symfony
diff --git a/‎src/Symfony/Component/HttpKernel/Attribute/MapRequestPayload.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Attribute/MapRequestPayload.php
+4-1Lines changed: 4 additions & 1 deletion b/‎src/Symfony/Component/HttpKernel/Attribute/MapRequestPayload.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Attribute/MapRequestPayload.php
+4-1Lines changed: 4 additions & 1 deletion
diff --git a/‎src/Symfony/Component/HttpKernel/Controller/ArgumentResolver/RequestPayloadValueResolver.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Controller/ArgumentResolver/RequestPayloadValueResolver.php
+11-7Lines changed: 11 additions & 7 deletions b/‎src/Symfony/Component/HttpKernel/Controller/ArgumentResolver/RequestPayloadValueResolver.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Controller/ArgumentResolver/RequestPayloadValueResolver.php
+11-7Lines changed: 11 additions & 7 deletions
diff --git a/‎src/Symfony/Component/HttpKernel/Tests/Controller/ArgumentResolver/RequestPayloadValueResolverTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Tests/Controller/ArgumentResolver/RequestPayloadValueResolverTest.php
+190Lines changed: 190 additions & 0 deletions b/‎src/Symfony/Component/HttpKernel/Tests/Controller/ArgumentResolver/RequestPayloadValueResolverTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/HttpKernel/Tests/Controller/ArgumentResolver/RequestPayloadValueResolverTest.php
+190Lines changed: 190 additions & 0 deletions
@@ -12,6 +12,7 @@
 namespace Symfony\Component\HttpKernel\Attribute;
 
 use Symfony\Component\HttpKernel\Controller\ArgumentResolver\RequestPayloadValueResolver;
+use Symfony\Component\Validator\Constraints\GroupSequence;
 
 /**
  * Controller parameter tag to map the request content to typed object and validate it.
@@ -22,7 +23,9 @@
 class MapRequestPayload extends ValueResolver
 {
     public function __construct(
-        public readonly array $context = [],
+        public readonly array|string|null $acceptFormat = null,
+        public readonly array $serializationContext = [],
+        public readonly string|GroupSequence|array|null $validationGroups = null,
         string $resolver = RequestPayloadValueResolver::class,
     ) {
         parent::__construct($resolver);
 
@@ -92,7 +92,7 @@ public function resolve(Request $request, ArgumentMetadata $argument): iterable
                 }
 
                 if (null !== $payload) {
-                    $violations->addAll($this->validator->validate($payload));
+                    $violations->addAll($this->validator->validate($payload, null, $attributes[0]->validationGroups ?? null));
                 }
 
                 if (\count($violations)) {
@@ -125,24 +125,28 @@ private function mapQueryString(Request $request, string $type, MapQueryString $
 
     private function mapRequestPayload(Request $request, string $type, MapRequestPayload $attribute): ?object
     {
+        if (null === $format = $request->getContentTypeFormat()) {
+            throw new HttpException(Response::HTTP_UNSUPPORTED_MEDIA_TYPE, 'Unsupported format.');
+        }
+
+        if ($attribute->acceptFormat && !\in_array($format, (array) $attribute->acceptFormat, true)) {
+            throw new HttpException(Response::HTTP_UNSUPPORTED_MEDIA_TYPE, sprintf('Unsupported format, expects "%s", but "%s" given.', implode('", "', (array) $attribute->acceptFormat), $format));
+        }
+
         if ($data = $request->request->all()) {
-            return $this->serializer->denormalize($data, $type, null, self::CONTEXT_DENORMALIZE + $attribute->context);
+            return $this->serializer->denormalize($data, $type, null, self::CONTEXT_DENORMALIZE + $attribute->serializationContext);
         }
 
         if ('' === $data = $request->getContent()) {
             return null;
         }
 
-        if (null === $format = $request->getContentTypeFormat()) {
-            throw new HttpException(Response::HTTP_UNSUPPORTED_MEDIA_TYPE, 'Unsupported format.');
-        }
-
         if ('form' === $format) {
             throw new HttpException(Response::HTTP_BAD_REQUEST, 'Request payload contains invalid "form" data.');
         }
 
         try {
-            return $this->serializer->deserialize($data, $type, $format, self::CONTEXT_DESERIALIZE + $attribute->context);
+            return $this->serializer->deserialize($data, $type, $format, self::CONTEXT_DESERIALIZE + $attribute->serializationContext);
         } catch (UnsupportedFormatException $e) {
             throw new HttpException(Response::HTTP_UNSUPPORTED_MEDIA_TYPE, sprintf('Unsupported format: "%s".', $format), $e);
         } catch (NotEncodableValueException $e) {
 
