Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Strings which are only numbers causes issues. #223

Closed
nareshjois opened this issue Jul 7, 2015 · 2 comments · Fixed by #231 or #265
Closed

Strings which are only numbers causes issues. #223

nareshjois opened this issue Jul 7, 2015 · 2 comments · Fixed by #231 or #265
Assignees
@bajtos
Labels
bug
Milestone
#Epic: Coercion C...

Comments

@nareshjois
Copy link

say a request is just
{ "data" : { "customerId" : "2343546576878989879789" } }

The Coerce function is over enthusiastic and parses the customerId to 234354657687898987 to 234354657687898980, this leads to incorrect values being passed around, Either the Regex test for isFloat needs to be corrected to handle numbers which javascript is good with or strings need not be parsed to floats as a whole.
STRML added a commit to STRML/strong-remoting that referenced this issue Aug 4, 2015
@STRML
Refactor and rework http coercion.
3901c28 
This fixes a number of subtle bugs and restricts "sloppy"
argument coercion (e.g. 'true' to the bool true) to string-only
HTTP datasources like querystrings and headers.

Fixes strongloop#223 (coerced Number past MAX_SAFE_INTEGER)
Possible fix for strongloop#208
@STRML STRML mentioned this issue Aug 4, 2015
Merged
STRML added a commit to STRML/strong-remoting that referenced this issue Sep 16, 2015
@STRML
Refactor and rework http coercion.
6ffa963 
This fixes a number of subtle bugs and restricts "sloppy"
argument coercion (e.g. 'true' to the bool true) to string-only
HTTP datasources like querystrings and headers.

Fixes strongloop#223 (coerced Number past MAX_SAFE_INTEGER)
Possible fix for strongloop#208
STRML added a commit to STRML/strong-remoting that referenced this issue Dec 9, 2015
@STRML
Refactor and rework http coercion.
2e698c1 
This fixes a number of subtle bugs and restricts "sloppy"
argument coercion (e.g. 'true' to the bool true) to string-only
HTTP datasources like querystrings and headers.

Fixes strongloop#223 (coerced Number past MAX_SAFE_INTEGER)
Possible fix for strongloop#208
bajtos pushed a commit that referenced this issue Dec 14, 2015
@STRML @bajtos
Refactor and rework http coercion.
b924a79 
This fixes a number of subtle bugs and restricts "sloppy"
argument coercion (e.g. 'true' to the bool true) to string-only
HTTP datasources like querystrings and headers.

Fixes #223 (coerced Number past MAX_SAFE_INTEGER)
Possible fix for #208
@bajtos bajtos mentioned this issue Dec 14, 2015
Merged
@bajtos bajtos self-assigned this Dec 14, 2015
@bajtos bajtos reopened this Jan 5, 2016
@bajtos bajtos added the bug label Jan 5, 2016
davidcheung pushed a commit that referenced this issue Jan 26, 2016
@STRML
Refactor and rework http coercion.
73f5760 
This fixes a number of subtle bugs and restricts "sloppy"
argument coercion (e.g. 'true' to the bool true) to string-only
HTTP datasources like querystrings and headers.

Fixes #223 (coerced Number past MAX_SAFE_INTEGER)
Possible fix for #208
@bajtos bajtos added this to the #Epic: Coercion Cleanup milestone May 4, 2016
@bajtos
Copy link
Member

bajtos commented May 27, 2016

say a request is just
{ "data" : { "customerId" : "2343546576878989879789" } }

The Coerce function is over enthusiastic and parses the customerId to 234354657687898987 to 234354657687898980, this leads to incorrect values being passed around, Either the Regex test for isFloat needs to be corrected to handle numbers which javascript is good with or strings need not be parsed to floats as a whole.

Hello @nareshjois, I am writing an extensive test suite in #304 to capture the current behaviour of our coercion algorithm in different edge cases. I have difficulties reproducing your problem, could you please help me by providing more information?

AFAICT, in the current strong-remoting version:

when you specify:

    setRemoting(PersistedModel.prototype, 'updateAttributes', {
      description: 'Update attributes for a model instance and persist it into the data source.',
      accessType: 'WRITE',
      accepts: { arg: 'data', type: 'object', http: { source: 'body' }, description: 'An object of model property name/value pairs' },
      returns: { arg: 'data', type: typeName, root: true },
      http: { verb: 'put', path: '/' },
    });

and POST a request with JSON body

{ "data" : { "customerId" : "2343546576878989879789" } }

then no coercion is applied and the input ("accepts") argument is set to

{ "data" : { "customerId" : "2343546576878989879789" } }

The same applies when the input argument specified http.source: "form", in which case data becomes

{ "customerId" : "2343546576878989879789" }

What am I missing?

Is it possible that this issue has been already fixed in v2.16.1 by 34b0665?

/cc @STRML

bajtos pushed a commit that referenced this issue Aug 18, 2016
@STRML @bajtos
Refactor and rework http coercion.
3aadca1 
This fixes a number of subtle bugs and restricts "sloppy"
argument coercion (e.g. 'true' to the bool true) to string-only
HTTP datasources like querystrings and headers.

Fixes #223 (coerced Number past MAX_SAFE_INTEGER)
Possible fix for #208
@bajtos
Copy link
Member

bajtos commented Sep 13, 2016

Closing as fixed.

@bajtos bajtos closed this as completed Sep 13, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bajtos bajtos

Labels
bug
Projects
None yet
Milestone
#Epic: Coercion Cleanup
2 participants
@nareshjois @bajtos