It would be useful to have a coercible string representation for null. "null" or '' would work just fine.

I think also that the coercion should happen only when the subject doesn't match any of the allowed types. Currently, given the following subject

{
	"value": "true"
}

and the following schema

{
	"properties": {
		"value": {
			"type": ["boolean", "string"]
		}
	},
	"type": "object"
}

"value" is coerced to boolean, even if its type -- string -- is among the allowed ones.

What do you think?

For cases when the object being validated does not define a property, but that property has a default value in the schema, set the property value to the default. This PR has been rebased on PR #351.

Some improvements to the error system in an effort to make things a little easier for people interested in adding localization, such as https://github.com/justinrainbow/json-schema/issues/363:

• Added a new class: ConstraintError. This extends an enum class which I've brought into the project to ensure that nobody types constraint types or messages directly into the code (by typehinting addError). I've used it before in a number of projects and have found it quite useful.

• Converted all error strings into a format that can be passed to sprintf.

• I had to invent a few new format error types to avoid ambiguity: phoneFormat, ipFormat, styleFormat, timeFormat, urlFormat.

@bighappyface @erayd @harej

I've found an issue, with some schema, the validator will go into an infinite loop and eventually terminate when the allowed memory is exhausted, you can reproduce the issue with this code :

<?php

include_once __DIR__."/../vendor/autoload.php";

$validator = new \JsonSchema\Validator();

$data = [];
$schema = (object)['$ref' => 'http://json-schema.org/draft-04/schema'];

echo __LINE__, PHP_EOL;

$validator->validate($data, $schema);

echo __LINE__, PHP_EOL;

$validator->validate($data, $schema, \JsonSchema\Constraints\Constraint::CHECK_MODE_APPLY_DEFAULTS);

echo __LINE__, PHP_EOL;

I'm not sure yet what is causing this. I'll guess a infinite recursion has been introduced in UndefinedConstraint::validateCommonProperties. I'll try to make another reproduction of the bug with a smaller schema

Why

• The current API isn't particularly good at exposing new functionality to users...
• ...and I want to add new functionality (PR #349 and PR #354) and expose it in a sane way.
• Passing $coerce all over the stack is risky - it's easy to lose track of it when making other changes.
• The current design mandates exposing internal method arguments ($path and $i) to users.

Changes

• Split the Constraint class to make Validator independent from it
• Add Validator::validate() as the main entry point
• Turn Validator::coerce() and Validator::check() into aliases
• Add Factory::setConfig(), getConfig(), addConfig() & removeConfig()
• Make type-coercion a checkMode option, don't pass $coerce everywhere
• Add some extra tests

This makes public interface breaking changes - should consider bumping the library major version when taking this change

I tried to make these changes without making too many changes to the existing library, but unfortunately the end result is more changes than I'd really like (including changing some of the unit tests). However, we now have (local) $ref compatibility and it passes all the tests provided for JSON Schema Draft 4 $refs.

https://github.com/justinrainbow/json-schema/pull/210/files#diff-c1e4a623a503c7f9de75304aae24ae77L21

The major changes here are:

• We can do away with the pesky maximum depth, as now we use object references to achieve recursion where necessary within the schema
• The JSON Pointer resolution has been abstracted in to its own class, with hopefully a clearer and cleaner implementation
• "definitions" is now resolved, although have not been formally fully tested, it is certainly more functional than it once was

I've tried to be respectful to the original library, but appreciate my changes may not be to everyone's taste - comments and improvements are obviously very welcome.

What

If the schema supplied to Validator::validate is an array, convert it to an object prior to using it for validation.

Why

Because it was requested in #388, and will improve the user-friendliness of the library interface, particularly noting we already support the data to be validated being an associative array.

Made this PR to collaborate with @mathroc on #359. The root cause has been located and is not a bug, but the recursion needs to be mitigated, as infinite recursion of a validator is in violation of the spec.

Will backport the fix to 5.2.0 once this PR is merged.

Changes Relating to #359

• Add CHECK_MODE_ONLY_REQUIRED_DEFAULTS
• Don't expand nested defaults (fixes #359)

Other Changes

Seeing as I'm doing this defaults-related PR anyway, I figured I might as well do a little tidying-up of the defaults code, plus fix any other bugs I run into while tracking this one down.

