UPDATED:
when i executing Unit Test project and then it will return Was unhandled This test result also contained an inner exception instead of "Assert.IsTrue failed. The Description field is required." Result like (0 Pass, 1 FAIL, 1 Total) but we are not getting any exception at all if i debug with F11
[TestMethod]
[Asynchronous]
[Description("Determines whether the selected or single property is valide using the validation context or validate single properties.")]
public void ValidateSigleWithDataAnnotation()
{
LookupsServices lookupsservices = new LookupsServices();
Lookups lookups = new Lookups() { Description = "", LookupReference = 2, DisplayOrder = 50};
lookupsservices.Lookups.Add(lookups);
//THIS IS NOT WORKING
string message = ValidateProperties.ValidateSingle(lookups, "Description");
Assert.IsTrue(message.Equals(""), message);
//THIS IS WORKING
var results = new List<ValidationResult>();
Validator.TryValidateProperty(lookups.Description , new ValidationContext(lookups, null, null) { MemberName = "Description" }, results);
Assert.IsTrue(results.Count == 0, results[0].ToString());
}
Following is the Generic function to validate individual property
public static string ValidateSingle<T>(T t, string PeropertyName) where T : class
{
string errorMessage = "";
var ValidationMessages = new List<ValidationResult>();
bool ValidationResult = Validator.TryValidateProperty(typeof(T).GetProperty(PeropertyName).Name, new ValidationContext(t, null, null) { MemberName = PeropertyName} , ValidationMessages);
if (!ValidationResult) errorMessage += string.Format("\n{0}", ValidationMessages[0]);
return errorMessage;
}
Following is the Model where Description field id Required
public class Lookups
{
public Lookups() { }
[Key]
public virtual int LookupReference { get; set; }
[Required]
public virtual string Description { get; set; }
public virtual int? DisplayOrder { get; set; }
}
I am getting error "The Description field is required" if i am validating without Generic method, but why am not getting same error using Generic method?
Please Help me.....
Compare these two calls:
// In the generic method
Validator.TryValidateProperty(
typeof(T).GetProperty(PeropertyName).Name,
new ValidationContext(t, null, null) { MemberName = PeropertyName},
ValidationMessages);
// The working call
Validator.TryValidateProperty(
lookups.Description,
new ValidationContext(lookups, null, null) { MemberName = "Description" },
results);
In the first form, you're passing in the name of the property, i.e. "Description". In the second form, you're passing in the value of the property, i.e. "". To make the first call look like the second, you'd need:
typeof(T).GetProperty(PeropertyName).GetValue(t, null),
It's not entirely clear to me whether that's what you want (I haven't used Validator myself) but it may be the answer.
Related
I'm looking for a way to add error code alongside the error message to ModelState.
for example
ModelState.AddModelError("ErrorKey", new { Code = 4001, Message = "Some error message" });
For some bad requests client should do an action and comparing error message is not an ideal solution for making a decision. ModelState.AddModelError method only accepts two parameters, an error key and a message. Is there a way to achieve this or something similar?
No, there is not a way to achieve what you are looking for, in your code when you're trying to do something like this:
return BadRequest(ModelState);
You’ll receive a 400 bad request response back with message you've already added (as you can see, the error code has been presented already here). So, there is neither a usage nor a way of adding the Error Code in your case.
I found a way to add the error code to ValidationProblemDetails:
public class CustomValidationProblemDetails : ValidationProblemDetails
{
public CustomValidationProblemDetails()
{
}
[JsonPropertyName("errors")]
public new IEnumerable<ValidationError> Errors { get; } = new List<ValidationError>();
}
ValidationProblemDetails has an Error property that is IDictionary<string, string[]> and replace this property with our version to add code error.