@@ -19,13 +19,16 @@
 use Symfony\Component\HttpKernel\ControllerMetadata\ArgumentMetadata;
 use Symfony\Component\HttpKernel\Exception\HttpException;
 use Symfony\Component\Serializer\Encoder\JsonEncoder;
+use Symfony\Component\Serializer\Encoder\XmlEncoder;
 use Symfony\Component\Serializer\Exception\PartialDenormalizationException;
 use Symfony\Component\Serializer\Normalizer\ObjectNormalizer;
 use Symfony\Component\Serializer\Serializer;
 use Symfony\Component\Validator\ConstraintViolation;
 use Symfony\Component\Validator\ConstraintViolationList;
+use Symfony\Component\Validator\Constraints as Assert;
 use Symfony\Component\Validator\Exception\ValidationFailedException;
 use Symfony\Component\Validator\Validator\ValidatorInterface;
+use Symfony\Component\Validator\ValidatorBuilder;
 
 class RequestPayloadValueResolverTest extends TestCase
 {
@@ -181,10 +184,197 @@ public function testRequestInputValidationPassed()
 
         $this->assertEquals($payload, $resolver->resolve($request, $argument)[0]);
     }
+
+    /**
+     * @dataProvider provideMatchedFormatContext
+     */
+    public function testAcceptFormatPassed(mixed $acceptFormat, string $contentType, string $content)
+    {
+        $encoders = ['json' => new JsonEncoder(), 'xml' => new XmlEncoder()];
+        $serializer = new Serializer([new ObjectNormalizer()], $encoders);
+        $validator = (new ValidatorBuilder())->getValidator();
+        $resolver = new RequestPayloadValueResolver($serializer, $validator);
+
+        $request = Request::create('/', 'POST', server: ['CONTENT_TYPE' => $contentType], content: $content);
+
+        $argument = new ArgumentMetadata('valid', RequestPayload::class, false, false, null, false, [
+            MapRequestPayload::class => new MapRequestPayload(acceptFormat: $acceptFormat),
+        ]);
+
+        $resolved = $resolver->resolve($request, $argument);
+
+        $this->assertCount(1, $resolved);
+        $this->assertEquals(new RequestPayload(50), $resolved[0]);
+    }
+
+    public function provideMatchedFormatContext(): iterable
+    {
+        yield 'configure with json as string, sends json' => [
+            'acceptFormat' => 'json',
+            'contentType' => 'application/json',
+            'content' => '{"price": 50}',
+        ];
+
+        yield 'configure with json as array, sends json' => [
+            'acceptFormat' => ['json'],
+            'contentType' => 'application/json',
+            'content' => '{"price": 50}',
+        ];
+
+        yield 'configure with xml as string, sends xml' => [
+            'acceptFormat' => 'xml',
+            'contentType' => 'application/xml',
+            'content' => '<?xml version="1.0"?><request><price>50</price></request>',
+        ];
+
+        yield 'configure with xml as array, sends xml' => [
+            'acceptFormat' => ['xml'],
+            'contentType' => 'application/xml',
+            'content' => '<?xml version="1.0"?><request><price>50</price></request>',
+        ];
+
+        yield 'configure with json or xml, sends json' => [
+            'acceptFormat' => ['json', 'xml'],
+            'contentType' => 'application/json',
+            'content' => '{"price": 50}',
+        ];
+
+        yield 'configure with json or xml, sends xml' => [
+            'acceptFormat' => ['json', 'xml'],
+            'contentType' => 'application/xml',
+            'content' => '<?xml version="1.0"?><request><price>50</price></request>',
+        ];
+    }
+
+    /**
+     * @dataProvider provideMismatchedFormatContext
+     */
+    public function testAcceptFormatNotPassed(mixed $acceptFormat, string $contentType, string $content, string $expectedExceptionMessage)
+    {
+        $serializer = new Serializer([new ObjectNormalizer()]);
+        $validator = (new ValidatorBuilder())->getValidator();
+        $resolver = new RequestPayloadValueResolver($serializer, $validator);
+
+        $request = Request::create('/', 'POST', server: ['CONTENT_TYPE' => $contentType], content: $content);
+
+        $argument = new ArgumentMetadata('valid', RequestPayload::class, false, false, null, false, [
+            MapRequestPayload::class => new MapRequestPayload(acceptFormat: $acceptFormat),
+        ]);
+
+        try {
+            $resolver->resolve($request, $argument);
+
+            $this->fail(sprintf('Expected "%s" to be thrown.', HttpException::class));
+        } catch (HttpException $e) {
+            $this->assertSame(415, $e->getStatusCode());
+            $this->assertSame($expectedExceptionMessage, $e->getMessage());
+        }
+    }
+
