Param with blank value triggers (!isset) validation in Laravel - laravel

Here is my script:-
if (!isset($request->security_token))
{
// Provide security token
$error = TRUE;
$err_message[] = Lang::get('caption_validation_error.ser_valid_security_token.value');
$err_validation[] = Lang::get('caption_validation_error.ser_valid_security_token.value').' [security_token]';
}
It means, if a param is not "sent", then the validation will be triggered. However, if a param with "blank" value is sent, it must not trigger the validation.
However, when I am hitting the api through POSTMAN app, the security_token with blank value enters the !isset validation.
What am I doing wrong?

This is not that obvious why it's like this because it seems quite strange at first glance. However if you know a bit more about Laravel and you look at app/Http/Kernel.php file you will see in there:
\Illuminate\Foundation\Http\Middleware\ConvertEmptyStringsToNull::class,
which as you can find out from name converts empty strings to null. So in your case when you are sending empty parameter it's considered as null so !isset($null) will be true.
So you have 2 options:
remove this middleware from array - however it will affect the whole application so it might not be the best way if you are not sure about it
Assuming you want to trigger this validation only if parameter is not sent at all instead of
if (!isset($request->security_token))
you can use for example
if (!$request->has('security_token'))
Obviously it's not exactly the same - if you now sent this token and set it to null it won't be still executed but I believe when you now know what's happening with this empty string you can now adjust it exactly to your needs.

Related

laravel request return message keys translations

I have a Laravel Application and another APP making calls via API to Laravel. These 2 projects are separated.
Laravel and App have their own multilanguage system. They work independently but uses the same key translations.
So my idea was that all Laravel responses must be translations key, like: 'messages.success'.
With this response, the App can translate it.
All of these are working fine.
The problem appeared when I started working with Laravel Requests for validating forms.
In this case, the validation errors are automatically translated so the App receives the response translated with the default language of the Laravel application.
So what can I do?
I thought with 2 ideas but I don't know if they can work.
1: Passing the language into params. Don't know if it can work, how can I set the language before Laravel validates the Request?
2: Override the functionality of Requests to return messages without translate, so instead of "Felicidades" return "messages.success". I really like this approach. But how can I do it for all the rules? Overriding the messages function like this:
public function messages()
{
return [
'unique' => 'validation.unique'
];
}
For every rule works... but I feel bad.
Another approaches?
What is the best way to fix this problem?
I would suggest that you use this hacky solution in 2 lines of code. Go to /resources/lang/{code}/validation.php. You can see that it returns an array of messages by default. Modify it like so:
// Replace return in the first line
$ret = [
/* all the translations go here as normal */
];
// Add this as the last line. This will replace all values with their keys.
return array_combine(array_keys($ret), array_keys($ret));
After that you can use validation as per usual and you'll get validation message keys instead of messages. Cheers and hope this helps.

Laravel 5.6 ERR_TOO_MANY_REDIRECTS on GET request

I have a custom Request class which deals with the validation of a form. This form uses 'GET' and will filter down all the results the User can see on the page.
My rule for the start date:
'date_start' => 'nullable|date|required_with:date_end',
is causing a message:
ERR_TOO_MANY_REDIRECTS
My controller looks like this:
public function index (ApprovedSubmissionsFilterRequest $request)
{
...
I believe that this is because when the validation fails, it sends a GET request back to the index method, which once more fails the validation and redirects back to the index method etc. etc.
How do I avoid this loop? I do not want to use a POST request instead of a GET.
Here is my route:
Route::get('formSubmission', 'FormSubmissionController#index')
->name('formSubmission.index');
Thank you.
NOTE (edit):
Not all validation errors cause this - it only seems to be the required_with that is causing the issue. Somebody has mentioned it here previously.
I tried your code in my project, and cannot reproduce the problem. So do you really use the correct validation rule, because from the docs, the required_with takes an effect only if the other field that you are trying to validate exists in the request. So in your case date_start should not be present in the request and date_end should exist in order for this validation to take place:
required_with:foo,bar,...
The field under validation must be present and not empty only if any of the other specified fields are present.
Also from the github issue that you have mentioned, you can debug in the exception handler what happens when ValidationException is thrown
Your last note, have you tried with all validation rules except that one if it passes?

