feature #27735 [Validator][DoctrineBridge][FWBundle] Automatic data validation (dunglas)

This PR was merged into the 4.3-dev branch.

Discussion
----------

[Validator][DoctrineBridge][FWBundle] Automatic data validation

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes<!-- don't forget to update src/**/CHANGELOG.md files -->
| BC breaks?    | no     <!-- see https://symfony.com/bc -->
| Deprecations? | no <!-- don't forget to update UPGRADE-*.md and src/**/CHANGELOG.md files -->
| Tests pass?   | yes    <!-- please add some, will be required by reviewers -->
| Fixed tickets | n/a   <!-- #-prefixed issue number(s), if any -->
| License       | MIT
| Doc PR        | symfony/symfony-docs#11132

This feature automatically adds some validation constraints by inferring existing metadata. To do so, it uses the PropertyInfo component and Doctrine metadata, but it has been designed to be easily extendable.

Example:

```php
use Doctrine\ORM\Mapping as ORM;

/**
 * @Orm\Entity
 */
class Dummy
{
    /**
     * @Orm\Id
     * @Orm\GeneratedValue(strategy="AUTO")
     * @Orm\Column(type="integer")
     */
    public $id;

    /**
     * @Orm\Column(nullable=true)
     */
    public $columnNullable;

    /**
     * @Orm\Column(length=20)
     */
    public $columnLength;

    /**
     * @Orm\Column(unique=true)
     */
    public $columnUnique;
}

$manager = $this->managerRegistry->getManager();
$manager->getRepository(Dummy::class);

$firstOne = new Dummy();
$firstOne->columnUnique = 'unique';
$firstOne->columnLength = '0';

$manager->persist($firstOne);
$manager->flush();

$dummy = new Dummy();
$dummy->columnNullable = 1; // type mistmatch
$dummy->columnLength = '012345678901234567890'; // too long
$dummy->columnUnique = 'unique'; // not unique

$res = $this->validator->validate($dummy);
dump((string) $res);

/*
Object(App\Entity\Dummy).columnUnique:\n
    This value is already used. (code 23bd9dbf-6b9b-41cd-a99e-4844bcf3077f)\n
Object(App\Entity\Dummy).columnLength:\n
    This value is too long. It should have 20 characters or less. (code d94b19cc-114f-4f44-9cc4-4138e80a87b9)\n
Object(App\Entity\Dummy).id:\n
    This value should not be null. (code ad32d13f-c3d4-423b-909a-857b961eb720)\n
Object(App\Entity\Dummy).columnNullable:\n
    This value should be of type string. (code ba785a8c-82cb-4283-967c-3cf342181b40)\n
*/
```

It also works for DTOs:

```php

class MyDto
{
    /** @var string */
    public $name;
}

$dto = new MyDto();
$dto->name = 1; // type error

dump($validator->validate($dto));

/*
Object(MyDto).name:\n
    This value should be of type string. (code ba785a8c-82cb-4283-967c-3cf342181b40)\n
*/
```

Supported constraints currently are:

* `@NotNull` (using PropertyInfo type extractor, so supports Doctrine metadata, getters/setters and PHPDoc)
* `@Type` (using PropertyInfo type extractor, so supports Doctrine metadata, getters/setters and PHPDoc)
* `@UniqueEntity` (using Doctrine's `unique` metadata)
* `@Length` (using Doctrine's `length` metadata)

Many users don't understand that the Doctrine mapping doesn't validate anything (it's just a hint for the schema generator). It leads to usability and security issues (that are not entirely fixed by this PR!!).
Even the ones who add constraints often omit important ones like `@Length`, or `@Type` (important when building web APIs).
This PR aims to improve things a bit, and ease the development process in RAD and when prototyping. It provides an upgrade path to use proper validation constraints.

I plan to make it opt-in, disabled by default, but enabled in the default Flex recipe. (= off by default when using components, on by default when using the full stack framework)

TODO:

* [x] Add configuration flags
* [x] Move the Doctrine-related DI logic from the extension to DoctrineBundle: doctrine/DoctrineBundle#831
* [x] Commit the tests

Commits
-------

2d64e703c2 [Validator][DoctrineBridge][FWBundle] Automatic data validation

Author: fabpot

Tests/Fixtures/DoctrineLoaderEntity.php

@@ -0,0 +1,58 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bridge\Doctrine\Tests\Fixtures;
+
+use Doctrine\ORM\Mapping as ORM;
+use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
+use Symfony\Component\Validator\Constraints as Assert;
+
+/**
+ * @ORM\Entity
+ * @UniqueEntity(fields={"alreadyMappedUnique"})
+ *
+ * @author Kévin Dunglas <[email protected]>
+ */
+class DoctrineLoaderEntity
+{
+    /**
+     * @ORM\Id
+     * @ORM\Column
+     */
+    public $id;
+
+    /**
+     * @ORM\Column(length=20)
+     */
+    public $maxLength;
+
+    /**
+     * @ORM\Column(length=20)
+     * @Assert\Length(min=5)
+     */
+    public $mergedMaxLength;
+
+    /**
+     * @ORM\Column(length=20)
+     * @Assert\Length(min=1, max=10)
+     */
+    public $alreadyMappedMaxLength;
+
+    /**
+     * @ORM\Column(unique=true)
+     */
+    public $unique;
+
+    /**
+     * @ORM\Column(unique=true)
+     */
+    public $alreadyMappedUnique;
+}

Tests/Validator/DoctrineLoaderTest.php

@@ -0,0 +1,94 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bridge\Doctrine\Tests\Validator;
+
+use PHPUnit\Framework\TestCase;
+use Symfony\Bridge\Doctrine\Test\DoctrineTestHelper;
+use Symfony\Bridge\Doctrine\Tests\Fixtures\DoctrineLoaderEntity;
+use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
+use Symfony\Bridge\Doctrine\Validator\DoctrineLoader;
+use Symfony\Component\Validator\Constraints\Length;
+use Symfony\Component\Validator\Mapping\ClassMetadata;
+use Symfony\Component\Validator\Tests\Fixtures\Entity;
+use Symfony\Component\Validator\Validation;
+use Symfony\Component\Validator\ValidatorBuilder;
+
+/**
+ * @author Kévin Dunglas <[email protected]>
+ */
+class DoctrineLoaderTest extends TestCase
+{
+    public function testLoadClassMetadata()
+    {
+        if (!method_exists(ValidatorBuilder::class, 'addLoader')) {
+            $this->markTestSkipped('Auto-mapping requires symfony/validation 4.2+');
+        }
+
+        $validator = Validation::createValidatorBuilder()
+            ->enableAnnotationMapping()
+            ->addLoader(new DoctrineLoader(DoctrineTestHelper::createTestEntityManager()))
+            ->getValidator()
+        ;
+
+        $classMetadata = $validator->getMetadataFor(new DoctrineLoaderEntity());
+
+        $classConstraints = $classMetadata->getConstraints();
+        $this->assertCount(2, $classConstraints);
+        $this->assertInstanceOf(UniqueEntity::class, $classConstraints[0]);
+        $this->assertInstanceOf(UniqueEntity::class, $classConstraints[1]);
+        $this->assertSame(['alreadyMappedUnique'], $classConstraints[0]->fields);
+        $this->assertSame('unique', $classConstraints[1]->fields);
+
+        $maxLengthMetadata = $classMetadata->getPropertyMetadata('maxLength');
+        $this->assertCount(1, $maxLengthMetadata);
+        $maxLengthConstraints = $maxLengthMetadata[0]->getConstraints();
+        $this->assertCount(1, $maxLengthConstraints);
+        $this->assertInstanceOf(Length::class, $maxLengthConstraints[0]);
+        $this->assertSame(20, $maxLengthConstraints[0]->max);
+
+        $mergedMaxLengthMetadata = $classMetadata->getPropertyMetadata('mergedMaxLength');
+        $this->assertCount(1, $mergedMaxLengthMetadata);
+        $mergedMaxLengthConstraints = $mergedMaxLengthMetadata[0]->getConstraints();
+        $this->assertCount(1, $mergedMaxLengthConstraints);
+        $this->assertInstanceOf(Length::class, $mergedMaxLengthConstraints[0]);
+        $this->assertSame(20, $mergedMaxLengthConstraints[0]->max);
+        $this->assertSame(5, $mergedMaxLengthConstraints[0]->min);
+
+        $alreadyMappedMaxLengthMetadata = $classMetadata->getPropertyMetadata('alreadyMappedMaxLength');
+        $this->assertCount(1, $alreadyMappedMaxLengthMetadata);
+        $alreadyMappedMaxLengthConstraints = $alreadyMappedMaxLengthMetadata[0]->getConstraints();
+        $this->assertCount(1, $alreadyMappedMaxLengthConstraints);
+        $this->assertInstanceOf(Length::class, $alreadyMappedMaxLengthConstraints[0]);
+        $this->assertSame(10, $alreadyMappedMaxLengthConstraints[0]->max);
+        $this->assertSame(1, $alreadyMappedMaxLengthConstraints[0]->min);
+    }
+
+    /**
+     * @dataProvider regexpProvider
+     */
+    public function testClassValidator(bool $expected, string $classValidatorRegexp = null)
+    {
+        $doctrineLoader = new DoctrineLoader(DoctrineTestHelper::createTestEntityManager(), $classValidatorRegexp);
+
+        $classMetadata = new ClassMetadata(DoctrineLoaderEntity::class);
+        $this->assertSame($expected, $doctrineLoader->loadClassMetadata($classMetadata));
+    }
+
+    public function regexpProvider()
+    {
+        return [
+            [true, null],
+            [true, '{^'.preg_quote(DoctrineLoaderEntity::class).'$|^'.preg_quote(Entity::class).'$}'],
+            [false, '{^'.preg_quote(Entity::class).'$}'],
+        ];
+    }
+}

