api-platform
diff --git a/‎src/Laravel/ApiPlatformProvider.php‎
Lines changed: 13 additions & 1 deletion b/‎src/Laravel/ApiPlatformProvider.php‎
Lines changed: 13 additions & 1 deletion
diff --git a/‎src/Laravel/State/DenormalizationErrorHandler.php‎
Lines changed: 239 additions & 0 deletions b/‎src/Laravel/State/DenormalizationErrorHandler.php‎
Lines changed: 239 additions & 0 deletions
diff --git a/‎src/Laravel/Tests/DenormalizationValidationTest.php‎
Lines changed: 79 additions & 0 deletions b/‎src/Laravel/Tests/DenormalizationValidationTest.php‎
Lines changed: 79 additions & 0 deletions
@@ -173,6 +173,8 @@
 use ApiPlatform\State\Provider\ObjectMapperProvider;
 use ApiPlatform\State\Provider\ParameterProvider;
 use ApiPlatform\State\Provider\ReadProvider;
+use ApiPlatform\Laravel\State\DenormalizationErrorHandler as LaravelDenormalizationErrorHandler;
+use ApiPlatform\State\DenormalizationErrorHandlerInterface;
 use ApiPlatform\State\ProviderInterface;
 use ApiPlatform\State\SerializerContextBuilderInterface;
 use Http\Discovery\Psr17Factory;
@@ -422,8 +424,18 @@ public function register(): void
             );
         });
 
+        $this->app->singleton(DenormalizationErrorHandlerInterface::class, static function () {
+            return new LaravelDenormalizationErrorHandler();
+        });
+
         $this->app->singleton(DeserializeProvider::class, static function (Application $app) {
-            return new DeserializeProvider($app->make(SwaggerUiProvider::class), $app->make(SerializerInterface::class), $app->make(SerializerContextBuilderInterface::class));
+            return new DeserializeProvider(
+                $app->make(SwaggerUiProvider::class),
+                $app->make(SerializerInterface::class),
+                $app->make(SerializerContextBuilderInterface::class),
+                null,
+                $app->make(DenormalizationErrorHandlerInterface::class),
+            );
         });
 
         $this->app->singleton(ValidateProvider::class, static function (Application $app) {
 
@@ -0,0 +1,239 @@
+<?php
+
+/*
+ * This file is part of the API Platform project.
+ *
+ * (c) Kévin Dunglas <dunglas@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace ApiPlatform\Laravel\State;
+
+use ApiPlatform\Laravel\ApiResource\ValidationError;
+use ApiPlatform\Metadata\Operation;
+use ApiPlatform\State\DenormalizationErrorHandlerInterface;
+use Illuminate\Contracts\Validation\Rule as LaravelRule;
+use Illuminate\Contracts\Validation\ValidationRule;
+use Illuminate\Foundation\Http\FormRequest;
+use Symfony\Component\Serializer\Exception\NotNormalizableValueException;
+use Symfony\Component\Serializer\Exception\PartialDenormalizationException;
+
+/**
+ * Laravel-flavored denormalization error handler — translates Symfony serializer type
+ * errors into a 422 {@see ValidationError} when the Operation's Laravel rules describe
+ * the property.
+ *
+ * Reads rules declared on the operation (string|array form, e.g. `'required|string'`
+ * or `['required', 'string']`). FormRequest-class rules and pure-callable rule sets
+ * are intentionally skipped in v1: a FormRequest-based contract typically runs in the
+ * validation phase against the raw request, not the denormalized body.
+ *
+ * Mapping:
+ *
+ * | Exception "current type" | Matching Laravel rule                       | Emitted code              |
+ * |--------------------------|---------------------------------------------|---------------------------|
+ * | null                     | required, filled                            | IS_BLANK_ERROR            |
+ * | null                     | present                                     | IS_NULL_ERROR             |
+ * | any wrong type           | string, integer, int, numeric, boolean,     | INVALID_TYPE_ERROR        |
+ * |                          | bool, array, date, json                     |                           |
+ * | any wrong type           | any other rule (with no `nullable`)         | INVALID_TYPE_ERROR        |
+ * | null                     | nullable (and no required/present/filled)   | (no match) — caller       |
+ * |                          |                                             | rethrows                  |
+ * | any                      | (no rule)                                   | (no match) — caller       |
+ * |                          |                                             | rethrows                  |
+ *
+ * In collect mode, unconstrained errors still emit a generic INVALID_TYPE_ERROR entry
+ * so the response surface stays consistent with prior behavior.
