Form submit validation and error handling: how to do it properly? #42
Comments
|
One could also imagine to have a client library reading the OpenAPI schemas and doing pure client side form validation. I'd bet such JS libraries do exist. Regarding server error responses I wonder if standards exist for that in the OpenAPI world. |
|
@simahawk It does not seem difficult to me to improve the content of the returned response in case of data validation error. I agree that we should return an easy to parse response (json) to ease the processing of this error on the client side. Nevertheless, as suggested by @sbidoul the use of a specialized library to validate the data on the client side could be a good idea. |
|
@sbidoul @lmignon yep, having a validation layer on client side would be nice and we should probably head to it for the long term. For the short term and for simple implementations, adding this small feature to base_rest is a big win w/ little effort I think. I can draft it if we agree on the specs ;) What about:
{
'errors': {
'$key/fieldname': '$specific_err_code',
},
'errors_message': {
'$key/fieldname': '$specific_err_message',
}
}BTW how are you handling such case w/ shopinvader? I don't see any handling of such "bad requests" 😓 |
|
@simahawk IMO, the changes to do are: Create a new kind of exception into base_rest RequestValidationError(Exception) Adapt the code into from ..exceptions import RequestValidationError
if v.validate(params):
return v.document
raise RequestValidationError(v.errors)I'm not sure about the content of the exception. Indeed, the way errors are returned depends on the library used to validate the schema. I have the feeling that we will introduce a lot of unnecessary complexity if we try to change the content of the error returned by the library validating the schema. I plan to modify this part of the code to also support a new way to specify Request and Response definition through serializable/deserializable models based on Marshmallow #41 That means that the format of the errors returned will not be the same if the validation is done by Cerberus or by Marshmallow. Regarding shopinvader, I think that there is no specific code to handle this type of error and that at this stage, it is displayed as it is to the user (BadRequest is also used for UserError/ValidationError). I would rather opt for a client-side validation via a JS library to solve this problem. (For example sway ) |
|
In any case I think we'd need to do some research on common ways to return schema validation errors in the REST/OpenAPI world before inventing our own. |
but this is the point: you want to return - possibly - always the same schema for errors. You can always attach the specific validation error to the json.
I agree. The way I propose is not far from what others do, is just less detailed. There's no official specification yet AFAIS. Quote of the conclusions: In general, the goal with error responses is to create a source of information to not only inform the user of a problem, but of the solution to that problem as well. Simply stating a problem does nothing to fix it – and the same is true of API failures. The balance then is one of usability and brevity. Being able to fully describe the issue at hand and present a usable solution needs to be balanced with ease of readability and parsability. When that perfect balance is struck, something truly powerful happens. The RFC mentioned is this https://tools.ietf.org/html/rfc7807 Another example: https://medium.com/@suhas_chatekar/return-well-formed-error-responses-from-your-rest-apis-956b5275948 My conclusion: not having something similar is worse than not having anything IMO. What do you think? |
👍 |
|
FTR I think I've found where/how errors are handled by locomotive module https://github.com/shopinvader/locomotive-shopinvader/blob/984262e9e09a38f06e8c35c4dd106d57c77966cf/lib/shop_invader/services/erp_service.rb#L120 |
|
@rousseldenis not that I know. The only change related to the problem is this #76 which allows to pass extra info the exception when you need it. |
Ok, didn't see that PR. Can you provide pointer to usage or README ? |
|
There hasn't been any activity on this issue in the past 6 months, so it has been marked as stale and it will be closed automatically if no further activity occurs in the next 30 days. |
github-actions
bot
added
the
stale
Context
Imagine you a form that sends data to an endpoint which has its own validator.
The validator states that "country" field is required (or any other constrain).
Problem
If form data have an error you get this:
which, as far as I see, is not really nice to be handle as a response. The only way to handle it would be to parse the text of the response and look for a specific match with form fields.
This way seems very hard to handle form errors nicely.
Solutions?
@sbidoul @lmignon I wonder how you guys are handling this issue.
I think we should have a way to return a plain dict w/ detailed information on the errors w/ specific error codes. For instance:
{ 'errors': { 'country': 'missing', 'phone': 'bad_lenght', }, 'errors_message': { 'country': 'Country is required', 'phone': 'Phone number must contain XX chars', } }I'm doing something similar in cms_form and it helps very well on error handling.
BTW I'm thinking about an integration w/ cms_form to be able to define forms and expose their schema via rest api.
Possibly related to #2.
Thanks for your insights :)
The text was updated successfully, but these errors were encountered: