Improve validation of incoming jobs

mzur · mzur · commit e67179a59fd2 · 2018-10-29T11:00:22.000+01:00
diff --git a/src/Http/Controllers/QueueController.php b/src/Http/Controllers/QueueController.php
@@ -34,6 +34,16 @@ public function store(Request $request, $queue)
             return new Response('Job payload is required', 422);
         }
 
+        $json = json_decode($payload, true);
+
+        if (is_null($json)) {
+            return new Response('Job payload is no valid JSON', 422);
+        }
+
+        if (!class_exists(array_get($json, 'data.commandName'))) {
+            return new Response('Job payload is no valid JSON', 422);
+        }
+
         app('queue')->connection(config('remote-queue.connection'))
             ->pushRaw($payload, $queue);
 
diff --git a/tests/Http/Controllers/QueueControllerTest.php b/tests/Http/Controllers/QueueControllerTest.php
@@ -20,12 +20,24 @@ public function testShow()
 
     public function testStore()
     {
-        $payload = '{"commandName":"FakeTestJob"}';
+        $payload = json_encode(['data' => ['commandName' => TestJob::class]]);
+        $payload2 = json_encode(['data' => ['commandName' => 'DoesNotExist']]);
         $mock = Mockery::mock();
         $mock->shouldReceive('pushRaw')->once()->with($payload, 'default');
         Queue::shouldReceive('connection')->once()->andReturn($mock);
         $this->withoutMiddleware()
             ->post('api/v1/remote-queue/default')
+            // Payload is required
+            ->assertStatus(422);
+
+        $this->withoutMiddleware()
+            ->call('POST', 'api/v1/remote-queue/default', [], [], [], [], '.,')
+            // Payload is no valid JSON
+            ->assertStatus(422);
+
+        $this->withoutMiddleware()
+            ->call('POST', 'api/v1/remote-queue/default', [], [], [], [], $payload2)
+            // Job class does not exist
             ->assertStatus(422);
 
         $this->withoutMiddleware()
