From d91d444e34b88398abfcbb3abc27239eb0e5bccb Mon Sep 17 00:00:00 2001 From: edlib-oddarne Date: Fri, 13 Mar 2026 14:38:35 +0100 Subject: [PATCH] Improve validation for `format` parameter in Oembed request --- .../hub/app/Http/Requests/OembedRequest.php | 3 ++- sourcecode/hub/app/Oembed/OembedFormat.php | 5 ++++ .../tests/Feature/NdlaLegacy/OembedTest.php | 27 ++++++++++++++++++- 3 files changed, 33 insertions(+), 2 deletions(-) diff --git a/sourcecode/hub/app/Http/Requests/OembedRequest.php b/sourcecode/hub/app/Http/Requests/OembedRequest.php index 6f3ff9ed52..71cf9b7701 100644 --- a/sourcecode/hub/app/Http/Requests/OembedRequest.php +++ b/sourcecode/hub/app/Http/Requests/OembedRequest.php @@ -4,6 +4,7 @@ namespace App\Http\Requests; +use App\Oembed\OembedFormat; use Illuminate\Foundation\Http\FormRequest; use Illuminate\Validation\Rule; @@ -16,7 +17,7 @@ public function rules(): array { return [ 'url' => ['required', 'url'], - 'format' => ['sometimes', Rule::in(['json', 'xml'])], + 'format' => ['sometimes', 'required', Rule::in(OembedFormat::values())], ]; } } diff --git a/sourcecode/hub/app/Oembed/OembedFormat.php b/sourcecode/hub/app/Oembed/OembedFormat.php index 685c65f21b..0ef7f3b224 100644 --- a/sourcecode/hub/app/Oembed/OembedFormat.php +++ b/sourcecode/hub/app/Oembed/OembedFormat.php @@ -16,4 +16,9 @@ public function getContentType(): string self::Xml => 'text/xml; charset=UTF-8', }; } + + public static function values(): array + { + return array_column(self::cases(), 'value'); + } } diff --git a/sourcecode/hub/tests/Feature/NdlaLegacy/OembedTest.php b/sourcecode/hub/tests/Feature/NdlaLegacy/OembedTest.php index 0c9d63a04f..fb8f672ff1 100644 --- a/sourcecode/hub/tests/Feature/NdlaLegacy/OembedTest.php +++ b/sourcecode/hub/tests/Feature/NdlaLegacy/OembedTest.php @@ -4,10 +4,13 @@ namespace Tests\Feature\NdlaLegacy; +use App\Http\Requests\OembedRequest; use App\Models\Content; use App\Models\ContentVersion; +use App\Oembed\OembedFormat; use Illuminate\Foundation\Testing\RefreshDatabase; use Illuminate\Foundation\Testing\WithFaker; +use Illuminate\Support\Facades\Validator; use Illuminate\Testing\Fluent\AssertableJson; use PHPUnit\Framework\Attributes\TestWith; use Tests\TestCase; @@ -50,7 +53,6 @@ public function testOembed(string $endpoint): void public function testCanPassLocale(): void { $id = $this->faker->uuid; - Content::factory() ->withVersion(ContentVersion::factory()->state([ 'title' => 'My content', @@ -74,4 +76,27 @@ public function testCanPassLocale(): void )), ); } + + public function testFormatParameterValidation(): void + { + $request = new OembedRequest(); + $rules = $request->rules(); + + // Only url parameter is required + $validator = Validator::make(['url' => $this->faker->url], $rules); + $this->assertTrue($validator->passes()); + + // Valid format parameter should pass validation + $validator = Validator::make(['url' => $this->faker->url, 'format' => OembedFormat::Xml->value], $rules); + $this->assertTrue($validator->passes()); + + // Empty format parameter should fail validation + $validator = Validator::make(['url' => $this->faker->url, 'format' => ''], $rules); + $this->assertTrue($validator->fails()); + + // Invalid format parameter should fail validation + $validator = Validator::make(['url' => $this->faker->url, 'format' => 'doc'], $rules); + $this->assertTrue($validator->fails()); + + } }