public class ValidationError
{
public int Code { get; set; }
public string Message { get; set; }
}
Constructor of ValidationProblemDetails accepts ModelStateDictionary and need to convert it to list of ValidationError:
public CustomValidationProblemDetails(IEnumerable<ValidationError> errors)
{
Errors = errors;
}
public CustomValidationProblemDetails(ModelStateDictionary modelState)
{
Errors = ConvertModelStateErrorsToValidationErrors(modelState);
}
private List<ValidationError> ConvertModelStateErrorsToValidationErrors(ModelStateDictionary modelStateDictionary)
{
List<ValidationError> validationErrors = new();
foreach (var keyModelStatePair in modelStateDictionary)
{
var errors = keyModelStatePair.Value.Errors;
switch (errors.Count)
{
case 0:
continue;
case 1:
validationErrors.Add(new ValidationError { Code = 100, Message = errors[0].ErrorMessage });
break;
default:
var errorMessage = string.Join(Environment.NewLine, errors.Select(e => e.ErrorMessage));
validationErrors.Add(new ValidationError { Message = errorMessage });
break;
}
}
return validationErrors;
}
Create custom ProblemDetailsFactory to create CustomValidationProblemDetails when we want to return bad request response:
public class CustomProblemDetailsFactory : ProblemDetailsFactory
{
public override ProblemDetails CreateProblemDetails(HttpContext httpContext, int? statusCode = null, string title = null,
string type = null, string detail = null, string instance = null)
{
var problemDetails = new ProblemDetails
{
Status = statusCode,
Title = title,
Type = type,
Detail = detail,
Instance = instance,
};
return problemDetails;
}
public override ValidationProblemDetails CreateValidationProblemDetails(HttpContext httpContext,
ModelStateDictionary modelStateDictionary, int? statusCode = null, string title = null, string type = null,
string detail = null, string instance = null)
{
statusCode ??= 400;
type ??= "https://tools.ietf.org/html/rfc7231#section-6.5.1";
instance ??= httpContext.Request.Path;
var problemDetails = new CustomValidationProblemDetails(modelStateDictionary)
{
Status = statusCode,
Type = type,
Instance = instance
};
if (title != null)
{
// For validation problem details, don't overwrite the default title with null.
problemDetails.Title = title;
}
var traceId = Activity.Current?.Id ?? httpContext?.TraceIdentifier;
if (traceId != null)
{
problemDetails.Extensions["traceId"] = traceId;
}
return problemDetails;
}
}
And at the end register the factory:
public void ConfigureServices(IServiceCollection services)
{
services.AddControllers();
services.AddTransient<ProblemDetailsFactory, CustomProblemDetailsFactory>();
}
Read the Extending ProblemDetails - Add error code to ValidationProblemDetails for more detail.
I have a ViewModel in my C# WPF application which contains several properties like this one
public class ExecutionsCreateViewModel : ValidationViewModelBase
{
[Required(ErrorMessage = "Execution name is required.")]
[StringLength(60, ErrorMessage = "Execution name is too long.")]
public string ExecutionName { get; set; }
[...]
}
Thats my ValidationViewModelBase class
public abstract class ValidationViewModelBase : IDataErrorInfo
{
string IDataErrorInfo.Error
{
get
{
throw new NotSupportedException("IDataErrorInfo.Error is not supported.");
}
}
string IDataErrorInfo.this[string propertyName]
{
get
{
if (string.IsNullOrEmpty(propertyName))
{
throw new ArgumentException("Invalid property name", propertyName);
}
string error = string.Empty;
var value = GetValue(propertyName);
var results = new List<ValidationResult>(1);
var result = Validator.TryValidateProperty(
value,
new ValidationContext(this, null, null)
{
MemberName = propertyName
},
results);
if (!result)
{
var validationResult = results.First();
error = validationResult.ErrorMessage;
}
return error;
}
}
private object GetValue(string propertyName)
{
PropertyInfo propInfo = GetType().GetProperty(propertyName);
return propInfo.GetValue(this);
}
}
And this is my TextBox in XAML
<TextBox Text="{Binding ExecutionName, UpdateSourceTrigger=PropertyChanged, NotifyOnValidationError=True, ValidatesOnExceptions=True, ValidatesOnDataErrors=True}"/>
Attributes are working, UI is correctly notified when property becomes invalid ("Invalid" VisualState is triggered).
The problem is, I don't know how to check in Create method if certain property is currently valid or not.
private void Create()
{
if(/*check if property is invalid*/)
{
MessageBox.Show(/*property ErrorMessage*/);
return;
}
//Do something with valid properties
}}
I've tried with Validator.ValidateProperty (1, 2, 3) but it's not working and/or it's too messy. I was also doing tricks like
try
{
ExecutionName = ExecutionName;
}
catch(Exception ex)
{
MessageBox.Show(ex.Message);
return;
}
But it's not working in some scenarios and does not look very professional.
Maybe ValidateProperty is the key, but after many "tutorials" I still doesn't know how to fill it to my needs.
