Validate implementation-specific query parameters according to specification

tobyzerner · tobyzerner · commit 7405e07b93b4 · 2021-08-30T15:14:59.000+10:00
diff --git a/src/JsonApi.php b/src/JsonApi.php
@@ -115,6 +115,8 @@ public function handle(Request $request): Response
     {
         // $this->validateRequest($request);
 
+        $this->validateQueryParameters($request);
+
         $context = new Context($this, $request);
 
         foreach ($this->extensions as $extension) {
@@ -151,6 +153,18 @@ public function handle(Request $request): Response
         throw new BadRequestException();
     }
 
+    private function validateQueryParameters(Request $request): void
+    {
+        foreach ($request->getQueryParams() as $key => $value) {
+            if (
+                ! preg_match('/[^a-z]/', $key)
+                && ! in_array($key, ['include', 'fields', 'filter', 'page', 'sort'])
+            ) {
+                throw (new BadRequestException('Invalid query parameter: '.$key))->setSourceParameter($key);
+            }
+        }
+    }
+
     private function validateRequest(Request $request): void
     {
         // TODO
diff --git a/tests/specification/QueryParametersTest.php b/tests/specification/QueryParametersTest.php
@@ -11,6 +11,7 @@
 
 namespace Tobyz\Tests\JsonApiServer\specification;
 
+use Tobyz\JsonApiServer\Exception\BadRequestException;
 use Tobyz\JsonApiServer\JsonApi;
 use Tobyz\Tests\JsonApiServer\AbstractTestCase;
 use Tobyz\Tests\JsonApiServer\MockAdapter;
@@ -25,20 +26,29 @@ class QueryParametersTest extends AbstractTestCase
      */
     private $api;
 
-    /**
-     * @var MockAdapter
-     */
-    private $adapter;
-
     public function setUp(): void
     {
         $this->api = new JsonApi('http://example.com');
-
-        $this->adapter = new MockAdapter();
+        $this->api->resourceType('users', new MockAdapter());
     }
 
     public function test_bad_request_error_if_unknown_query_parameters()
     {
-        $this->markTestIncomplete();
+        $request = $this->buildRequest('GET', '/users/1')
+            ->withQueryParams(['unknown' => 'value']);
+
+        $this->expectException(BadRequestException::class);
+
+        $this->api->handle($request);
+    }
+
+    public function test_supports_custom_query_parameters()
+    {
+        $request = $this->buildRequest('GET', '/users/1')
+            ->withQueryParams(['camelCase' => 'value']);
+
+        $response = $this->api->handle($request);
+
+        $this->assertEquals(200, $response->getStatusCode());
     }
 }
