apostrophe icon indicating copy to clipboard operation
apostrophe copied to clipboard

Published 20 hours ago verified publisher icon apostrophecms

3.0: UI string validation

Open myovchev opened this issue 3 years ago • 3 comments

Describe the bug

  1. The UI is not validating length constraints at all. On submission, the string value is just cut off by the backend API.
  2. Interesting enough, providing number for the string field enables the integer validation (compare number values instead string length)

Step by step instructions to reproduce the behavior: Add a simple string field with length constraints to any piece:

{
  fields: {
    add: {
      label: {
        type: 'string',
        label: 'Label',
        min: 2,
        max: 5
      }
}

In edit/create mode fill with:

  1. a - no validation
  2. abcdefgh - no validation
  3. 1 - triggers integer validation (1 < 2)
  4. 6 - triggers integer validation (6 > 5)

Enter non valid string abcdefgh and hit save. If you go back and observe (or just take a look at the backend response). the result is the field is silently cut off to the max allowed string length by the backend, which IMO is a very bad thing.

Expected behavior

Validate strings via the UI and do not automatically truncate strings on the back-end

Details

Version of Node.js: v12.21.0

Server Operating System: Ubuntu 20.04.2 LTS

Additional context: Tested on Chrome, Chromium, Brave, Firfeox against latest state of 3.0 branch

myovchev avatar Jun 02 '21 12:06 myovchev

The automatic truncation on the back end is fine as long as the front end does its job properly, which of course does need to be fixed.

boutell avatar Jun 04 '21 12:06 boutell

I'm not sure how well this would work with external systems when consuming the apos API. I really prefer 422 Unprocessable Entity error thrown to a client which is not under my control.

myovchev avatar Jun 05 '21 14:06 myovchev

Mmm, or we could do "400 invalid." We might not have time to change that policy before the stable release makes it a bc issue. But we will of course address the UI bug.

On Sat, Jun 5, 2021 at 10:34 AM Miro Yovchev @.***> wrote:

I'm not sure how well this would work with external systems consuming the apos API. I really prefer 422 Unprocessable Entity error thrown to a client which is not under my control.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/apostrophecms/apostrophe/issues/3125#issuecomment-855248813, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAH27PHX735UO7ESKGKPVLTRIYVVANCNFSM456TON3Q .

--

THOMAS BOUTELL | CHIEF TECHNOLOGY OFFICER APOSTROPHECMS | apostrophecms.com | he/him/his

boutell avatar Jun 07 '21 12:06 boutell