+ *
+ * Codes are plain strings — the Laravel package does not depend on Symfony Validator.
+ *
+ * @author Antoine Bluchet <soyuka@gmail.com>
+ */
+final class DenormalizationErrorHandler implements DenormalizationErrorHandlerInterface
+{
+    public const IS_BLANK_ERROR = 'c1051bb4-d103-4f74-8988-acbcafc7fdc3';
+    public const IS_NULL_ERROR = 'ad32d13f-c3d4-423b-909a-857b961eb720';
+    public const INVALID_TYPE_ERROR = 'ba785a8c-82cb-4283-967c-3cf342181b40';
+
+    private const REQUIRED_RULES = ['required', 'filled'];
+    private const PRESENT_RULES = ['present'];
+    private const TYPE_RULES = ['string', 'integer', 'int', 'numeric', 'boolean', 'bool', 'array', 'date', 'json'];
+
+    public function handle(NotNormalizableValueException $exception, Operation $operation): void
+    {
+        $violation = $this->buildViolation($exception, $operation);
+        if (null === $violation) {
+            return;
+        }
+
+        throw new ValidationError($violation['message'], $this->makeId([$violation['propertyPath']]), $exception, [$violation]);
+    }
+
+    public function handlePartial(PartialDenormalizationException $exception, Operation $operation): void
+    {
+        $violations = [];
+
+        foreach ($exception->getErrors() as $error) {
+            if (!$error instanceof NotNormalizableValueException) {
+                continue;
+            }
+            $violations[] = $this->buildViolation($error, $operation) ?? $this->buildGenericViolation($error);
+        }
+
+        if (!$violations) {
+            return;
+        }
+
+        $paths = array_filter(array_map(static fn (array $v): string => $v['propertyPath'], $violations));
+        $message = implode('; ', array_map(static fn (array $v): string => $v['propertyPath'].': '.$v['message'], $violations));
+
+        throw new ValidationError($message, $this->makeId($paths), $exception, $violations);
+    }
+
+    /**
+     * @return array{propertyPath: string, message: string, code: string}|null
+     */
+    private function buildViolation(NotNormalizableValueException $exception, Operation $operation): ?array
+    {
+        $rules = $operation->getRules();
+        if (\is_callable($rules)) {
+            $rules = $rules();
+        }
+
+        if (\is_string($rules) && is_a($rules, FormRequest::class, true)) {
+            return null;
+        }
+
+        if (!\is_array($rules)) {
+            return null;
+        }
+
+        $path = $exception->getPath();
+        if (null === $path || '' === $path) {
+            return null;
+        }
+
+        if (str_contains($path, '.') || str_contains($path, '[')) {
+            return null;
+        }
+
+        if (!\array_key_exists($path, $rules)) {
+            return null;
+        }
+
+        $propertyRules = $this->extractRuleTokens($rules[$path]);
+        if (!$propertyRules) {
+            return null;
+        }
+
+        $isNull = 'null' === strtolower((string) $exception->getCurrentType());
+
+        return $this->match($propertyRules, $isNull, $path, $exception);
+    }
+
+    /**
+     * @return list<string>
+     */
+    private function extractRuleTokens(mixed $raw): array
+    {
+        if (\is_string($raw)) {
+            $items = explode('|', $raw);
+        } elseif (\is_array($raw)) {
+            $items = $raw;
+        } else {
+            return [];
+        }
+
+        $tokens = [];
+        foreach ($items as $item) {
+            if ($item instanceof LaravelRule || $item instanceof ValidationRule || \is_object($item)) {
+                continue;
+            }
+            if (!\is_string($item)) {
+                continue;
+            }
+            $name = strtolower(strstr($item, ':', true) ?: $item);
+            if ('' === $name) {
+                continue;
+            }
+            $tokens[] = $name;
+        }
+
+        return $tokens;
+    }
+
+    /**
+     * @param list<string> $rules
+     *
+     * @return array{propertyPath: string, message: string, code: string}|null
+     */
+    private function match(array $rules, bool $isNull, string $path, NotNormalizableValueException $exception): ?array
+    {
+        $hasNullable = \in_array('nullable', $rules, true);
+
+        if ($isNull) {
+            if ($hasNullable && !array_intersect(self::REQUIRED_RULES, $rules) && !array_intersect(self::PRESENT_RULES, $rules)) {
+                return null;
+            }
+
+            if (array_intersect(self::REQUIRED_RULES, $rules)) {
+                return [