Validator/DoctrineLoader.php

@@ -0,0 +1,121 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <[email protected]>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Bridge\Doctrine\Validator;
+
+use Doctrine\Common\Persistence\Mapping\MappingException;
+use Doctrine\ORM\EntityManagerInterface;
+use Doctrine\ORM\Mapping\ClassMetadataInfo;
+use Doctrine\ORM\Mapping\MappingException as OrmMappingException;
+use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
+use Symfony\Component\Validator\Constraints\Length;
+use Symfony\Component\Validator\Mapping\ClassMetadata;
+use Symfony\Component\Validator\Mapping\Loader\LoaderInterface;
+
+/**
+ * Guesses and loads the appropriate constraints using Doctrine's metadata.
+ *
+ * @author Kévin Dunglas <[email protected]>
+ */
+final class DoctrineLoader implements LoaderInterface
+{
+    private $entityManager;
+    private $classValidatorRegexp;
+
+    public function __construct(EntityManagerInterface $entityManager, string $classValidatorRegexp = null)
+    {
+        $this->entityManager = $entityManager;
+        $this->classValidatorRegexp = $classValidatorRegexp;
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function loadClassMetadata(ClassMetadata $metadata): bool
+    {
+        $className = $metadata->getClassName();
+        if (null !== $this->classValidatorRegexp && !preg_match($this->classValidatorRegexp, $className)) {
+            return false;
+        }
+
+        try {
+            $doctrineMetadata = $this->entityManager->getClassMetadata($className);
+        } catch (MappingException | OrmMappingException $exception) {
+            return false;
+        }
+
+        if (!$doctrineMetadata instanceof ClassMetadataInfo) {
+            return false;
+        }
+
+        /* Available keys:
+           - type
+           - scale
+           - length
+           - unique
+           - nullable
+           - precision
+         */
+        $existingUniqueFields = $this->getExistingUniqueFields($metadata);
+
+        // Type and nullable aren't handled here, use the PropertyInfo Loader instead.
+        foreach ($doctrineMetadata->fieldMappings as $mapping) {
+            if (true === $mapping['unique'] && !isset($existingUniqueFields[$mapping['fieldName']])) {
+                $metadata->addConstraint(new UniqueEntity(['fields' => $mapping['fieldName']]));
+            }
+
+            if (null === $mapping['length']) {
+                continue;
+            }
+
+            $constraint = $this->getLengthConstraint($metadata, $mapping['fieldName']);
+            if (null === $constraint) {
+                $metadata->addPropertyConstraint($mapping['fieldName'], new Length(['max' => $mapping['length']]));
+            } elseif (null === $constraint->max) {
+                // If a Length constraint exists and no max length has been explicitly defined, set it
+                $constraint->max = $mapping['length'];
+            }
+        }
+
+        return true;
+    }
+
+    private function getLengthConstraint(ClassMetadata $metadata, string $fieldName): ?Length
+    {
+        foreach ($metadata->getPropertyMetadata($fieldName) as $propertyMetadata) {
+            foreach ($propertyMetadata->getConstraints() as $constraint) {
+                if ($constraint instanceof Length) {
+                    return $constraint;
+                }
+            }
+        }
+
+        return null;
+    }
+
+    private function getExistingUniqueFields(ClassMetadata $metadata): array
+    {
+        $fields = [];
+        foreach ($metadata->getConstraints() as $constraint) {
+            if (!$constraint instanceof UniqueEntity) {
+                continue;
+            }
+
+            if (\is_string($constraint->fields)) {
+                $fields[$constraint->fields] = true;
+            } elseif (\is_array($constraint->fields) && 1 === \count($constraint->fields)) {
+                $fields[$constraint->fields[0]] = true;
+            }
+        }
+
+        return $fields;
+    }
+}