Hello,

I wanted to test the limit of items on a jsonapi/node/my_bundle/UUID/relationships/field_name if it was limited to 50.

And I got a 500 error if my entity reference field had the same value 2 times.

The exception is from jsonapi/src/EventSubscriber/ResourceResponseSubscriber.php in onResponse():

assert('$this->validateResponse($event->getResponse())', 'A JSON API response failed validation (see the logs for details). Please report this in the issue queue on drupal.org');

Steps to reproduce:

  1. Configure a content type with an entity reference field
  2. Create a content and reference the same entity twice
  3. When requesting a JSON API endpoint where the content should appear, there is a 500 error.

Is it a limitation from the JSON API specification or from the module? Can I search to provide a patch?

I agree that the case of referencing the same entity twice in the same field is maybe rare but that's a case that can occur.

Thanks for any response.

Comments

Grimreaper created an issue. See original summary.

e0ipso’s picture

Issue tags: +RC blocker

I believe this is a bug, and a serious one. I suspect that the schema validation is complaining about adding duplicate item multiple times, which should not be allowed by the spec.

@Grimreaper can you share the entry in your logs to see the exact error this is throwing?

Grimreaper’s picture

In dblog I obtain 3 entries when requesting jsonapi/node/article, I only have one article that references 2 times a tag and 1 time another tag:

1
severity: debug
type: jsonapi

Response failed validation: {"data":[{"type":"node--article","id":"c666e5c0-cf02-4dc4-bda2-7ea0f92859e6","attributes":{"nid":"459","uuid":"c666e5c0-cf02-4dc4-bda2-7ea0f92859e6","vid":"466","langcode":"en","status":"1","title":"article 1","created":"1491380108","changed":"1491558938","promote":"1","sticky":"0","revision_timestamp":"1491558938","revision_log":null,"revision_translation_affected":"1","default_langcode":"1","content_translation_source":"und","content_translation_outdated":"0","path":null,"body":null,"comment":{"status":"2","cid":"0","last_comment_timestamp":"1491380117","last_comment_name":null,"last_comment_uid":"1","comment_count":"0"}},"relationships":{"type":{"data":{"type":"node_type--node_type","id":"cb33eccc-e221-4bf7-98a3-203809b4b949"},"links":{"self":"http:\/\/site1.entity-share.lxc\/jsonapi\/node\/article\/c666e5c0-cf02-4dc4-bda2-7ea0f92859e6\/relationships\/type","related":"http:\/\/site1.entity-share.lxc\/jsonapi\/node\/article\/c666e5c0-cf02-4dc4-bda2-7ea0f92859e6\/type"}},"uid":{"data":{"type":"user--user","id":"56c002f8-5aa4-4c86-9e57-2c7ab0bda7c8"},"links":{"self":"http:\/\/site1.entity-share.lxc\/jsonapi\/node\/article\/c666e5c0-cf02-4dc4-bda2-7ea0f92859e6\/relationships\/uid","related":"http:\/\/site1.entity-share.lxc\/jsonapi\/node\/article\/c666e5c0-cf02-4dc4-bda2-7ea0f92859e6\/uid"}},"revision_uid":{"data":{"type":"user--user","id":"56c002f8-5aa4-4c86-9e57-2c7ab0bda7c8"},"links":{"self":"http:\/\/site1.entity-share.lxc\/jsonapi\/node\/article\/c666e5c0-cf02-4dc4-bda2-7ea0f92859e6\/relationships\/revision_uid","related":"http:\/\/site1.entity-share.lxc\/jsonapi\/node\/article\/c666e5c0-cf02-4dc4-bda2-7ea0f92859e6\/revision_uid"}},"field_image":{"data":null},"field_tags":{"data":[{"type":"taxonomy_term--tags","id":"58f9f267-7da6-4b76-ba52-72c766de47cc"},{"type":"taxonomy_term--tags","id":"58f9f267-7da6-4b76-ba52-72c766de47cc"},{"type":"taxonomy_term--tags","id":"7f4e8cab-ee82-408b-8f63-cca59007d522"}],"links":{"self":"http:\/\/site1.entity-share.lxc\/jsonapi\/node\/article\/c666e5c0-cf02-4dc4-bda2-7ea0f92859e6\/relationships\/field_tags","related":"http:\/\/site1.entity-share.lxc\/jsonapi\/node\/article\/c666e5c0-cf02-4dc4-bda2-7ea0f92859e6\/field_tags"}}},"links":{"self":"http:\/\/site1.entity-share.lxc\/jsonapi\/node\/article\/c666e5c0-cf02-4dc4-bda2-7ea0f92859e6"}}],"links":{"self":"http:\/\/site1.entity-share.lxc\/jsonapi\/node\/article"}}