+    public function provideMismatchedFormatContext(): iterable
+    {
+        yield 'configure with json as string, sends xml' => [
+            'acceptFormat' => 'json',
+            'contentType' => 'application/xml',
+            'content' => '<?xml version="1.0"?><request><price>50</price></request>',
+            'expectedExceptionMessage' => 'Unsupported format, expects "json", but "xml" given.',
+        ];
+
+        yield 'configure with json as array, sends xml' => [
+            'acceptFormat' => ['json'],
+            'contentType' => 'application/xml',
+            'content' => '<?xml version="1.0"?><request><price>50</price></request>',
+            'expectedExceptionMessage' => 'Unsupported format, expects "json", but "xml" given.',
+        ];
+
+        yield 'configure with xml as string, sends json' => [
+            'acceptFormat' => 'xml',
+            'contentType' => 'application/json',
+            'content' => '{"price": 50}',
+            'expectedExceptionMessage' => 'Unsupported format, expects "xml", but "json" given.',
+        ];
+
+        yield 'configure with xml as array, sends json' => [
+            'acceptFormat' => ['xml'],
+            'contentType' => 'application/json',
+            'content' => '{"price": 50}',
+            'expectedExceptionMessage' => 'Unsupported format, expects "xml", but "json" given.',
+        ];
+
+        yield 'configure with json or xml, sends jsonld' => [
+            'acceptFormat' => ['json', 'xml'],
+            'contentType' => 'application/ld+json',
+            'content' => '{"@context": "https://schema.org", "@type": "FakeType", "price": 50}',
+            'expectedExceptionMessage' => 'Unsupported format, expects "json", "xml", but "jsonld" given.',
+        ];
+    }
+
+    /**
+     * @dataProvider provideValidationGroupsOnManyTypes
+     */
+    public function testValidationGroupsPassed(mixed $groups)
+    {
+        $input = ['price' => '50', 'title' => 'A long title, so the validation passes'];
+
+        $payload = new RequestPayload(50);
+        $payload->title = 'A long title, so the validation passes';
+
+        $serializer = new Serializer([new ObjectNormalizer()]);
+        $validator = (new ValidatorBuilder())->enableAnnotationMapping()->getValidator();
+        $resolver = new RequestPayloadValueResolver($serializer, $validator);
+
+        $request = Request::create('/', 'POST', $input);
+
+        $argument = new ArgumentMetadata('valid', RequestPayload::class, false, false, null, false, [
+            MapRequestPayload::class => new MapRequestPayload(validationGroups: $groups),
+        ]);
+
+        $resolved = $resolver->resolve($request, $argument);
+
+        $this->assertCount(1, $resolved);
+        $this->assertEquals($payload, $resolved[0]);
+    }
+
+    /**
+     * @dataProvider provideValidationGroupsOnManyTypes
+     */
+    public function testValidationGroupsNotPassed(mixed $groups)
+    {
+        $input = ['price' => '50', 'title' => 'Too short'];
+
+        $serializer = new Serializer([new ObjectNormalizer()]);
+        $validator = (new ValidatorBuilder())->enableAnnotationMapping()->getValidator();
+        $resolver = new RequestPayloadValueResolver($serializer, $validator);
+
+        $argument = new ArgumentMetadata('valid', RequestPayload::class, false, false, null, false, [
+            MapRequestPayload::class => new MapRequestPayload(validationGroups: $groups),
+        ]);
+        $request = Request::create('/', 'POST', $input);
+
+        try {
+            $resolver->resolve($request, $argument);
+            $this->fail(sprintf('Expected "%s" to be thrown.', HttpException::class));
+        } catch (HttpException $e) {
+            $validationFailedException = $e->getPrevious();
+            $this->assertInstanceOf(ValidationFailedException::class, $validationFailedException);
+            $this->assertSame('title', $validationFailedException->getViolations()[0]->getPropertyPath());
+            $this->assertSame('This value is too short. It should have 10 characters or more.', $validationFailedException->getViolations()[0]->getMessage());
+        }
+    }
+
+    public function provideValidationGroupsOnManyTypes(): iterable
+    {
+        yield 'validation group as string' => ['strict'];
+
+        yield 'validation group as array' => [['strict']];
+
+        yield 'validation group as GroupSequence' => [new Assert\GroupSequence(['strict'])];
+    }
 }
 
 class RequestPayload
 {
+    #[Assert\Length(min: 10, groups: ['strict'])]
     public string $title;
 
     public function __construct(public readonly float $price)