Add strict checking

Author: DominikWolos

src/Authenticator/RequestAuthenticator.php

@@ -15,6 +15,7 @@
 use Psr\Log\LoggerInterface;
 use Sylius\Component\Channel\Context\ChannelContextInterface;
 use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\Response;
 
 final class RequestAuthenticator implements RequestAuthenticatorInterface
 {
@@ -39,6 +40,14 @@ public function authenticate(Request $request): bool
 
         $content = $request->getContent(false);
 
+        if (is_resource($content)) {
+            $content = stream_get_contents($content);
+        }
+
+        if (false === $content) {
+            throw new \InvalidArgumentException('Invalid JSON payload', Response::HTTP_BAD_REQUEST);
+        }
+
         $content = json_encode(
             json_decode($content, true),
             \JSON_UNESCAPED_SLASHES | \JSON_UNESCAPED_UNICODE,

src/Controller/UserComAgreementsController.php

@@ -36,7 +36,17 @@ public function __invoke(Request $request): Response
             if (false === $this->requestAuthenticator->authenticate($request)) {
                 return new JsonResponse('Unauthorized', Response::HTTP_UNAUTHORIZED);
             }
-            $payload = json_decode($request->getContent(false), true);
+
+            $payload = $request->getContent(false);
+            if (is_resource($payload)) {
+                $payload = stream_get_contents($payload);
+            }
+
+            if (false === $payload) {
+                return new JsonResponse('Invalid JSON payload', Response::HTTP_BAD_REQUEST);
+            }
+
+            $payload = json_decode($payload, true);
 
             if (!is_array($payload) || [] === $payload) {
                 return new JsonResponse('Invalid JSON payload', Response::HTTP_BAD_REQUEST);