Laravel - Modify Received Request Parameters

When we receive a Request object in Laravel, is there a way to modify or add data to it? For instance, could I rename a parameter (not the value, but the parameter name itself) to something else? For example, the input might be called fname but I want to change it to first_name. Or could I add new inputs and values that weren't in the original request?
The reason I ask is that I have a method that accepts a Request object, and expects certain input names. I'd like to be able to reuse the method, but the request input names will be different.
If you have an Object you can edit and add new items.
$request->url = $new_url;
$request->new_item = 1;
If the object item not exists, then will create automatically, or if it exists, will modify it.
Tested #marc-garcia answer, and that will not persist through your script execution. This will...
// merge defaults into the request.
// this makes it consistent everywhere (blade, controller...)
request()->merge([
// find the request if it exists, second param is the default value
'reservable' =>request( 'reservable', (self::RESERVABLE_BY_DEFAULT?1:0) )
]);
You may also use request()->replace([...]); but that will remove all other parameters from the request and replace it will the array you provide.

Make the route parameter actually appear in the address bar

I have a tiny application in MVC 3.
In this tiny application, I want my URLs very clear and consistent.
There's just one controller with one action with one parameter.
If no value is provided (that is, / is requested by the browser), then a form is displayed to collect that single value. If a value is provided, a page is rendered.
The only route is this one:
routes.MapRoute(
"Default",
"{account}",
new { controller = "Main", action = "Index", account = UrlParameter.Optional }
);
This all works fine, but the account parameter never appears in the address line as a part of the URL. I can manually type test.com/some_account and it will work, but other than that, the account goes as a post parameter and therefore does not appear. And if I use FormMethods.Get in my form, I get ?account=whatever appended to the URL, which is also not what I want and which goes against my understanding. My understanding was that the MVC framework would try to use parameters set in the route, and only if not found, it would append them after the ?.
I've tried various flavours of setting the routes -- one route with a default parameter, or one route with a required parameter, or two routes (one with a required parameter and one without parameters); I've tried mixing HttpGet/HttpPost in all possible ways; I've tried using single action method with optional parameter string account = null and using two action methods (one with parameter, one without), but I simply can't get the thing appear in the URL.
I have also consulted the Steven Sanderson's book on MVC 3, but on the screenshots there are no parameters either (a details page for Kayak is displayed, but the URL in the address bar is htpp://localhost:XXXX/).
The only thing that definitely works and does what I want is
return RedirectToAction("Index", new { account = "whatever" });
But in order to do it, I have to first check the raw incoming URL and do not redirect if it already contains an account in it, otherwise it is an infinite loop. This seems way too strange and unnecessary.
What is the correct way to make account always appear as a part of the URL?
My understanding was that the MVC framework would try to use
parameters set in the route, and only if not found, it would append
them after the ?
Your understanding is not correct. ASP.NET MVC doesn't append anything. It's the client browser sending the form submission as defined in the HTML specification:
The method attribute of the FORM element specifies the HTTP method used
to send the form to the processing agent. This attribute may take two
values:
get: With the HTTP "get" method, the form data set is appended to the URI specified by the action attribute (with a question-mark ("?")
as separator) and this new URI is sent to the processing agent.
post: With the HTTP "post" method, the form data set is included in the body of the form and sent to the processing agent.
ASP.NET MVC routes are used to parse an incoming client HTTP request and redispatch it to the corresponding controller actions. They are also used by HTML helpers such as Html.ActionLink or Html.BeginForm to generate correct routes. It's just that for your specific scenario where you need to submit a user entered value as part of the url path (not query string) the HTML specification has nothing to offer you.
So, if you want to fight against the HTML specification you will have to use other tools: javascript. So you could use GET method and subscribe to the submit handler of the form and inside it manipulate the url so the value that was appended after the ? satisfy your requirements.
Don't think of this as ASP.NET MVC and routes and stuff. Think of it as a simple HTML page (which is what the browser sees of course) and start tackling the problem from that side. How would you in a simple HTML page achieve this?

What's the best way to pass additional POST variables into a validation rule in Kohana 3?

I'm trying to validate some POST data. One of the validations I need to do is a registration code, which is based off another POST variable - an IMEI number.
In my POST data I have 2 fields, register_imei and register_code. My code currently looks like this:
$post = Validate::factory($_POST);
$post->rule('register_imei', 'not_empty')
->rule('register_imei', 'exact_length', array(15))
->rule('register_imei', 'some_class::luhn_check');
$post->rule('register_code', 'not_empty')
->rule('register_code', 'some_class::valid_registration_code', array($_POST['register_imei']));
However, I'm not sure whether passing in the variable from the raw POST array field is ok, because it could be empty or not set. Does the fact that I've already added validation rules for register_imei above make it safe?
Does the fact that I've already added validation rules for register_imei above make it safe?
No validation is taken place until you call the check() method.
To solve your problem, use:
Arr::get($_POST, 'register_imei', NULL);
which returns the 3rd argument as a default if the key is not set in the array.

Resources