Added validation for the ajax requests (#8)

* Added validation for the ajax requests

* code style

Author: Nyholm

Controller/WebUIController.php

@@ -18,6 +18,8 @@
 use Symfony\Component\Intl\Intl;
 use Symfony\Component\Translation\MessageCatalogue;
 use Symfony\Component\Translation\Translator;
+use Translation\Bundle\Exception\MessageValidationException;
+use Translation\Bundle\Model\GuiMessageRepresentation;
 use Translation\Common\Exception\StorageException;
 use Translation\Symfony\Model\Message;
 
@@ -110,19 +112,19 @@ public function showAction($configName, $locale, $domain)
      */
     public function createAction(Request $request, $configName, $locale, $domain)
     {
-        $json = $request->getContent();
-        $data = json_decode($json, true);
-        if (!isset($data['key']) || !isset($data['message'])) {
-            throw new BadRequestHttpException('Payload must contain "key" and "message".');
+        $storage = $this->get('php_translation.storage.file.'.$configName);
+        try {
+            $message = $this->getMessage($request, ['Create']);
+        } catch (MessageValidationException $e) {
+            return new Response($e->getMessage(), 400);
         }
 
-        $storage = $this->get('php_translation.storage.file.'.$configName);
         try {
-            $storage->set($locale, $domain, $data['key'], $data['message']);
+            $storage->set($locale, $domain, $message->getKey(), $message->getMessage());
         } catch (StorageException $e) {
             throw new BadRequestHttpException(sprintf(
                 'Key "%s" does already exist for "%s" on domain "%s".',
-                $data['key'],
+                $message->getKey(),
                 $locale,
                 $domain
             ), $e);
@@ -141,13 +143,13 @@ public function createAction(Request $request, $configName, $locale, $domain)
      */
     public function editAction(Request $request, $configName, $locale, $domain)
     {
-        $json = $request->getContent();
-        $data = json_decode($json, true);
-        if (!isset($data['key']) || !isset($data['message'])) {
-            throw new BadRequestHttpException('Payload must contain "key" and "message".');
+        try {
+            $message = $this->getMessage($request, ['Edit']);
+        } catch (MessageValidationException $e) {
+            return new Response($e->getMessage(), 400);
         }
 
-        $this->get('php_translation.storage.file.'.$configName)->update($locale, $domain, $data['key'], $data['message']);
+        $this->get('php_translation.storage.file.'.$configName)->update($locale, $domain, $message->getKey(), $message->getMessage());
 
         return new Response('Translation updated');
     }
@@ -162,13 +164,13 @@ public function editAction(Request $request, $configName, $locale, $domain)
      */
     public function deleteAction(Request $request, $configName, $locale, $domain)
     {
-        $json = $request->getContent();
-        $data = json_decode($json, true);
-        if (!isset($data['key'])) {
-            throw new BadRequestHttpException('Payload must contain "key".');
+        try {
+            $message = $this->getMessage($request, ['Delete']);
+        } catch (MessageValidationException $e) {
+            return new Response($e->getMessage(), 400);
         }
 
-        $this->get('php_translation.storage.file.'.$configName)->delete($locale, $domain, $data['key']);
+        $this->get('php_translation.storage.file.'.$configName)->delete($locale, $domain, $message->getKey());
 
         return new Response('Message was deleted');
     }
@@ -194,4 +196,30 @@ private function getConfiguration(&$configName)
 
         return $config;
     }
+
+    /**
+     * @param Request $request
+     * @param array   $validationGroups
+     *
+     * @return GuiMessageRepresentation
+     */
+    private function getMessage(Request $request, array $validationGroups = [])
+    {
+        $json = $request->getContent();
+        $data = json_decode($json, true);
+        $message = new GuiMessageRepresentation();
+        if (isset($data['key'])) {
+            $message->setKey($data['key']);
+        }
+        if (isset($data['message'])) {
+            $message->setMessage($data['message']);
+        }
+
+        $errors = $this->get('validator')->validate($message, null, $validationGroups);
+        if (count($errors) > 0) {
+            throw  MessageValidationException::create();
+        }
+
+        return $message;
+    }
 }

Exception/MessageValidationException.php

@@ -0,0 +1,22 @@
+<?php
+
+/*
+ * This file is part of the PHP Translation package.
+ *
+ * (c) PHP Translation team <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Translation\Bundle\Exception;
+
+use Translation\Common\Exception;
+
+class MessageValidationException extends \Exception implements Exception
+{
+    public static function create($message = 'Validation of the translation message failed.')
+    {
+        return new self($message);
+    }
+}

Model/GuiMessageRepresentation.php

@@ -0,0 +1,72 @@
+<?php
+
+/*
+ * This file is part of the PHP Translation package.
+ *
+ * (c) PHP Translation team <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Translation\Bundle\Model;
+
+use Symfony\Component\Validator\Constraints as Assert;
+
+/**
+ * @author Tobias Nyholm <[email protected]>
+ */
+class GuiMessageRepresentation
+{
+    /**
+     * @var string
+     * @Assert\NotBlank(groups={"Create", "Edit", "Delete"})
+     */
+    private $key;
+
+    /**
+     * @var string
+     * @Assert\NotBlank(groups={"Create", "Edit"})
+     */
+    private $message;
+
+    /**
+     * @return string
+     */
+    public function getKey()
+    {
+        return $this->key;
+    }
+
+    /**
+     * @param string $key
+     *
+     * @return GuiMessageRepresentation
+     */
+    public function setKey($key)
+    {
+        $this->key = $key;
+
+        return $this;
+    }
+
+    /**
+     * @return string
+     */
+    public function getMessage()
+    {
+        return $this->message;
+    }
+
+    /**
+     * @param string $message
+     *
+     * @return GuiMessageRepresentation
+     */
+    public function setMessage($message)
+    {
+        $this->message = $message;
+
+        return $this;
+    }
+}