• Fix another bug with trying to fetch an empty URI
• Refactor defaults to use LooseTypeCheck where appropriate
• Move default-setting into its own method
• Rename one of the defaults variables for clarity
• Add tests:
  • Ensure non-container values aren't treated like containers;
  • Infinite recursion of default objects via $ref
  • Default values do not override defined null
  • Default values of null are correctly applied
• Fix second test case for DefaultPropertiesTest::testLeaveBasicTypesAlone
• Fix applying default values of null / not overwriting null (fixes #377)

in #390 I proposed to drop support for EOL version of PHP :

what about dropping support for EOL version of php ? by that I mean documenting that only php 5.6+ version are supported so that we can later use features from 5.6+ without having to release a new major version ? At first the lib would still run fine on 5.3

this could be done by marking travis test for those version with allow_failures so that support for those versions could still be visible and improved if wanted but wouldn't block new features

and here is @bighappyface answer:

@mathroc @erayd while I am open to dropping support for EOL versions of PHP we are obligated to supporting the same versions as composer being we are a dependency:

https://github.com/composer/composer/blob/eff9326b0de05551e976ca4ddcfc9f057fe29bcb/composer.json#L26

I would like to keep the discussion going but let's move that elsewhere.

so, this might be a valid point. but I'm not sure it's a problem for 6.x to drop support for version that are supported by composer. I can get a clear picture of the implications here as I'm not sure when composer update or composer install is run to build composer.phar

@Seldaek maye you can help us here ?

I'm using this with Behat to validate a JSON response for APIs. Using 5.2.1.

If my schema is embedded inside a Behat feature file (say features/my.feature), how do I reference a definition inside schemas/entity.json? Would that definition be able to reference some other definition (schemas/other-entity.json)?

crafting a new API, trying to follow the jsonapi-specs, i've realized that error-objects require a json pointer:

• source: an object containing references to the source of the error, optionally including any of the following members:
  • pointer: a JSON Pointer [RFC6901] to the associated entity in the request document [e.g. /data for a primary data object, or /data/attributes/title for a specific attribute].

before making more changes, first thing to do was to get all tests working again, especially bringing back all the existing property paths since i don't intend to introduce a large BC which i probably still do? :/

having had a look at RFC6901 again, i'm curious why JsonPointer#getPropertyPathAsString does include a leading hashmark @jojo1981 - isn't that actually related to the filename rather than the path? checking other existing JsonPointer implementations in PHP, all use path expressions starting with a slash instead.

as a nice side-effect, using dots in keys wouldn't result in path that is rather hard to understand like tld.company.project[0].content (instead of /tld.company.project/0/content)

@mirfilip @bighappyface WDYT?

This change will workaround deprecation warning while applying defaults with php8.2

php8.2 deprecations

example code

use JsonSchema\Constraints\Constraint;
use JsonSchema\Validator;

$schema = [
    'type'                 => 'object',
    'required'             => ['prop1'],
    'additionalProperties' => false,
    'properties'           => [
        'prop1' => [
            'type'                 => 'object',
            'required'             => ['prop2'],
            'additionalProperties' => false,
            'properties'           => [
                'prop2' => [
                    'type'    => 'array',
                    'items'   => [
                        'type' => 'string',
                    ],
                    'default' => ['test'],
                ],
            ],
        ],
    ],
];

$data      = new stdClass();
$validator = new Validator();
$validator->validate(
    $data,
    $schema,
    Constraint::CHECK_MODE_APPLY_DEFAULTS
);

• php 5.3-8.1 - no warning
• php 8.2 - deprecation warning

PHP Deprecated:  Creation of dynamic property JsonSchema\Constraints\UndefinedConstraint::$prop2 is deprecated in ...

This change is safe for all php versions >=5.3.0 - online check with 3v4l.org

There is an HTTP to HTTPS redirect for every http://asyncapi.com... URL to https://asyncapi.com... which breaks the current implementation.

Minimal code

<?php

declare(strict_types = 1);

require __DIR__ . '/vendor/autoload.php';

$data = json_decode(file_get_contents('https://raw.githubusercontent.com/asyncapi/spec/2.0.0/examples/2.0.0/correlation-id.yml'));

// Validate
$validator = new JsonSchema\Validator;
$validator->validate($data, (object)['$ref' => 'https://raw.githubusercontent.com/asyncapi/spec-json-schemas/77c40b5aaa5515de537de3ea7eb383f4076c02d5/schemas/2.0.0.json']);

if ($validator->isValid()) {
  echo "The supplied JSON validates against the schema.\n";
} else {
  echo "JSON does not validate. Violations:\n";
  foreach ($validator->getErrors() as $error) {
    printf("[%s] %s\n", $error['property'], $error['message']);
  }
}

Unexpected result

 PHP Fatal error:  Uncaught JsonSchema\Exception\InvalidSchemaMediaTypeException: Media type application/schema+json expected in /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/Uri/UriRetriever.php:92
Stack trace:
#0 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/Uri/UriRetriever.php(209): JsonSchema\Uri\UriRetriever->confirmMediaType()
#1 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/Uri/UriRetriever.php(181): JsonSchema\Uri\UriRetriever->loadSchema()
#2 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/SchemaStorage.php(52): JsonSchema\Uri\UriRetriever->retrieve()
#3 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/SchemaStorage.php(115): JsonSchema\SchemaStorage->addSchema()
#4 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/SchemaStorage.php(138): JsonSchema\SchemaStorage->getSchema()
#5 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/SchemaStorage.php(162): JsonSchema\SchemaStorage->resolveRef()
#6 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/Constraint.php(123): JsonSchema\SchemaStorage->resolveRefSchema()
#7 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/Constraints/SchemaConstraint.php(92): JsonSchema\Constraints\Constraint->checkUndefined()
#8 /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/Validator.php(63): JsonSchema\Constraints\SchemaConstraint->check()
#9 /mnt/files/local_mount/build/foo.php(16): JsonSchema\Validator->validate()
#10 {main}
  thrown in /mnt/files/local_mount/build/vendor/justinrainbow/json-schema/src/JsonSchema/Uri/UriRetriever.php on line 92

Additional info

Version

$ composer show justinrainbow/json-schema | grep version
versions : * 5.2.12

Build is passing. I left few comments along the way, please ask if anything isn't clear.

