Proper pattern for input validation in Fiber - go

I'm following this tutorial on validation in Go Fiber: https://docs.gofiber.io/guide/validation. I however am not liking this pattern because it requires parsing the body which can fail and produce a general error to the end user such as:
json: cannot unmarshal number into Go struct field partnerRequest.NumberEmployees of type string
What is the correct way to handle validating the body and returning a proper validation error? Note that I'm using github.com/go-playground/validator/v10 currently.

Related

How to map an input validation error to a specific error code in Spring

I am having a case in which I would like to do some input validation on the #RequestParams of an endpoint.
I know about Validators and Custom Validators, and my current strategy implies creating a wrapper object around the RequestParams, a custom validator and apply class level the annotation that triggers the custom validation.
My problem is that the custom validation is implementing ConstraintValidator, which means that the validator will either return true or false, and an error will be created by Spring with some text (I also know that I can change this text). My desire, however, is to create a custom payload back to the client. An example could be
class MyError {
int code;
String message;
}
The way to return this object is through a #ControllerAdvice Error handler, which understands that a ConstraintValidationException should return my custom payload format. However, I need to return different codes and messages for different reasons on the input validation failed. For example:
A Field is empty -> code XXX
A Field is formatted incorrectly -> code YYY
As far as I know, there is little customization possible on the exception that is reachable from my #ControllerAdvice, I can get a list of errors that happened but I cannot easily determine what happened. (Technically I can, but it would have to be based on the message string, which is pretty weak).
Is there a way to provide extra data to the Exception so I can distinguish from the #ControllerAdvice what happened and create my custom error response accordingly?
Am I approaching it the wrong way?
You can intercept the BindException (https://docs.spring.io/spring-framework/docs/current/javadoc-api/org/springframework/validation/BindException.html) with the #ExceptionHandler. This contains detailed information about all validation errors. For example, with e.getFieldErrors() you can access all errors associated with fields.
For example, for a field
#MyConstraint
#Length(min = 3)
private String field;
that failed validation you get the following information in the exception:
Field error in object data on field field: rejected value [XY]; codes [Length.data.field,Length.field,Length.java.lang.String,Length].
Field error in object data on field field: rejected value [XY]; codes [MyConstraint.data.field,MyConstraint.field,MyConstraint.java.lang.String,MyConstraint].
From this you can see that it failed the #Length constraint and the custom #MyConstraint constraint.

Spring: Handling errors when type mismatch in #RequestParam

I have a request hanlder (method in #Controller class) with some #RequestParam args invoked when a form is submitted. I have various types of args like strings, ints, enums and objects ...
When the form is submitted if spring cannot bind a param to arg, returns a responce with
error 400 or 500 (I haven't understood which cases correspond to each error yet).
I would prefer to handle this mismatch by sending feedback to the user highlighting which field in the form was bad and why ...
One simple case of doing that is by changing all #RequestParams to strings, and do the conversions inside the handler and respond with feedbacks if any errors. (Errors may vary from type mismatch to invalid param ie negative number for age).
Is there any better way?
#RequestParam is most suited for situations when parameters are generated by your application rather than entered by the user.
If you want to provide feedback to the user it would be better to use conventional form handling approach with #ModelAttribute and BindingResult. This way you can perform arbitrary validation and also provide meaningful error messages for type mismatch errors.

Codeigniter Form Validation - Is there a way to define multiple different %s when setting error messages?