Also there is second small thing. Attributes always validate its properties, so when user receive fresh form the ExecutionName will always be null thus Required attribute will mark it as invalid, so that control will automatically turn red. Is there a way to skip validation at initialization?
The problem is, I don't know how to check in Create method if certain property is currently valid or not.
The same way as you do in your ValidationViewModelBase class, e.g.:
private void Create()
{
var value = this.ExecutionName; //the property to validate
var results = new List<ValidationResult>();
var result = Validator.TryValidateProperty(
value,
new ValidationContext(this, null, null)
{
MemberName = "ExecutionName" //the name of the property to validate
},
results);
if (!result)
{
var validationResult = results.First();
MessageBox.Show(validationResult.ErrorMessage);
}
//...
}
I have an ApiController, in which I have a Post method that accepts a VariableTemplateViewModel, which looks like this:
public class VariableTemplateViewModel
{
public VariableTemplateViewModel() { }
public double Version { get; set; }
[Required]
public List<VariableViewModel> Variables { get; set; }
}
public class VariableViewModel
{
public VariableViewModel() { }
[Required(AllowEmptyStrings=false, ErrorMessage="Variable Name cannot be empty")]
public string Name { get; set; }
}
Inside the Post method, I do a validation check, like so:
public void Post(long id, [FromBody]VariableTemplateViewModel model)
{
if (!ModelState.IsValid )
{
throw new HttpResponseException(HttpStatusCode.BadRequest);
}
}
This works great and if I call it with a view model that has empty Name fields in the Variables list, it fails validation. However, when I try to validate this from the Unit Test, it only runs validations on VariableViewModel itself and not recursively the VariableViewModel. So, if I pass in null for the Variables, I get a validation error but if I pass in an empty string for Name, there are no validation errors.
[TestMethod]
public void Post_Returns_HttpResponseException_With_Empty_Variable_Name()
{
var controller = new VariableController();
var viewModel = new VariableTemplateViewModel
{
Version = 1,
Variables = new List<VariableViewModel>
{
new VariableViewModel { Name = "" }
}
};
var validationContext = new ValidationContext(viewModel, null, null);
var validationResults = new List<ValidationResult>();
Validator.TryValidateObject(viewModel, validationContext, validationResults, true);
foreach (var validationResult in validationResults)
{
controller.ModelState.AddModelError(validationResult.MemberNames.First(), validationResult.ErrorMessage);
}
// Assert
}
I have tried removing/adding empty constructors and initializing Variables inside the VariableTemplateViewModel constructor. I have even tried using Validator.TryValidateObject on viewModel.Variables directly to no avail.
Does anyone know how this can be fixed?
I have a same problem and use this for the solution. May this help You.
public void Post(long id, [FromBody]VariableTemplateViewModel model)
{
if (!ModelState.IsValid && TryValidateModel(model.NestedModel, "NestedModel."))
{
throw new HttpResponseException(HttpStatusCode.BadRequest);
}
}
Try this, Recursive Validation Using DataAnnotations
I want send from service to service object:
public abstract class Notification : AggregateRoot
{
public string Title { get; set; }
public string Content { get; set; }
public DateTime Created { get; set; }
public NotificationType NotificationType { get; set; }
}
public class Alert : Notification
{
public object LinkedObject { get; set; }
public bool WasSeen { get; set; }
}
And from my unit test:
[Theory, AutoNSubstituteData]
public async void Send_NotificationIsAlertTypeDocumentDontExist_DocumentShouldBeCreatedAndNotificationSaved(
IDocumentDbRepository<AlertsDocument> repository,
CampaignAlertsSender sender,
Alert notification
)
{
// Arrange
notification.NotificationType = NotificationType.Alert;
notification.LinkedObject = new
{
MerchantId = Guid.NewGuid()
};
repository.GetItemAsync(Arg.Any<Expression<Func<AlertsDocument, bool>>>()).Returns((Task<AlertsDocument>) null);
// Act
await sender.SendAsync(notification);
// Assert
await repository.Received(1).GetItemAsync(Arg.Any<Expression<Func<AlertsDocument, bool>>>());
await repository.Received(1).CreateItemAsync(Arg.Any<AlertsDocument>());
}
Look at the linkedobject it is object but I make it with new. And send it to service.
public override async Task SendAsync(Notification notification)
{
if(notification == null)
throw new ArgumentNullException(nameof(notification));
var alert = notification as Alert;
if(alert == null)
throw new ArgumentException();
var linkedObject = alert.LinkedObject as dynamic;
Guid merchantId = Guid.Parse(linkedObject.MerchantId); // here is problem! linkedObject "object" dont have "MerchantId".
var document = await Repository.GetItemAsync(doc => doc.MerchantId == merchantId);
if (document == null)
{
document = new AlertsDocument
{
MerchantId = merchantId,
Entity = new List<Alert>()
};
document.Entity.Add(alert);
}
}
Here is problem! linkedObject "object" dont have "MerchantId".