Commit history is a mess. If you're not comfortable squash-merging this PR, I'll be happy to merge everything into one commit.

• PHP support since version 7.2;
• Support for php 8.0;
• Support for php 8.1.

what do u think about this? isn't it time to abandon the old versions of php? why do we need php 5? for whom?

Hi,

The uri, uriref and uri-reference type of fields are incorrectly being validated with filter_var($element, FILTER_VALIDATE_URL); as this php function validates only URLs and it does not (cannot) validate URIs.

So while the https://example.com is a valid URL the urn:oasis:names:specification:docbook:dtd:xml:4.1.2 is not, however it is a valid URI. Therefore these kind of fields should be validated differently, php does not have built-in functionality to do this. In the related php ticket it is being mentioned that URIs could be validated simply as <scheme>:<extra> or implement RFC 3986.

Example JSON document that can cause a validation error.

{
  "openapi": "3.0.2",
  "info": {
    "title": "Example",
    "version": "1.0.0"
  },
  "paths": {
    "/example": {
      "post": {
        "requestBody": {
          "content": {
            "application/xml": {
              "schema": {
                "$ref": "#/components/schemas/exampleXml"
              }
            }
          }
        },
        "responses": {
          "200": {
            "description": "Success"
          }
        }
      }
    }
  },
  "components": {
    "schemas": {
      "exampleXml": {
        "type": "string",
        "xml": {
          "name": "Document",
          "namespace": "urn:isbn:0451450523"
        }
      }
    }
  }
}

Example script to reproduce the issue.

<?php declare(strict_types = 1);

require_once('vendor/autoload.php');

use JsonSchema\Validator;

$data = json_decode(file_get_contents('test.json'));
$schema = json_decode(file_get_contents('https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/schemas/v3.0/schema.json'));

// Validate.
$validator = new Validator();
$validator->validate($data, $schema);

if ($validator->isValid()) {
  echo "The supplied JSON validates against the schema.\n";
}
else {
  echo "JSON does not validate. Violations:\n";
  foreach ($validator->getErrors() as $error) {
    printf("[%s] %s\n", $error['property'], $error['message']);
  }
}

The validation error is: [components.schemas.exampleXml.xml.namespace] Invalid URL format.

(Unrelated but there is also a [components.schemas.exampleXml.$ref] The property $ref is required validation error, however it is not being marked as an issue for example by https://editor.swagger.io/)

Related:

• https://www.php.net/manual/en/filter.filters.validate.php
• https://www.php.net/manual/en/filter.filters.validate.php#110411
• https://bugs.php.net/bug.php?id=81332

Hi, with PHP8.1 the iterator methods of ObjectIterator must be covariant with the PHP core interfaces.

I didn't know if theres a specific return type for ::current, so I went with the suppress annotation here. Happy to change this to a return type, if there is one?

Deprecated:  Return type of JsonSchema\Iterator\ObjectIterator::current() should either be compatible with Iterator::current(): mixed, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in [...]/vendor/justinrainbow/json-schema/src/JsonSchema/Iterator/ObjectIterator.php on line 42

Deprecated:  Return type of JsonSchema\Iterator\ObjectIterator::next() should either be compatible with Iterator::next(): void, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in [...]/vendor/justinrainbow/json-schema/src/JsonSchema/Iterator/ObjectIterator.php on line 52

Deprecated:  Return type of JsonSchema\Iterator\ObjectIterator::key() should either be compatible with Iterator::key(): mixed, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in [...]/vendor/justinrainbow/json-schema/src/JsonSchema/Iterator/ObjectIterator.php on line 61

Deprecated:  Return type of JsonSchema\Iterator\ObjectIterator::valid() should either be compatible with Iterator::valid(): bool, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in [...]/vendor/justinrainbow/json-schema/src/JsonSchema/Iterator/ObjectIterator.php on line 71

Deprecated:  Return type of JsonSchema\Iterator\ObjectIterator::rewind() should either be compatible with Iterator::rewind(): void, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in [...]/vendor/justinrainbow/json-schema/src/JsonSchema/Iterator/ObjectIterator.php on line 81

Deprecated: Return type of JsonSchema\Iterator\ObjectIterator::count() should either be compatible with Countable::count(): int, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in [...]/vendor/justinrainbow/json-schema/src/JsonSchema/Iterator/ObjectIterator.php on line 90