WordPress.org

Make WordPress Core

Changeset 48945


Ignore:
Timestamp:
09/05/2020 06:07:46 PM (3 months ago)
Author:
TimothyBlynJacobs
Message:

REST API: Support a route-level validation callback.

Most request data is validated on a per-parameter basis. Often, however, additional validation is needed that operates on the entire request object. Currently, this is done in the route callback and often in the prepare_item_for_database method specifically.

#50244 aims to introduce batch processing in the REST API. An important feature is the ability to enforce that all requests have valid data before executing the route callbacks in "pre-validate" mode.

This patch introduces support for calling a validate_callback after all parameter validation has succeeded. That allows moving more validation outside of the route callback and into WP_REST_Request which will improve "pre-validate" support.

Props TimothyBlynJacobs, zieladam.
Fixes #51255.
See #50244.

Location:
trunk
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/class-wp-rest-request.php

    r48642 r48945  
    859859        $required   = array();
    860860
    861         // No arguments set, skip validation.
    862         if ( empty( $attributes['args'] ) ) {
    863             return true;
    864         }
    865 
    866         foreach ( $attributes['args'] as $key => $arg ) {
    867 
     861        $args = empty( $attributes['args'] ) ? array() : $attributes['args'];
     862
     863        foreach ( $args as $key => $arg ) {
    868864            $param = $this->get_param( $key );
    869865            if ( isset( $arg['required'] ) && true === $arg['required'] && null === $param ) {
     
    891887        $invalid_params = array();
    892888
    893         foreach ( $attributes['args'] as $key => $arg ) {
     889        foreach ( $args as $key => $arg ) {
    894890
    895891            $param = $this->get_param( $key );
     
    920916        }
    921917
     918        if ( isset( $attributes['validate_callback'] ) ) {
     919            $valid_check = call_user_func( $attributes['validate_callback'], $this );
     920
     921            if ( is_wp_error( $valid_check ) ) {
     922                return $valid_check;
     923            }
     924
     925            if ( false === $valid_check ) {
     926                // A WP_Error instance is preferred, but false is supported for parity with the per-arg validate_callback.
     927                return new WP_Error( 'rest_invalid_params', __( 'Invalid parameters.' ), array( 'status' => 400 ) );
     928            }
     929        }
     930
    922931        return true;
    923 
    924932    }
    925933
  • trunk/tests/phpunit/tests/rest-api/rest-request.php

    r48939 r48945  
    780780        $this->assertSame( 'value', $request->get_param( 'param' ) );
    781781    }
     782
     783    /**
     784     * @ticket 51255
     785     */
     786    public function test_route_level_validate_callback() {
     787        $request = new WP_REST_Request();
     788        $request->set_query_params( array( 'test' => 'value' ) );
     789
     790        $error    = new WP_Error( 'error_code', __( 'Error Message' ), array( 'status' => 400 ) );
     791        $callback = $this->createPartialMock( 'stdClass', array( '__invoke' ) );
     792        $callback->expects( self::once() )->method( '__invoke' )->with( self::identicalTo( $request ) )->willReturn( $error );
     793        $request->set_attributes(
     794            array(
     795                'args'              => array(
     796                    'test' => array(
     797                        'validate_callback' => '__return_true',
     798                    ),
     799                ),
     800                'validate_callback' => $callback,
     801            )
     802        );
     803
     804        $this->assertSame( $error, $request->has_valid_params() );
     805    }
     806
     807    /**
     808     * @ticket 51255
     809     */
     810    public function test_route_level_validate_callback_no_parameter_callbacks() {
     811        $request = new WP_REST_Request();
     812        $request->set_query_params( array( 'test' => 'value' ) );
     813
     814        $error    = new WP_Error( 'error_code', __( 'Error Message' ), array( 'status' => 400 ) );
     815        $callback = $this->createPartialMock( 'stdClass', array( '__invoke' ) );
     816        $callback->expects( self::once() )->method( '__invoke' )->with( self::identicalTo( $request ) )->willReturn( $error );
     817        $request->set_attributes(
     818            array(
     819                'validate_callback' => $callback,
     820            )
     821        );
     822
     823        $this->assertSame( $error, $request->has_valid_params() );
     824    }
     825
     826    /**
     827     * @ticket 51255
     828     */
     829    public function test_route_level_validate_callback_is_not_executed_if_parameter_validation_fails() {
     830        $request = new WP_REST_Request();
     831        $request->set_query_params( array( 'test' => 'value' ) );
     832
     833        $callback = $this->createPartialMock( 'stdClass', array( '__invoke' ) );
     834        $callback->expects( self::never() )->method( '__invoke' );
     835        $request->set_attributes(
     836            array(
     837                'validate_callback' => $callback,
     838                'args'              => array(
     839                    'test' => array(
     840                        'validate_callback' => '__return_false',
     841                    ),
     842                ),
     843            )
     844        );
     845
     846        $valid = $request->has_valid_params();
     847        $this->assertWPError( $valid );
     848        $this->assertEquals( 'rest_invalid_param', $valid->get_error_code() );
     849    }
    782850}
Note: See TracChangeset for help on using the changeset viewer.