_EOL, $message)];
         }
 
         return new ValidationError($e->getMessage(), $id, $e, $violations);

diff --git a/src/Laravel/Tests/SnakeCaseApiTest.php b/src/Laravel/Tests/SnakeCaseApiTest.php
@@ -69,4 +69,20 @@
                 ],
             ]);
     }
+
+    public function testFailWithCamelCase(): void
+    {
+        $cartData = [
+            'productSku' => 'SKU_TEST_001',
+            'quantity' => 2,
+            'priceAtAddition' => '19.99',
+            'shoppingCart' => [
+                'userIdentifier' => 'user-'.Str::uuid()->toString(),
+                'status' => 'active',
+            ],
+        ];
+
+        $response = $this->postJson('/api/cart_items', $cartData, ['accept' => 'application/ld+json', 'content-type' => 'application/ld+json']);
+        $response->assertStatus(422);
+    }
 }
diff --git a/src/Laravel/Tests/ValidationTest.php b/src/Laravel/Tests/ValidationTest.php
@@ -0,0 +1,60 @@
+<?php
+
+/*
+ * This file is part of the API Platform project.
+ *
+ * (c) Kévin Dunglas <dunglas@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace ApiPlatform\Laravel\Tests;
+
+use ApiPlatform\Laravel\Test\ApiTestAssertionsTrait;
+use Illuminate\Contracts\Config\Repository;
+use Illuminate\Foundation\Application;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Orchestra\Testbench\Concerns\WithWorkbench;
+use Orchestra\Testbench\TestCase;
+
+class ValidationTest extends TestCase
+{
+    use ApiTestAssertionsTrait;
+    use RefreshDatabase;
+    use WithWorkbench;
+
+    /**
+     * @param Application $app
+     */
+    protected function defineEnvironment($app): void
+    {
+        tap($app['config'], function (Repository $config): void {
+            $config->set('api-platform.formats', ['jsonld' => ['application/ld+json']]);
+            $config->set('api-platform.docs_formats', ['jsonld' => ['application/ld+json']]);
+        });
+    }
+
+    public function testValidationCamelCase(): void
+    {
+        $data = [
+            'surName' => '',
+        ];
+
+        $response = $this->postJson('/api/issue_6932', $data, ['accept' => 'application/ld+json', 'content-type' => 'application/ld+json']);
+        $response->assertJsonFragment(['violations' => [['propertyPath' => 'surName', 'message' => 'The sur name field is required.']]]); // validate that the name has been converted
+        $response->assertStatus(422);
+    }
+
+    public function testValidationSnakeCase(): void
+    {
+        $data = [
+            'sur_name' => 'test',
+        ];
+
+        $response = $this->postJson('/api/issue_6932', $data, ['accept' => 'application/ld+json', 'content-type' => 'application/ld+json']);
+        $response->assertStatus(422);
+    }
+}
diff --git a/src/Laravel/config/api-platform.php b/src/Laravel/config/api-platform.php
@@ -11,10 +11,10 @@
 
 declare(strict_types=1);
 
-use ApiPlatform\Laravel\Eloquent\Serializer\SnakeCaseToCamelCaseNameConverter;
 use ApiPlatform\Metadata\UrlGeneratorInterface;
 use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Auth\AuthenticationException;
+use Symfony\Component\Serializer\NameConverter\SnakeCaseToCamelCaseNameConverter;
 
 return [
     'title' => 'API Platform',

diff --git a/src/Laravel/workbench/app/ApiResource/RuleValidation.php b/src/Laravel/workbench/app/ApiResource/RuleValidation.php
@@ -23,7 +23,7 @@
 )]
 class RuleValidation
 {
-    public function __construct(public int $prop, public ?int $max = null)
+    public function __construct(public ?int $prop = null, public ?int $max = null)
     {
     }
 }
diff --git a/src/Laravel/workbench/app/Models/CartItem.php b/src/Laravel/workbench/app/Models/CartItem.php
@@ -20,7 +20,15 @@
 use Illuminate\Database\Eloquent\Relations\BelongsTo;
 use Symfony\Component\Serializer\Attribute\Groups;
 
-#[ApiResource(denormalizationContext: ['groups' => ['cart_item.write']], normalizationContext: ['groups' => ['cart_item.write']])]
+#[ApiResource(
+    denormalizationContext: ['groups' => ['cart_item.write']],
+    normalizationContext: ['groups' => ['cart_item.write']],
+    rules: [
+        'product_sku' => 'required',
+        'quantity' => 'required',
+        'price_at_addition' => 'required',
+    ]
+)]
 #[Groups('cart_item.write')]
 #[ApiProperty(serialize: new Groups(['shopping_cart.write']), property: 'product_sku')]
 #[ApiProperty(serialize: new Groups(['shopping_cart.write']), property: 'price_at_addition')]

diff --git a/src/Laravel/workbench/app/Models/Issue6932.php b/src/Laravel/workbench/app/Models/Issue6932.php
@@ -0,0 +1,33 @@
+<?php
+
+/*
+ * This file is part of the API Platform project.
+ *
+ * (c) Kévin Dunglas <dunglas@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace App\Models;
+
+use ApiPlatform\Metadata\ApiResource;
+use ApiPlatform\Metadata\Post;
+use Illuminate\Database\Eloquent\Model;
+
+#[ApiResource(
+    operations: [
+        new Post(
+            uriTemplate: '/issue_6932',
+            rules: [
+                'sur_name' => 'required',
+            ]
+        ),
+    ],
+)]
+class Issue6932 extends Model
+{
+    protected $table = 'issue6932';
+}