Symfony POST 请求正在通过验证，但它应该给出错误

Question

订单模型.php

<?php

namespace App\Dto\Request\Model;

use Symfony\Component\Validator\Constraints as Assert;

class OrderModel
{
    #[Assert\Uuid(message: "Order id must be an unique identifier value.")]
    #[Assert\Positive(message: "Order id must be a positive integer value.")]
    public int $id;

    /**
     * @Assert\Positive(message="customerId must be a positive integer value.")
     */
    public int $customerId;

    public array $items;

    /**
     * @Assert\Type("string", message="Order total must be a string float value.")
     * @Assert\Type("float", message="Order total must be a string float value.")
     */
    public string $total;
}

订单类型.php

<?php

use App\Dto\Request\Model\OrderModel;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\Extension\Core\Type\CollectionType;
use Symfony\Component\Form\Extension\Core\Type\IntegerType;
use Symfony\Component\Form\Extension\Core\Type\TextType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\OptionsResolver\OptionsResolver;

class OrderType extends AbstractType
{
    public function buildForm(FormBuilderInterface $builder, array $options)
    {
        $builder
            ->add('id', IntegerType::class)
            ->add('customerId', IntegerType::class)
            ->add('items', CollectionType::class, [
                'entry_type' => ItemType::class
            ])
            ->add('total', TextType::class);
    }

    public function configureOptions(OptionsResolver $resolver)
    {
        $resolver->setDefaults([
            'data_class' => OrderModel::class
        ]);
    }
}

OrderController.php：

#[Route('/order', name:'order_new', methods: 'POST')]
public function create(ManagerRegistry $doctrine, Request $request): JsonResponse|Response
{
    $form = $this->createForm(\OrderType::class);
    if ($request->isMethod('POST')) {
        $form->submit($request->request->get($form->getName()));
        if(!$form->isSubmitted() || !$form->isValid()){
            return $this->handleView($this->view($form, Response::HTTP_BAD_REQUEST));
        }
    }
}

我的帖子请求：

{
  "id": "dsdas",
  "customerId": 1,
  "items": [
      {
          "productId": 1,
          "quantity": 1,
          "unitPrice": "250.25",
          "total": "250.25"
      },
      {
          "productId": 1,
          "quantity": 1,
          "unitPrice": "250.25",
          "total": "250.25"
      }
  ],
  "total": "500.50"
}

此请求正在通过验证，我正在尝试弄清楚。任何想法将不胜感激。

Answer 1

我认为您在提交的数据中缺少表单名称作为顶级键。您正在尝试发送此内容：

{
    "id": "dsdas",
    "customerId": 1,
    "total": "500.50"
}

您的代码 ($request->request->get($form->getName())) 期望这样（如果表单名称是“order_type”）

{
    "order_type": {
        "id": "dsdas",
        "customerId": 1,
        "total": "500.50"
    }
}

一个解决方案是创建一个命名表单...没有名称:)

public function create(
    Request $request,
    FormFactoryInterface $formFactory
) {
    // Create form with no name: setting the first parameter to '' means no name (ideal for API endpoints)
    $form = $formFactory->createNamed('', OrderType::class);
    $form->handleRequest($request);
    if(
        !$form->isSubmitted() ||
        !$form->isValid()
    ) {
        // ...
    } else {
        // ...
    }
}

第二种解决方案是自己添加表单名称

public function create(Request $request): JsonResponse|Response
{
    $form = $this->createForm(\OrderType::class);
    if ($request->isMethod('POST')) {
        $form->submit([
            // You can also add the key yourself right before submitting
            $form->getName() => $request->request->all(),
        ]);
        if(
            !$form->isSubmitted() ||
            !$form->isValid()
        ){
            return $this->handleView($this->view($form, Response::HTTP_BAD_REQUEST));
        }
    }
}

第三个选项（但不是最好的选项）是您始终将数据与表单密钥一起发送到控制器，但如果它是 API 端点，我不会选择此选项。所以只有当是常规表单提交且提交的表单字段全部以原始表单名称前缀生成时。

作为最后一个选项，您还可以捕获传入的两种数据格式。也许类似这样，您实际上可以使用或不使用密钥进行发送：

$finalData = $request->request->get($form->getName()) ?: $request->request->all();
$form->submit([$form->getName() => $finalData]);