From f6cf26009d9634eda5dbdec851689fac9bee1c15 Mon Sep 17 00:00:00 2001
From: Bernd Bestel <bernd@berrnd.de>
Date: Sat, 5 Jan 2019 20:39:22 +0100
Subject: [PATCH] Better API response when request body is not valid JSON
 (references #126)

---
 controllers/GenericEntityApiController.php | 44 ++++++++++++++++++----
 controllers/UsersApiController.php         |  5 +++
 2 files changed, 41 insertions(+), 8 deletions(-)

diff --git a/controllers/GenericEntityApiController.php b/controllers/GenericEntityApiController.php
index 3382ca35..1826ed41 100644
--- a/controllers/GenericEntityApiController.php
+++ b/controllers/GenericEntityApiController.php
@@ -32,10 +32,24 @@ class GenericEntityApiController extends BaseApiController
 	{
 		if ($this->IsValidEntity($args['entity']))
 		{
-			$newRow = $this->Database->{$args['entity']}()->createRow($request->getParsedBody());
-			$newRow->save();
-			$success = $newRow->isClean();
-			return $this->ApiResponse(array('success' => $success));
+			$requestBody = $request->getParsedBody();
+
+			try
+			{
+				if ($requestBody === null)
+				{
+					throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
+				}
+
+				$newRow = $this->Database->{$args['entity']}()->createRow($requestBody);
+				$newRow->save();
+				$success = $newRow->isClean();
+				return $this->ApiResponse(array('success' => $success));
+			}
+			catch (\Exception $ex)
+			{
+				return $this->VoidApiActionResponse($response, false, 400, $ex->getMessage());
+			}
 		}
 		else
 		{
@@ -47,10 +61,24 @@ class GenericEntityApiController extends BaseApiController
 	{
 		if ($this->IsValidEntity($args['entity']))
 		{
-			$row = $this->Database->{$args['entity']}($args['objectId']);
-			$row->update($request->getParsedBody());
-			$success = $row->isClean();
-			return $this->ApiResponse(array('success' => $success));
+			$requestBody = $request->getParsedBody();
+
+			try
+			{
+				if ($requestBody === null)
+				{
+					throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
+				}
+
+				$row = $this->Database->{$args['entity']}($args['objectId']);
+				$row->update($requestBody);
+				$success = $row->isClean();
+				return $this->ApiResponse(array('success' => $success));
+			}
+			catch (\Exception $ex)
+			{
+				return $this->VoidApiActionResponse($response, false, 400, $ex->getMessage());
+			}
 		}
 		else
 		{
diff --git a/controllers/UsersApiController.php b/controllers/UsersApiController.php
index 9afa7475..dc7e5b9d 100644
--- a/controllers/UsersApiController.php
+++ b/controllers/UsersApiController.php
@@ -32,6 +32,11 @@ class UsersApiController extends BaseApiController
 
 		try
 		{
+			if ($requestBody === null)
+			{
+				throw new \Exception('Request body could not be parsed (probably invalid JSON format or missing/wrong Content-Type header)');
+			}
+
 			$this->UsersService->CreateUser($requestBody['username'], $requestBody['first_name'], $requestBody['last_name'], $requestBody['password']);
 			return $this->ApiResponse(array('success' => true));
 		}