Based on the documentation, %s will be replaced by field name when setting error messages.
If you include %s in your error string, it will be replaced with the
"human" name you used for your field when you set your rules.
Is there a way to have multiple %s in the string and define them differently?
This is the line in the form validation library that creates the error message:
// Build the error message
$message = sprintf($line, $this->_translate_fieldname($row['label']), $param);
$line: The error message template, for example "The % field is invalid"
$this->_translate_fieldname($row['label']): The field's label
$param: The parameter passed the the validation function, if any, max_length[5] would pass "5"
So that's the extent of what the form validation class does for you. If you need more flexibility you'll have to prepare the error message yourself <-- might be useful beforehand with the extra variables already populated.
It might be interesting to extend the form validation class via core/MY_form_validation.php and work this functionality in. Unfortunately this line is contained in the main function _execute which is very big and messy, and from looking at it now, you'd need to overload some other functions as well. I started to write an example but it actually looks like a chore. You might be better off using:
$this->form_validation->set_message('rule_name', 'Your custom message here');
More on setting error messages: http://ellislab.com/codeigniter/user_guide/libraries/form_validation.html#settingerrors

Is there a way to make angular run all the validations of an input instead of stoping when the first validation fails?

I'm having problems trying to make angular run all the validations of an input at once.
Here is a jsfiddle example of my problem http://jsfiddle.net/carpasse/GDDE2/
if you type 1 character on the email input you get this "The minimum lenght is 3." error message
and is not until you type 2 more characters than you get the other error message "This is not a valid email."
Does anybody know how to make angular show both error messages at the same time??
Thanks a lot in advance
You problem is not that all the validators are not being run - they are!
Remember that the way these validations work is by passing the view values through a pipeline of transformation functions, which can also specify the validity of the value.
The problem is that the min length validator passes undefined down the pipeline if it is not valid and that the email validator says that undefined is a valid email address!
Try creating your own validation directive that says that undefined is not a valid email address and you will find both errors are showing: http://jsfiddle.net/eKfj3/

WebObjects field validation

I'm trying to find a good way to do field validation in a WebObjects app. If I have a text field and I tie a number formatter to it, it seems that the default behavior is to parse out the number IF the user enters in a valid number, or, if the user enters an invalid number, it seems to just ignore the value entered by the user. I can't do the validation in a save method or an action method because WO will have already ignored the non-number input by the time it reaches the action method. Is there a standard/recommended way, in a WebObjects app, of validating user input such that the user can be alerted of invalid input, rather than just ignoring the invalid input?
This page: http://en.wikibooks.org/wiki/WebObjects/EOF/Using_EOF/Validation claims that WO and EOF have "an incredible array of validation mechanisms" and even hints that there is a built-in way to prevent the user from entering inappropriate data, but I haven't been able to find any documentation or examples of how to do that (if there is, in fact, a built-in way). Coming up with a custom javascript validator to prevent inappropriate data seems like it would be a nightmare - finding a way to make the JS recognize and handle all of the same edge cases that the backend formatters/parsers handle. It would be nice if WO really did have a built-in way to propagate the formatter edge cases over to JS validation.
The above link also says there is a validationFailedWithException method in WOComponent that gets called "when an EO or formatter failed validation during an assignment", but how can I make a formatter fail validation in the non-number example case above? I've tried having the formatter throw an exception in the parse method if a non-number is entered, but that exception doesn't get passed to the validationFailedWithException method. Does anyone know how I can trigger an exception in a formatter that will trigger a call to validationFailedWithException()? And is that even the best/recommended way? Does anyone know of a better way?
I'm pretty sure, that validationFailedWithException is getting called for every formatting error. You should receive there an NSValidationException that wraps a ParseException. The method is usually called on the component containing the binding. It may get skipped on caret (^) bindings.
All the standard number formatter already throw a ParseException (see Format.parse(String)).
The validation handling in WebObjects can get quite complex, it really depends on your needs. But it was designed without JavaScript or Ajax in mind. Newer approaches in Wonder may incorporate the client side, but I have no experience with it.
The normal validation sequence is:
if needed convert the input into the target type with a formatter
call a validateAttributeName method on the target object, where AttributeName is the attribute name to receive the value
When something fails in this sequence validationFailedWithException is called.
While saving an enterprise object "validateFor..." is called on the objects. An exception at this point has to be caught in your action method.
So you have two points to handle validation errors. The "syntactical" errors have to be handled in validationFailedWithException. After this point you have valid inputs. You may manually further check those or greater object structures in your action method or in validateFor... (e.g. validateForSave).

Resources