But why? While debuging I see the value MerchantId in linkedObject.
How to do it?
Error:
An exception of type 'Microsoft.CSharp.RuntimeBinder.RuntimeBinderException' occurred in mscorlib.dll but was not handled in user code
Additional information: 'object' does not contain a definition for 'MerchantId'
LinkedObject is created as an anonymous type which are generated as internal types. If the code accessing the object is not in the same assembly then you will get that error. The debugger can see because it is using reflection but when you try to access it via dynamic you get the error (again because anonymous types are generated as internal).
You however can still get to it via reflection as well.
var linkedObject = alert.LinkedObject as dynamic;
Guid merchantId = (Guid)linkedObject.GetType()
.GetProperty("MerchantId")
.GetValue(linkedObject, null);
but this can get messy very fast.
If you take a look at my answer provided here
How do you unit test ASP.NET Core MVC Controllers that return anonymous objects?
A dynamic wrapper which uses reflection under the hood to access the properties of the anonymous type was used.
The same theory applies and you could probably use that wrapper to access the properties of the linkedObject.
var linkedObject = new DynamicObjectResultValue(alert.LinkedObject);
Guid merchantId = (Guid)linkedObject.MerchantId;
From your code it seems that MerchantId is already a Guid, so you just need to cast it, instead of parsing:
var linkedObject = (dynamic)alert.LinkedObject;
var merchantId = (Guid)linkedObject.MerchantId;
(I realize this question is very similar to How to whitelist/blacklist child object fields in the ModelBinder/UpdateModel method? but my situation is slightly different and there may be a better solution available now that wasn't then.)
Our company sells web-based software that is extremely configurable by the end-user. The nature of this flexibility means that we must do a number of things at run time that would normally be done at compile time.
There are some rather complex rules regarding who has read or read/write access to most everything.
For instance, take this model that we would like to create:
using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Linq;
using System.Web;
using System.Web.Mvc;
namespace j6.Business.Site.Models
{
public class ModelBindModel
{
[Required]
[Whitelist(ReadAccess = true, WriteAccess = true)]
public string FirstName { get; set; }
[Whitelist(ReadAccess = true, WriteAccess = true)]
public string MiddleName { get; set; }
[Required]
[Whitelist(ReadAccess = true, WriteAccess = true)]
public string LastName { get; set; }
[Required]
[Whitelist(ReadAccess = User.CanReadSalary, WriteAccess = User.CanWriteSalary)]
public string Salary { get; set; }
[Required]
[Whitelist(ReadAccess = User.CanReadSsn, WriteAccess = User.CanWriteSsn)]
public string Ssn { get; set; }
[Required]
public string SirNotAppearingOnThisPage { get; set; }
}
}
In the controller, it is not difficult to "unbind" things manually.
var resetValue = null;
modelState.Remove(field);
pi = model.GetType().GetProperty(field);
if (pi == null)
{
throw new Exception("An exception occured in ModelHelper.RemoveUnwanted. Field " +
field +
" does not exist in the model " + model.GetType().FullName);
}
// Set the default value.
pi.SetValue(model, resetValue, null);
Using HTML helpers, I can easily access the model metadata and suppress rendering of any fields the user does not have access to.
The kicker: I can't figure out how to access the model metadata anywhere in the CONTROLLER itself to prevent over-posting.
Note that using [Bind(Include...)] is not a functional solution, at least not without additional support. The properties to Include are run-time (not compile time) dependent, and excluding the property does not remove it from the validation.
