4336: Return 400 error on invalid JSON sent to the datastore API

modules/datastore/src/Controller/AbstractQueryController.php

@@ -329,6 +329,11 @@ public static function fixTypes($json, $schema) {
     $data = json_decode($json);
     $validator = new Validator();
     $validator->coerce($data, json_decode($schema));
+
+    if ($data === NULL) {
+      throw new \InvalidArgumentException("Invalid JSON");
+    }
+
     return json_encode($data, JSON_PRETTY_PRINT);
   }
 

modules/datastore/tests/data/query/invalidJson.json

@@ -0,0 +1,3 @@
+{
+  "foo": bar,
+}

modules/datastore/tests/src/Unit/Controller/AbstractQueryControllerTest.php

@@ -25,7 +25,7 @@ public function testGetNormalizer() {
   }
 
   /**
-   * Make sure we get what we expect with a post
+   * Make sure we get what we expect with a POST
    */
   public function testPostNormalizer() {
     $sampleJson = $this->getSampleJson();
@@ -36,7 +36,7 @@ public function testPostNormalizer() {
   }
 
   /**
-   * Make sure we get what we expect with a patch
+   * Make sure we get what we expect with a PATCH
    */
   public function testPatchNormalizer() {
     $sampleJson = $this->getSampleJson();
@@ -48,7 +48,7 @@ public function testPatchNormalizer() {
   }
 
   /**
-   * Make sure we get what we expect with a delete
+   * Make sure we get what we expect with a DELETE
    */
   public function testDeleteNormalizer() {
     $this->expectExceptionMessage("Only POST, PUT, PATCH and GET requests can be normalized");
@@ -59,7 +59,7 @@ public function testDeleteNormalizer() {
   }
 
   /**
-   * Make sure we get what we expect with a put
+   * Make sure we get what we expect with a PUT
    */
   public function testPutNormalizer() {
     $sampleJson = $this->getSampleJson();
@@ -70,10 +70,26 @@ public function testPutNormalizer() {
     $this->assertEquals($requestJson, $sampleJson);
   }
 
+  /**
+   * Make sure we get what we expect with invalid JSON.
+   */
+  public function testInvalidJson() {
+    $this->expectException(\InvalidArgumentException::class);
+    $this->expectExceptionMessage('Invalid JSON');
+    $sampleJson = $this->getBadJson();
+    $schema = $this->getSampleSchema();
+    $request = Request::create("http://example.com", "POST", [], [], [], [], $sampleJson);
+    AbstractQueryController::getPayloadJson($request, $schema);
+  }
+
   private function getSampleJson() {
     return file_get_contents(__DIR__ . "/../../../data/query.json");
   }
 
+  private function getBadJson() {
+    return file_get_contents(__DIR__ . "/../../../data/query/invalidJson.json");
+  }
+
   private function getSampleSchema() {
     return file_get_contents(__DIR__ . "/../../../data/querySchema.json");
   }

modules/datastore/tests/src/Unit/Controller/QueryDownloadControllerTest.php

@@ -339,7 +339,19 @@ public function testStreamedBadSchema() {
   }
 
   /**
-   * Create a mock object for the main container passed to the controller.
+   * Make sure we get what we expect with invalid JSON.
+   */
+  public function testInvalidJson() {
+    $this->expectException(\InvalidArgumentException::class);
+    $this->expectExceptionMessage('Invalid JSON');
+    $sampleJson = $this->getBadJson();
+    $schema = $this->getSampleSchema();
+    $request = $this->mockRequest($sampleJson);
+    QueryDownloadController::getPayloadJson($request, $schema);
+  }
+
+  /**
+   * Create a mock chain for the main container passed to the controller.
    *
    * @param int $rowLimit
    *    The row limit for a query.
@@ -493,4 +505,12 @@ protected function getBuffer($buffer) {
     $this->buffer .= $buffer;
   }
 
+  private function getBadJson() {
+    return file_get_contents(__DIR__ . "/../../../data/query/invalidJson.json");
+  }
+
+  private function getSampleSchema() {
+    return file_get_contents(__DIR__ . "/../../../data/querySchema.json");
+  }
+
 }