fix(php): safe OpenAPI default literals for $ref schemas; tighten php-symfony tests

JerrySLau · JerrySLau · commit 1fa1b8ce8fa6 · 2026-04-14T23:07:09.000+08:00
AbstractPhpCodegen maps getDefault() to valid PHP via defaultValueToPhpLiteral
instead of blind toString(). PhpSymfonyServerCodegenTest asserts non-nullable
handler params when an enum $ref has an OpenAPI default (petstore + optional spec).
diff --git a/modules/openapi-generator/src/main/java/org/openapitools/codegen/languages/AbstractPhpCodegen.java b/modules/openapi-generator/src/main/java/org/openapitools/codegen/languages/AbstractPhpCodegen.java
@@ -33,6 +33,7 @@
 import org.slf4j.LoggerFactory;
 
 import java.io.File;
+import java.math.BigDecimal;
 import java.util.*;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;
@@ -640,16 +641,47 @@ public String toDefaultValue(Schema p) {
         // references an enum model). That wrapper is often not classified as string/number here, but still carries
         // the default OpenAPI value — needed so Mustache can emit `query->get(..., <default>)` for php-symfony.
         if (p.getDefault() != null) {
-            Object def = p.getDefault();
-            if (def instanceof String) {
-                return "'" + escapeTextInSingleQuotes((String) def) + "'";
-            }
-            return def.toString();
+            return defaultValueToPhpLiteral(p.getDefault());
         }
 
         return null;
     }
 
+    /**
+     * Converts a JSON Schema {@code default} value to a PHP expression suitable for templates (e.g. second argument to
+     * {@code query->get}). Only safe scalar literals are supported; unknown types log a warning and yield {@code null}
+     * so we do not emit broken PHP from {@code Object#toString()}.
+     */
+    private String defaultValueToPhpLiteral(Object def) {
+        if (def == null) {
+            return null;
+        }
+        if (def instanceof String) {
+            return "'" + escapeTextInSingleQuotes((String) def) + "'";
+        }
+        if (def instanceof Boolean) {
+            return Boolean.TRUE.equals(def) ? "true" : "false";
+        }
+        if (def instanceof BigDecimal) {
+            return ((BigDecimal) def).toPlainString();
+        }
+        if (def instanceof Number) {
+            String s = def.toString();
+            if (s.contains("Infinity") || s.contains("NaN")) {
+                LOGGER.warn("Unsupported numeric default for PHP literal: {}", def);
+                return null;
+            }
+            return s;
+        }
+        if (def instanceof Character) {
+            return "'" + escapeTextInSingleQuotes(String.valueOf((Character) def)) + "'";
+        }
+        LOGGER.warn(
+                "Cannot convert OpenAPI default of type {} to a PHP literal; omitting defaultValue",
+                def.getClass().getName());
+        return null;
+    }
+
     @Override
     public void setParameterExampleValue(CodegenParameter p) {
         String example;
diff --git a/modules/openapi-generator/src/test/java/org/openapitools/codegen/php/PhpSymfonyServerCodegenTest.java b/modules/openapi-generator/src/test/java/org/openapitools/codegen/php/PhpSymfonyServerCodegenTest.java
@@ -216,14 +216,20 @@ public void testPetstoreDottedEnumRefQueryParameterUsesShortClassInApiInterface(
         Assert.assertTrue(
                 apiContent.contains("use Org\\OpenAPITools\\Petstore\\Model\\PetModelPetStatus;"),
                 "Expected enum model import");
-        // Optional enum ref may carry an OpenAPI default: php-symfony api.mustache omits leading "?" / "|null" when
-        // defaultValue is set (handler always receives the enum after the controller applies the default).
+        // This spec sets default: available on the enum $ref; the handler must be non-nullable (no leading "?" /
+        // "|null") because the controller always supplies a value after applying the OpenAPI default.
         Assert.assertTrue(
-                Pattern.compile("public function listPets\\(\\s*\\??PetModelPetStatus\\s+\\$status,").matcher(apiContent).find(),
-                "Expected enum ref query param to use short class in type hint");
+                Pattern.compile("public function listPets\\(\\s*PetModelPetStatus\\s+\\$status,").matcher(apiContent).find(),
+                "Expected defaulted enum-ref query param to use short non-nullable class in type hint");
+        Assert.assertFalse(
+                Pattern.compile("public function listPets\\(\\s*\\?PetModelPetStatus\\s+\\$status").matcher(apiContent).find(),
+                "Defaulted enum-ref query param must not use nullable type hint (?PetModelPetStatus)");
         Assert.assertTrue(
-                Pattern.compile("@param\\s+PetModelPetStatus(\\|null)?\\s+\\$status\\b").matcher(apiContent).find(),
-                "PHPDoc @param should use short PetModelPetStatus (optional |null when no default in spec)");
+                Pattern.compile("@param\\s+PetModelPetStatus\\s+\\$status\\b").matcher(apiContent).find(),
+                "PHPDoc @param should use short PetModelPetStatus without |null when OpenAPI default is set");
+        Assert.assertFalse(
+                Pattern.compile("@param\\s+PetModelPetStatus\\|null\\s+\\$status\\b").matcher(apiContent).find(),
+                "PHPDoc must not document |null for enum ref when OpenAPI default is set");
         Assert.assertFalse(
                 apiContent.contains("?\\Org\\OpenAPITools\\Petstore\\Model\\PetModelPetStatus $status"),
                 "Signature must not use leading-backslash FQCN when a matching use import exists");
@@ -275,6 +281,25 @@ public void testOptionalEnumRefQueryParameterWithDefaultAppliesOpenApiSemantics(
         DefaultGenerator generator = new DefaultGenerator();
         List<File> files = generator.opts(clientOptInput).generate();
 
+        File apiInterfaceFile = files.stream()
+                .filter(f -> "DefaultApiInterface.php".equals(f.getName()) && f.getPath().contains("Api" + File.separator))
+                .findFirst()
+                .orElseThrow(() -> new AssertionError("DefaultApiInterface.php not generated"));
+        String apiContent = Files.readString(apiInterfaceFile.toPath(), StandardCharsets.UTF_8);
+        Assert.assertTrue(
+                Pattern.compile("public function listFeedHints\\(\\s*PetAnnouncementTone\\s+\\$tone,").matcher(apiContent).find(),
+                "Expected defaulted enum-ref query param to use short non-nullable class in API interface type hint");
+        Assert.assertFalse(
+                Pattern.compile("public function listFeedHints\\(\\s*\\?PetAnnouncementTone\\s+\\$tone").matcher(apiContent).find(),
+                "Defaulted enum-ref query param must not use nullable type hint (?PetAnnouncementTone)");
+        Assert.assertTrue(
+                Pattern.compile("@param\\s+PetAnnouncementTone\\s+\\$tone\\b").matcher(apiContent).find(),
+                "PHPDoc @param should use PetAnnouncementTone without |null when OpenAPI default is set");
+        Assert.assertFalse(
+                Pattern.compile("@param\\s+PetAnnouncementTone\\|null\\s+\\$tone\\b").matcher(apiContent).find(),
+                "PHPDoc must not document |null for enum ref when OpenAPI default is set");
+        assertGeneratedPhpSyntaxValid(apiInterfaceFile);
+
         File controllerFile = files.stream()
                 .filter(f -> "DefaultController.php".equals(f.getName()) && f.getPath().contains("Controller" + File.separator))
                 .findFirst()