ViewData.Model is null
ViewData.ModelMetaData is null
[AllowAnonymous]
[HttpPost]
// [Bind(Exclude = "Dummy1" + ",Dummy2")]
public ViewResult Index(ModelBindModel dto)
{
zzz.ModelHelper.RemoveUnwanted(ModelState, dto, new string[] {"Salary", "Ssn"});
ViewBag.Method = "Post";
if (!ModelState.IsValid)
{
return View(dto);
}
return View(dto);
}
Any suggestions on how to access the Model MetaData from the controller? Or a better way to whitelist properties at run time?
Update:
I borrowed a page from this rather excellent resource:
http://www.dotnetcurry.com/ShowArticle.aspx?ID=687
With a model that looks like this:
[Required]
[WhiteList(ReadAccessRule = "Nope", WriteAccessRule = "Nope")]
public string FirstName { get; set; }
[Required]
[WhiteList(ReadAccessRule = "Database.CanRead.Key", WriteAccessRule = "Database.CanWrite.Key")]
public string LastName { get; set; }
The class:
public class WhiteList : Attribute
{
public string ReadAccessRule { get; set; }
public string WriteAccessRule { get; set; }
public Dictionary<string, object> OptionalAttributes()
{
var options = new Dictionary<string, object>();
var canRead = false;
if (ReadAccessRule != "")
{
options.Add("readaccessrule", ReadAccessRule);
}
if (WriteAccessRule != "")
{
options.Add("writeaccessrule", WriteAccessRule);
}
if (ReadAccessRule == "Database.CanRead.Key")
{
canRead = true;
}
options.Add("canread", canRead);
options.Add("always", "be there");
return options;
}
}
And adding these lines to the MetadataProvider class mentioned in the link:
var whiteListValues = attributes.OfType<WhiteList>().FirstOrDefault();
if (whiteListValues != null)
{
metadata.AdditionalValues.Add("WhiteList", whiteListValues.OptionalAttributes());
}
Finally, the heart of the system:
public static void DemandFieldAuthorization<T>(ModelStateDictionary modelState, T model)
{
var metaData = ModelMetadataProviders
.Current
.GetMetadataForType(null, model.GetType());
var props = model.GetType().GetProperties();
foreach (var p in metaData.Properties)
{
if (p.AdditionalValues.ContainsKey("WhiteList"))
{
var whiteListDictionary = (Dictionary<string, object>) p.AdditionalValues["WhiteList"];
var key = "canread";
if (whiteListDictionary.ContainsKey(key))
{
var value = (bool) whiteListDictionary[key];
if (!value)
{
RemoveUnwanted(modelState, model, p.PropertyName);
}
}
}
}
}
To recap my interpretation of your question:
Field access is dynamic; some users may be able to write to a field and some may not.
You have a solution to control this in the view.
You want to prevent a malicious form submission from sending restricted properties, which the model binder will then assign to your model.
Perhaps something like this?
// control general access to the method with attributes
[HttpPost, SomeOtherAttributes]
public ViewResult Edit( Foo model ){
// presumably, you must know the user to apply permissions?
DemandFieldAuthorization( model, user );
// if the prior call didn't throw, continue as usual
if (!ModelState.IsValid){
return View(dto);
}
return View(dto);
}
private void DemandFieldAuthorization<T>( T model, User user ){
// read the model's property metadata
// check the user's permissions
// check the actual POST message
// throw if unauthorized
}
I wrote an extension method a year or so ago that has stood me in good stead a couple of times since. I hope this is of some help, despite not being perhaps the full solution for you. It essentially only allows validation on the fields that have been present on the form sent to the controller:
internal static void ValidateOnlyIncomingFields(this ModelStateDictionary modelStateDictionary, FormCollection formCollection)
{
IEnumerable<string> keysWithNoIncomingValue = null;
IValueProvider valueProvider = null;
try
{
// Transform into a value provider for linq/iteration.
valueProvider = formCollection.ToValueProvider();
// Get all validation keys from the model that haven't just been on screen...
keysWithNoIncomingValue = modelStateDictionary.Keys.Where(keyString => !valueProvider.ContainsPrefix(keyString));
// ...and clear them.
foreach (string errorKey in keysWithNoIncomingValue)
modelStateDictionary[errorKey].Errors.Clear();
}
catch (Exception exception)
{
Functions.LogError(exception);
}
}
Usage:
ModelState.ValidateOnlyIncomingFields(formCollection);
And you'll need a FormCollection parameter on your ActionResult declaration, of course:
public ActionResult MyAction (FormCollection formCollection) {