+                    'propertyPath' => $path,
+                    'message' => 'This value should not be blank.',
+                    'code' => self::IS_BLANK_ERROR,
+                ];
+            }
+            if (array_intersect(self::PRESENT_RULES, $rules)) {
+                return [
+                    'propertyPath' => $path,
+                    'message' => 'This value should not be null.',
+                    'code' => self::IS_NULL_ERROR,
+                ];
+            }
+        }
+
+        if (array_intersect(self::TYPE_RULES, $rules) || $rules) {
+            return [
+                'propertyPath' => $path,
+                'message' => $this->typeMessage($exception),
+                'code' => self::INVALID_TYPE_ERROR,
+            ];
+        }
+
+        return null;
+    }
+
+    /**
+     * @return array{propertyPath: string, message: string, code: string}
+     */
+    private function buildGenericViolation(NotNormalizableValueException $exception): array
+    {
+        return [
+            'propertyPath' => (string) $exception->getPath(),
+            'message' => $exception->canUseMessageForUser() ? $exception->getMessage() : $this->typeMessage($exception),
+            'code' => self::INVALID_TYPE_ERROR,
+        ];
+    }
+
+    private function typeMessage(NotNormalizableValueException $exception): string
+    {
+        $expectedTypes = array_filter($exception->getExpectedTypes() ?? [], static fn ($t): bool => \is_string($t));
+        if (!$expectedTypes) {
+            return 'This value should be of the right type.';
+        }
+
+        return \sprintf('This value should be of type %s.', implode('|', $expectedTypes));
+    }
+
+    /**
+     * @param string[] $paths
+     */
+    private function makeId(array $paths): string
+    {
+        return hash('xxh3', implode(',', $paths) ?: 'denormalization');
+    }
+}
@@ -0,0 +1,79 @@
+<?php
+
+/*
+ * This file is part of the API Platform project.
+ *
+ * (c) Kévin Dunglas <dunglas@gmail.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace ApiPlatform\Laravel\Tests;
+
+use ApiPlatform\Laravel\Test\ApiTestAssertionsTrait;
+use Illuminate\Contracts\Config\Repository;
+use Illuminate\Foundation\Testing\RefreshDatabase;
+use Orchestra\Testbench\Concerns\WithWorkbench;
+use Orchestra\Testbench\TestCase;
+
+/**
+ * @see https://github.com/api-platform/core/issues/7981
+ */
+class DenormalizationValidationTest extends TestCase
+{
+    use ApiTestAssertionsTrait;
+    use RefreshDatabase;
+    use WithWorkbench;
+
+    protected function defineEnvironment($app): void
+    {
+        tap($app['config'], static function (Repository $config): void {
+            $config->set('api-platform.formats', ['jsonld' => ['application/ld+json']]);
+            $config->set('api-platform.docs_formats', ['jsonld' => ['application/ld+json']]);
+        });
+    }
+
+    public function testWrongTypeOnTypedDtoWithRuleProduces422(): void
+    {
+        $response = $this->postJson(
+            '/api/issue6745/rule_validations',
+            ['prop' => 'abc'],
+            ['accept' => 'application/ld+json', 'content-type' => 'application/ld+json']
+        );
+
+        $response->assertStatus(422);
+        $body = json_decode($response->getContent(), true);
+        $this->assertSame('ValidationError', $body['@type'] ?? null);
+        $this->assertNotEmpty($body['violations'] ?? []);
+        $this->assertSame('prop', $body['violations'][0]['propertyPath']);
+    }
+
+    public function testWrongTypeWithoutRuleRethrows(): void
+    {
+        // `max` rule is `lt:2` (no required, no type rule) — but per the rule table, ANY rule
+        // on the property triggers a generic Type @ 422 (consistent with Symfony's
+        // "any wrong type | any other constraint" branch).
+        $response = $this->postJson(
+            '/api/issue6745/rule_validations',
+            ['max' => 'abc'],
+            ['accept' => 'application/ld+json', 'content-type' => 'application/ld+json']
+        );
+
+        $response->assertStatus(422);
+    }
+
+    public function testEloquentNullOnRequiredFieldStillReturns422(): void
+    {
+        // Eloquent dynamic attrs → no denormalization error.  Validation layer catches null + required.
+        $response = $this->postJson(
+            '/api/issue_6932',
+            ['sur_name' => null],
+            ['accept' => 'application/ld+json', 'content-type' => 'application/ld+json']
+        );
+
+        $response->assertStatus(422);
+    }
+}