Issue #3377269 by _tarik_, ReINFaTe, smustgrave, bbrala: Warning: Undefined...

Issue #3377269 by _tarik_, ReINFaTe, smustgrave, bbrala: Warning: Undefined array key "id" in Drupal\jsonapi\Controller\EntityResource->patchIndividual() (cherry picked from commit b930619b)

Issue #3377269 by _tarik_, ReINFaTe, smustgrave, bbrala: Warning: Undefined...
bb6903e8 · Dave Long · ae84c94c · bb6903e8 · bb6903e8
Verified Commit bb6903e8 authored 1 year ago by Dave Long
--- a/core/modules/jsonapi/src/Controller/EntityResource.php
+++ b/core/modules/jsonapi/src/Controller/EntityResource.php
@@ -315,11 +315,11 @@ public function patchIndividual(ResourceType $resource_type, EntityInterface $en

    $body = Json::decode($request->getContent());
    $data = $body['data'];
-    if ($data['id'] != $entity->uuid()) {
+    if (!isset($data['id']) || $data['id'] != $entity->uuid()) {
      throw new BadRequestHttpException(sprintf(
        'The selected entity (%s) does not match the ID in the payload (%s).',
        $entity->uuid(),
-        $data['id']
+        $data['id'] ?? '',
      ));
    }
    $data += ['attributes' => [], 'relationships' => []];

--- a/core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php
+++ b/core/modules/jsonapi/tests/src/Functional/ResourceTestBase.php
@@ -2200,6 +2200,10 @@ public function testPatchIndividual() {
    if ($this->entity instanceof FieldableEntityInterface && $this->entity->hasField('field_jsonapi_test_entity_ref')) {
      $parseable_invalid_request_body_5 = Json::encode(NestedArray::mergeDeep(['data' => ['attributes' => ['field_jsonapi_test_entity_ref' => ['target_id' => $this->randomString()]]]], $this->getPostDocument()));
    }
+    // Invalid PATCH request with missing id key.
+    $parseable_invalid_request_body_6 = $this->getPatchDocument();
+    unset($parseable_invalid_request_body_6['data']['id']);
+    $parseable_invalid_request_body_6 = Json::encode($parseable_invalid_request_body_6);

    // The URL and Guzzle request options that will be used in this test. The
    // request options will be modified/expanded throughout this test:
@@ -2304,6 +2308,12 @@ public function testPatchIndividual() {
      $this->assertResourceErrorResponse(422, "The following relationship fields were provided as attributes: [ field_jsonapi_test_entity_ref ]", $url, $response, FALSE);
    }

+    // DX: 400 when request document doesn't contain id.
+    // This also tests that no PHP warnings raised due to non-existent key.
+    $request_options[RequestOptions::BODY] = $parseable_invalid_request_body_6;
+    $response = $this->request('PATCH', $url, $request_options);
+    $this->assertResourceResponse(400, FALSE, $response);
+
    // 200 for well-formed PATCH request that sends all fields (even including
    // read-only ones, but with unchanged values).
    $valid_request_body = NestedArray::mergeDeep($this->normalize($this->entity, $url), $this->getPatchDocument());