Description
Symfony version(s) affected
6.1
Description
Hi,
During the development of an app using Symfony and ApiPlatform, I found something that seems incoherent to me:
In Symfony\Component\Serializer\Normalizer\ArrayDenormalizer, in the denormalize method, if the data is not an array an InvalidArgumentException is thrown. However, the method supportsDenormalization returns true even if the data is not an array. This is unlike any other normalizer, they all (seem to) throw an InvalidArgumentException if the data passed would have triggered a false return in supportsDenormalization, and throw a NotNormalizableException otherwise.
Also, this implementation breaks DenormalizerInterface::COLLECT_DENORMALIZATION_ERRORS options as it does not throw the correct exception. (Note that the PHPDoc for the DenormalizerInterface::denormalize method omits NotNormalizableException too, but it is a child class of UnexpectedValueException).
I would like to fix this by throwing the correct NotNormalizableException.
Note: an other fix would be to return false in supportsDenormalization method for non-array data, but this would break ObjectNormalizers and would require adding try/catch blocks on collection denormalizations (lot of changes which seems unnecessary).
On a side note, after exploring the code when I needed to extend AbstractObjectNormalizer, I found out that ApiPlatform is extending AbstractObjectNormalizer. I wanted to base some of my code on this, but as the method validateAndDenormalize is private, and also because each case is not handled in a separate function, it requires rewriting (copy/pasting) a lot of information (denormalize method and then validateAndDenormalize), or tricks (setting the type resolver to null to disable denormalization done by AbstractObjectNormalizer as done by ApiPlatform here and here). I would like to make this method protected and break it into smaller pieces to allow extending and code reusability. I can of course split this in two PRs.
Please let me know if I can help by making this PR, I'll happily do it.
How to reproduce
Set collect_denormalization_errors to true.
Try to denormalize a property typed as array with an invalid value type (number, string...).
The exception thrown is InvalidArgumentException and breaks collecting the normalization errors.
Possible Solution
No response
Additional Context
No response