Issues

ZF-10789: Add a values validator layer based on schema declaration

Description

I'd like to introduce to Zend Framework a new layer to check/validates values returned in a SOAP response against what user declared in the schema through auto discovery system.

The idea is simple, try to make sure, as much as possible, than data you send to client are matching what you declared in the XSD. It dos NOT mean check if data are meaningful! But keep in mind that it is NOT a validation of your SOAP response against your schema. It does not look at if generated XML is well formated or things like that.

Many times, at webservice programming or usage, it happens to me to get invalid value when looking at what XSD announced. So it takes time and task to warn the one who did the webservice. If I take place of webservice maker, I'd prefer to not send SOAP response at all if I can know before that a value I'll send it totally not matching XSD declaration. So I'd prefer make possible to send SOAP Fault for example instead of invalid value and log the problem for easy detection of the problem at very first tests.

This system comes with restriction as auto discovery has them because of PHP variable type limitation. It could be think about add support for more type at runtime check for more base XSD type. But for first release, I limited support to the PHP limited set of variable type.

Here come the design idea:


/**
 * @xsd sequence
 */ 
class wsGetUserInfosResult extends Zend_Soap_ComplexTypeValuesValidator
{ 
    /**
     * @xsd sequence    start
     * @var string
     */ 
    public $firstName; 
    /**
     * @var string
     */ 
    public $familyName; 
    /**
     * @var AgeType
     */ 
    public $age; 
    /**
     * @var detailsBrotherList
     * @xsd sequence    end
     */ 
    public $detailsBrotherList; 
     
    /**
     * @param   string  $firstName
     * @param   string  $familyName
     * @param   integer $age
     * @param   detailsBrotherList  $detailsBrotherList
     * @return  wsGetUserInfosResult
     */ 
    public function __construct($firstName, $familyName, $age, $detailsBrotherList) { 
        $this->Check_firstName = $firstName; 
        $this->Check_familyName = $familyName; 
        $this->Check_age = $age; 
        $this->Check_detailsBrotherList = $detailsBrotherList; 
         
        return $this; 
    } 
} 

By extending Zend_Soap_ComplexTypeValuesValidator you can use the magic __set method of this class to call the engine of validation of values directly at assign moment. Just add Check_ before real variable name of the class or CheckO_ for CheckOnly if you just want to check value, and manage assignement of the value later by yourself. Also __set method has some limitation, for example $this->Check_Thing]='test'; will not call the __set method, so you to check the value all you can do is: $this->CheckO_Thing='test'; and later, $this->Thing[]='test'; if check does not throw exception.

Here come design for the simple type declaration (that could be use at variable type in complex type schema declaration part):


/**
 * @xsd simpleType  array('id' => 1)
 * @xsd restriction array('base' => 'xsd:string')
 */ 
class AgeType extends Zend_Soap_SimpleTypeValuesValidator
{ 
    /**
     * @xsd pattern array('value' => '[0-9][0-9][0-9]')
     */ 
    public $pattern; 
} 

That's all, you just have to extend with parent class Zend_Soap_ComplexTypeValuesValidator then automatically you have access to the test method of children class through a static call: AgeType::getInstance()->test($value);

You could use directly by yourself, or rely on complex type validator values.

Of course, it could be said that making directly a real schema validation of the SOAP answer would do this job and more. However with current SOAP support and AutoDiscovery system, it's not so easy. AutoDiscovery does not separate XSD from WSDL, it is all in one when validator most of the time want just a schema. Also we do not have the generated XML/SOAP response at this level of code, it is generated and handled by the soap extension written in C. So it is meaning, validation support should be add directly in soap extension.

Link to implementation:

[Zend_Soap_ComplexTypeValuesValidator Zend_Soap_SimpleTypeValuesValidator

Comments

No comments to display