2
severity: debug
type: jsonapi

Validation errors: [{"property":"meta","pointer":"\/meta","message":"The property meta is required","constraint":"required"},{"property":"","pointer":"","message":"The property data is not defined and the definition does not allow additional properties","constraint":"additionalProp"},{"property":"data","pointer":"\/data","message":"Array value found, but a null is required","constraint":"type"},{"property":"data","pointer":"\/data","message":"Array value found, but an object is required","constraint":"type"},{"property":"data[0].relationships.field_tags.data","pointer":"\/data\/0\/relationships\/field_tags\/data","message":"There are no duplicates allowed in the array","constraint":"uniqueItems"},{"property":"data[0].relationships.field_tags.data","pointer":"\/data\/0\/relationships\/field_tags\/data","message":"Array value found, but a null is required","constraint":"type"},{"property":"data[0].relationships.field_tags.data","pointer":"\/data\/0\/relationships\/field_tags\/data","message":"Array value found, but an object is required","constraint":"type"},{"property":"data[0].relationships.field_tags.data","pointer":"\/data\/0\/relationships\/field_tags\/data","message":"Failed to match at least one schema","constraint":"anyOf"},{"property":"data[0].relationships.field_tags.data","pointer":"\/data\/0\/relationships\/field_tags\/data","message":"Failed to match exactly one schema","constraint":"oneOf"},{"property":"data","pointer":"\/data","message":"Failed to match exactly one schema","constraint":"oneOf"},{"property":"errors","pointer":"\/errors","message":"The property errors is required","constraint":"required"},{"property":"","pointer":"","message":"The property links is not defined and the definition does not allow additional properties","constraint":"additionalProp"},{"property":"","pointer":"","message":"Failed to match exactly one schema","constraint":"oneOf"}]

3
severity: error
type: php

AssertionError: A JSON API response failed validation (see the logs for details). Please report this in the issue queue on drupal.org in Drupal\Component\Assertion\Handle::Drupal\Component\Assertion\{closure}() (line 92 of /project/www/modules/contrib/jsonapi/src/EventSubscriber/ResourceResponseSubscriber.php).

@e0ipso: Do you need more info?

Grimreaper’s picture

Hello,

I confirm that the problem occurs when the same entity is referenced twice in the same field.

If it is referenced on a different field, for example, two tags fields on the article content type, each referencing the same tag, there is no problem in this case.

I will try to make a patch that add a test that should currently fail.

Grimreaper’s picture

This patch add a test that should fail.

Status: Needs review » Needs work

The last submitted patch, 5: jsonapi-reference_multiple-test_only-2864680-5.patch, failed testing.

Grimreaper’s picture

In schema.json file, line 255

"relationshipToMany": {
      "description": "An array of objects each containing \"type\" and \"id\" members for to-many relationships.",
      "type": "array",
      "items": {
        "$ref": "#/definitions/linkage"
      },
      "uniqueItems": true
    },

If I remove the "uniqueItems": true it is ok. I will check the JSONAPI spec.

Grimreaper’s picture

Status: Needs work » Needs review
FileSize
5.84 KB
343 bytes

Hello,

Here is a patch with the test and that remove the line in schema.json.

I searched why there was this restriction in the JSON API spec but I didn't find why.

I found the schema.json used in jsonapi module on the URL http://jsonapi.org/schema

But on the page http://jsonapi.org/format, I didn't see any restriction on relationships. I saw http://jsonapi.org/format/#document-compound-documents

Note: This approach ensures that a single canonical resource object is returned with each response, even when the same resource is referenced multiple times.

But that apply to the main document not the relationships, right?

I will go on another issue while waiting for feedback on this one.

hampercm’s picture

Title: Impossible to have an entity referencing multiple times another entity » [upstream] Impossible to have an entity referencing multiple times another entity
Status: Needs review » Needs work

In JSON API, a relationship is a logical linkage between two different resources: "Resource 'A' is related to Resource 'B' by way of the 'author' relationship," for instance. From that perspective, it doesn't make sense to have Resource 'A' related to Resource 'B' twice; a relationship either exists, or doesn't exist between two resources.

I'm not sure this is a bug, per se. It seems more like a limitation of the standard as it is defined.

Modifying the schema.json file is not a good idea, as that comes from an upstream source: https://github.com/json-api/json-api/blob/gh-pages/schema

It might make sense to submit a PR for the JSON API standard itself, or that schema file at the above link and see what comes of that. Otherwise, the fix may be to disable validation on sites that need to have duplicates in a relationship by removing the validation library. It is meant to be a dev-only requirement, anyway.

Grimreaper’s picture

Hello,

@hampercm: Thanks for your reply.

I agree that if JSONAPI module schema.json diverges from the official one is not the best solution or even "a solution". My patch was just to highlight the problem.

And I agree that having the same relation twice is a very rare case but it is a possibility in Drupal.

I will try to open a discussion on github.

But I don't understand your sentence "It is meant to be a dev-only requirement, anyway."

hampercm’s picture

@Grimreaper the response validation should only be running if:
1. You've composer required the JSON API module with the --dev option, to install development-only dependencies.
2. You have assertions enabled in PHP.

In other words, validation should only be running in a development environment, not in production, and only if you really want it to be running.

Grimreaper’s picture

@hampercm : Thanks for the reply. Ok I have forgotten that the library "justinrainbow/json-schema" is for dev only.

Grimreaper’s picture

e0ipso’s picture

Status: Needs work » Active

Thanks for your big help with this @Grimreaper and @hampercm.

This is blocked until we can get a response from the JSON API maintainers. Maybe it's worth adding a PR against the schema as well so it is clearer what the issue is about?

e0ipso’s picture

Issue tags: -RC blocker

Removing the RC blocker.

Grimreaper’s picture

Hello,

@e0ipso: Thanks for your reply.

Pull request created: https://github.com/json-api/json-api/pull/1156