Skip to content

Resource not found during denormalization exposes resource FQCN #7149

New issue
New issue
Closed
Bug
Closed
Resource not found during denormalization exposes resource FQCN#7149
Bug
@Jontsa

Description

@Jontsa
Jontsa
opened on May 15, 2025

API Platform version(s) affected: 4.1.8

Description
After PR #6985 was merged, if IRI reference is not found during denormalization, the error message exposes FQCN of the resource class. The error also implies that the IRI is not valid when in fact the resource is just not found.

How to reproduce
Simplified example of the resources

// src/ApiResource/PaymentResource.php
#[ApiResource(
    operations: [
        new Put(
            uriTemplate: '/payments/{uuid}/redeem_voucher',
            input: VoucherRedeemRequest::class,
            processor: VoucherRedeemProcessor::class,
        )
    ]
)]
class PaymentResource {
}

// src/ApiResource/VoucherResource.php
#[ApiResource]
class VoucherResource
{
    public function __construct(
        #[ApiProperty(identifier: true)]
        public string $code,
    ) {
    }
}

// src/ApiResource/VoucherRedeemRequest.php
class VoucherRedeemRequest
{
    public function __construct(
        #[NotBlank]
        #[ApiProperty(readableLink: false, writableLink: false)]
        public readonly ?VoucherResource $code = null,
    ) {
    }
}

If you call PUT /payments/{uuid}/redeem_voucher with valid IRI syntax but resource is not found, you get the following error

curl -X 'PUT' \
  'https://localhost/payments/e7dcf723-0f27-46f3-b47e-0518616662f2/redeem_voucher' \
  -H 'accept: application/ld+json' \
  -H 'Content-Type: application/ld+json' \
  -d '{"code": "/vouchers/doesnotexist"}'

{
  "@context": "/contexts/ConstraintViolation",
  "@id": "/validation_errors/ba785a8c-82cb-4283-967c-3cf342181b40",
  "@type": "ConstraintViolation",
  "status": 422,
  "violations": [
    {
      "propertyPath": "code",
      "message": "This value should be of type App\\ApiResource\\VoucherResource.",
      "code": "ba785a8c-82cb-4283-967c-3cf342181b40",
      "hint": "The type of the \"App\\ApiResource\\VoucherResource\" resource \"string\" (IRI), \"string\" given."
    }
  ],
  "detail": "code: This value should be of type App\\ApiResource\\VoucherResource.",
  "description": "code: This value should be of type App\\ApiResource\\VoucherResource.",
  "type": "/validation_errors/ba785a8c-82cb-4283-967c-3cf342181b40",
  "title": "An error occurred"
}

I think it is preferable not to expose class names and instead message should be simply "Resource not found." or maybe "This value should be of type VoucherResource." if IRI syntax is not valid.

Possible Solution

Additional Context

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions