REST: Improve JsonPatchValidator errors

Use the improved error handling we added to swaggest/json-diff to improve errors during patch validation

Bug: T320705
Change-Id: I644e985bb1f98f9872b2f9c6435b2e3f30df813c

Author: outdooracorn

repo/rest-api/src/Infrastructure/JsonDiffJsonPatchValidator.php

@@ -4,7 +4,11 @@
 
 use Swaggest\JsonDiff\Exception;
 use Swaggest\JsonDiff\JsonPatch;
+use Swaggest\JsonDiff\MissingFieldException;
+use Swaggest\JsonDiff\UnknownOperationException;
 use Wikibase\Repo\RestApi\Domain\Services\JsonPatchValidator;
+use Wikibase\Repo\RestApi\Validation\PatchInvalidOpValidationError;
+use Wikibase\Repo\RestApi\Validation\PatchMissingFieldValidationError;
 use Wikibase\Repo\RestApi\Validation\ValidationError;
 
 /**
@@ -15,6 +19,18 @@ class JsonDiffJsonPatchValidator implements JsonPatchValidator {
 	public function validate( array $patch, string $source ): ?ValidationError {
 		try {
 			JsonPatch::import( $patch );
+		} catch ( MissingFieldException $e ) {
+			return new PatchMissingFieldValidationError(
+				$e->getMissingField(),
+				$source,
+				[ 'operation' => (array)$e->getOperation() ]
+			);
+		} catch ( UnknownOperationException $e ) {
+			return new PatchInvalidOpValidationError(
+				$e->getOperation()->op,
+				$source,
+				[ 'operation' => (array)$e->getOperation() ]
+			);
 		} catch ( Exception $e ) {
 			return new ValidationError( '', $source );
 		}

repo/rest-api/src/Presentation/ErrorResponseToHttpStatus.php

@@ -21,6 +21,8 @@ class ErrorResponseToHttpStatus {
 		ErrorResponse::INVALID_OPERATION_CHANGED_STATEMENT_ID => 400,
 		ErrorResponse::INVALID_OPERATION_CHANGED_PROPERTY => 400,
 		ErrorResponse::INVALID_PATCH => 400,
+		ErrorResponse::INVALID_PATCH_OPERATION => 400,
+		ErrorResponse::MISSING_JSON_PATCH_FIELD => 400,
 		ErrorResponse::PERMISSION_DENIED => 403,
 		ErrorResponse::ITEM_NOT_FOUND => 404,
 		ErrorResponse::ITEM_REDIRECTED => 409,

repo/rest-api/src/UseCases/ErrorResponse.php

@@ -19,6 +19,8 @@ class ErrorResponse {
 	public const CANNOT_APPLY_PATCH = 'cannot-apply-patch';
 	public const PATCH_TEST_FAILED = 'patch-test-failed';
 	public const INVALID_PATCH = 'invalid-patch';
+	public const INVALID_PATCH_OPERATION = 'invalid-patch-operation';
+	public const MISSING_JSON_PATCH_FIELD = 'missing-json-patch-field';
 	public const ITEM_NOT_FOUND = 'item-not-found';
 	public const ITEM_REDIRECTED = 'redirected-item';
 	public const PERMISSION_DENIED = 'permission-denied';

repo/rest-api/src/UseCases/PatchItemStatement/PatchItemStatementErrorResponse.php

@@ -4,6 +4,8 @@
 
 use LogicException;
 use Wikibase\Repo\RestApi\UseCases\ErrorResponse;
+use Wikibase\Repo\RestApi\Validation\PatchInvalidOpValidationError;
+use Wikibase\Repo\RestApi\Validation\PatchMissingFieldValidationError;
 use Wikibase\Repo\RestApi\Validation\ValidationError;
 
 /**
@@ -27,11 +29,27 @@ public static function newFromValidationError( ValidationError $validationError
 				);
 
 			case PatchItemStatementValidator::SOURCE_PATCH:
-				return new self(
-					ErrorResponse::INVALID_PATCH,
-					"The provided patch is invalid"
-				);
-
+				switch ( true ) {
+					case $validationError instanceof PatchInvalidOpValidationError:
+						$op = $validationError->getValue();
+						return new self(
+							ErrorResponse::INVALID_PATCH_OPERATION,
+							"Incorrect JSON patch operation: '$op'",
+							$validationError->getContext()
+						);
+					case $validationError instanceof PatchMissingFieldValidationError:
+						$field = $validationError->getValue();
+						return new self(
+							ErrorResponse::MISSING_JSON_PATCH_FIELD,
+							"Missing '$field' in JSON patch",
+							$validationError->getContext()
+						);
+					default:
+						return new self(
+							ErrorResponse::INVALID_PATCH,
+							"The provided patch is invalid"
+						);
+				}
 			case PatchItemStatementValidator::SOURCE_EDIT_TAGS:
 				return new self(
 					ErrorResponse::INVALID_EDIT_TAG,

repo/rest-api/src/Validation/PatchInvalidOpValidationError.php

@@ -0,0 +1,10 @@
+<?php declare( strict_types=1 );
+
+namespace Wikibase\Repo\RestApi\Validation;
+
+/**
+ * @license GPL-2.0-or-later
+ */
+class PatchInvalidOpValidationError extends ValidationError {
+
+}

repo/rest-api/src/Validation/PatchMissingFieldValidationError.php

@@ -0,0 +1,10 @@
+<?php declare( strict_types=1 );
+
+namespace Wikibase\Repo\RestApi\Validation;
+
+/**
+ * @license GPL-2.0-or-later
+ */
+class PatchMissingFieldValidationError extends ValidationError {
+
+}

repo/rest-api/src/Validation/ValidationError.php

@@ -8,10 +8,12 @@
 class ValidationError {
 	private string $value;
 	private string $source;
+	private ?array $context;
 
-	public function __construct( string $value, string $source ) {
+	public function __construct( string $value, string $source, array $context = null ) {
 		$this->value = $value;
 		$this->source = $source;
+		$this->context = $context;
 	}
 
 	public function getValue(): string {
@@ -22,4 +24,7 @@ public function getSource(): string {
 		return $this->source;
 	}
 
+	public function getContext(): ?array {
+		return $this->context;
+	}
 }

repo/rest-api/tests/mocha/api-testing/PatchItemStatementTest.js

@@ -14,10 +14,15 @@ function makeEtag( ...revisionIds ) {
 	return revisionIds.map( ( revId ) => `"${revId}"` ).join( ',' );
 }
 
-function assertValid400Response( response, responseBodyErrorCode ) {
+function assertValid400Response( response, responseBodyErrorCode, context = null ) {
 	assert.strictEqual( response.status, 400 );
 	assert.header( response, 'Content-Language', 'en' );
 	assert.strictEqual( response.body.code, responseBodyErrorCode );
+	if ( context === null ) {
+		assert.notProperty( response.body, 'context' );
+	} else {
+		assert.deepStrictEqual( response.body.context, context );
+	}
 }
 
 function assertValid404Response( response, responseBodyErrorCode ) {
@@ -187,13 +192,58 @@ describe( 'PATCH statement tests', () => {
 				} );
 
 				it( 'invalid patch', async () => {
-					const invalidPatch = { patch: 'this is not a valid JSON Patch' };
+					const invalidPatch = { foo: 'this is not a valid JSON Patch' };
 					const response = await newPatchRequestBuilder( testStatementId, invalidPatch )
 						.assertInvalidRequest().makeRequest();
 
 					assertValid400Response( response, 'invalid-patch' );
 				} );
 
+				it( "invalid patch - missing 'op' field", async () => {
+					const invalidOperation = { path: '/a/b/c', value: 'test' };
+					const response = await newPatchRequestBuilder( testStatementId, [ invalidOperation ] )
+						.assertInvalidRequest().makeRequest();
+
+					assertValid400Response( response, 'missing-json-patch-field', { operation: invalidOperation } );
+					assert.include( response.body.message, "'op'" );
+				} );
+
+				it( "invalid patch - missing 'path' field", async () => {
+					const invalidOperation = { op: 'remove' };
+					const response = await newPatchRequestBuilder( testStatementId, [ invalidOperation ] )
+						.assertInvalidRequest().makeRequest();
+
+					assertValid400Response( response, 'missing-json-patch-field', { operation: invalidOperation } );
+					assert.include( response.body.message, "'path'" );
+				} );
+
+				it( "invalid patch - missing 'value' field", async () => {
+					const invalidOperation = { op: 'add', path: '/a/b/c' };
+					const response = await newPatchRequestBuilder( testStatementId, [ invalidOperation ] )
+						.makeRequest();
+
+					assertValid400Response( response, 'missing-json-patch-field', { operation: invalidOperation } );
+					assert.include( response.body.message, "'value'" );
+				} );
+
+				it( "invalid patch - missing 'from' field", async () => {
+					const invalidOperation = { op: 'move', path: '/a/b/c' };
+					const response = await newPatchRequestBuilder( testStatementId, [ invalidOperation ] )
+						.makeRequest();
+
+					assertValid400Response( response, 'missing-json-patch-field', { operation: invalidOperation } );
+					assert.include( response.body.message, "'from'" );
+				} );
+
+				it( "invalid patch - invalid 'op' field", async () => {
+					const invalidOperation = { op: 'foobar', path: '/a/b/c', value: 'test' };
+					const response = await newPatchRequestBuilder( testStatementId, [ invalidOperation ] )
+						.assertInvalidRequest().makeRequest();
+
+					assertValid400Response( response, 'invalid-patch-operation', { operation: invalidOperation } );
+					assert.include( response.body.message, "'foobar'" );
+				} );
+
 				it( 'invalid edit tag', async () => {
 					const invalidEditTag = 'invalid tag';
 					const response = await newPatchRequestBuilder( testStatementId, [] )

repo/rest-api/tests/phpunit/Infrastructure/JsonDiffJsonPatchValidatorTest.php

@@ -2,9 +2,12 @@
 
 namespace Wikibase\Repo\Tests\RestApi\Infrastructure;
 
+use Generator;
 use PHPUnit\Framework\TestCase;
 use Swaggest\JsonDiff\JsonDiff;
 use Wikibase\Repo\RestApi\Infrastructure\JsonDiffJsonPatchValidator;
+use Wikibase\Repo\RestApi\Validation\PatchInvalidOpValidationError;
+use Wikibase\Repo\RestApi\Validation\PatchMissingFieldValidationError;
 
 /**
  * @covers \Wikibase\Repo\RestApi\Infrastructure\JsonDiffJsonPatchValidator
@@ -28,6 +31,62 @@ public function testInvalidJsonPatch(): void {
 
 		$this->assertSame( $source, $error->getSource() );
 		$this->assertEmpty( $error->getValue() );
+		$this->assertNull( $error->getContext() );
+	}
+
+	/**
+	 * @dataProvider provideInvalidJsonPatch
+	 */
+	public function testInvalidJsonPatch_specificExceptions( string $errorInstance, array $patch, string $value, ?array $context ): void {
+		$source = 'test source';
+		$error = ( new JsonDiffJsonPatchValidator() )->validate( $patch, $source );
+
+		$this->assertInstanceOf( $errorInstance, $error );
+		$this->assertSame( $source, $error->getSource() );
+		$this->assertSame( $value, $error->getValue() );
+		$this->assertSame( $context, $error->getContext() );
+	}
+
+	public function provideInvalidJsonPatch(): Generator {
+		$invalidOperationObject = [ 'path' => '/a/b/c', 'value' => 'foo' ];
+		yield 'missing "op" field' => [
+			PatchMissingFieldValidationError::class,
+			[ $invalidOperationObject ],
+			'op',
+			[ 'operation' => $invalidOperationObject ]
+		];
+
+		$invalidOperationObject = [ 'op' => 'add', 'value' => 'foo' ];
+		yield 'missing "path" field' => [
+			PatchMissingFieldValidationError::class,
+			[ $invalidOperationObject ],
+			'path',
+			[ 'operation' => $invalidOperationObject ]
+		];
+
+		$invalidOperationObject = [ 'op' => 'add', 'path' => '/a/b/c' ];
+		yield 'missing "value" field' => [
+			PatchMissingFieldValidationError::class,
+			[ $invalidOperationObject ],
+			'value',
+			[ 'operation' => $invalidOperationObject ]
+		];
+
+		$invalidOperationObject = [ 'op' => 'copy', 'path' => '/a/b/c' ];
+		yield 'missing "from" field' => [
+			PatchMissingFieldValidationError::class,
+			[ $invalidOperationObject ],
+			'from',
+			[ 'operation' => $invalidOperationObject ]
+		];
+
+		$invalidOperationObject = [ 'op' => 'invalid', 'path' => '/a/b/c', 'value' => 'foo' ];
+		yield 'invalid "op" field' => [
+			PatchInvalidOpValidationError::class,
+			[ $invalidOperationObject ],
+			'invalid',
+			[ 'operation' => $invalidOperationObject ]
+		];
 	}
 
 	public function testValidJsonPatch(): void {

repo/rest-api/tests/phpunit/UseCases/PatchItemStatement/PatchItemStatementErrorResponseTest.php

@@ -6,6 +6,8 @@
 use Wikibase\Repo\RestApi\UseCases\ErrorResponse;
 use Wikibase\Repo\RestApi\UseCases\PatchItemStatement\PatchItemStatementErrorResponse;
 use Wikibase\Repo\RestApi\UseCases\PatchItemStatement\PatchItemStatementValidator;
+use Wikibase\Repo\RestApi\Validation\PatchInvalidOpValidationError;
+use Wikibase\Repo\RestApi\Validation\PatchMissingFieldValidationError;
 use Wikibase\Repo\RestApi\Validation\ValidationError;
 
 /**
@@ -23,12 +25,14 @@ class PatchItemStatementErrorResponseTest extends TestCase {
 	public function testNewFromValidationError(
 		ValidationError $validationError,
 		string $expectedCode,
-		string $expectedMessage
+		string $expectedMessage,
+		array $expectedContext = null
 	): void {
 		$response = PatchItemStatementErrorResponse::newFromValidationError( $validationError );
 
 		$this->assertEquals( $expectedCode, $response->getCode() );
 		$this->assertEquals( $expectedMessage, $response->getMessage() );
+		$this->assertEquals( $expectedContext, $response->getContext() );
 	}
 
 	public function provideValidationError(): \Generator {
@@ -50,6 +54,22 @@ public function provideValidationError(): \Generator {
 			'The provided patch is invalid'
 		];
 
+		$context = [ 'operation' => [ 'path' => '/a/b/c', 'value' => 'test' ] ];
+		yield 'from missing patch field' => [
+			new PatchMissingFieldValidationError( 'op', PatchItemStatementValidator::SOURCE_PATCH, $context ),
+			ErrorResponse::MISSING_JSON_PATCH_FIELD,
+			"Missing 'op' in JSON patch",
+			$context
+		];
+
+		$context = [ 'operation' => [ 'op' => 'bad', 'path' => '/a/b/c', 'value' => 'test' ] ];
+		yield 'from invalid patch operation' => [
+			new PatchInvalidOpValidationError( 'bad', PatchItemStatementValidator::SOURCE_PATCH, $context ),
+			ErrorResponse::INVALID_PATCH_OPERATION,
+			"Incorrect JSON patch operation: 'bad'",
+			$context
+		];
+
 		yield 'from comment too long' => [
 			new ValidationError( '500', PatchItemStatementValidator::SOURCE_COMMENT ),
 			ErrorResponse::COMMENT_TOO_LONG,