We have an api used to get data of products:
public IHttpActionResult GetProducts(ProductFilter productFilter)
{
try
{
.....
}
catch(Exception)
{
throw new OurCustomException();
}
}
and
public class ProductFilter
{
[RegularExpression(#"^[a-zA-Z0-9]{11}$")]
public String Number { get; set; }
.....
}
Here is what i want:
When send GET /api/products?number=Test1234567 it will return information of a product with the number "Test1234567"
When send GET /api/products?number= it will return error because the empty string does not match the regex
When send GET /api/products it will return information of all products
So can you suggest me any way to do this by using just Validation Attribute, since we have a common method to handle ValidationException and we cannot throw ValidationException from method GetProducts. I have tried to use [Required] and [DisplayFormat(ConvertEmptyStringToNull = false)] on Number but none of them worked.
And please also inform me if it is impossible.
EDIT: I think your problem is that you are not passing full model as parameter - your are getting null once binder tries to bind query string. This is not a problem with your regex. To get it working you should make q request like GET /api/products?number=&prop1=some_value&prop2=some_value
Original answer:
I think changing your regex to:
public class ProductFilter
{
[RegularExpression(#"^(|[a-zA-Z0-9]{11})$")]
public String Number { get; set; }
.....
}
should do a trick.
However MSDN documentation states that:
If the value of the property is null or an empty string (""), the
value automatically passes validation for the
RegularExpressionAttribute attribute.
So it should work anyway. Additionally we can check RegularExpression code:
public override bool IsValid(object value)
{
this.SetupRegex();
string input = Convert.ToString(value, (IFormatProvider) CultureInfo.CurrentCulture);
if (string.IsNullOrEmpty(input))
return true;
Match match = this.Regex.Match(input);
if (match.Success && match.Index == 0)
return match.Length == input.Length;
return false;
}
as you can see, it allows null or empty input so your problem is rather different.
Related
Wanting to create custom data annotation validation. Are there any useful guides / samples on how to create them?
Firstly:
StringLength with minimum and maximum length. I'm aware .NET 4 can do this, but want to do the same in .NET 3.5, if possible being able to define minimum length only (at least x chars), maximum length only (up to x chars), or both (between x and y chars).
Secondly:
Validation using modulus arithmetic - if the number is a valid length, I wish to validate using the Modulus 11 algorithm (I have already implemented it in JavaScript, so I guess it would just be a simple porting?)
Update:
Solved second problem, was just a case of copying over the JavaScript implementation and making a few tweaks, so don't need a solution for that.
To create a custom data annotation validator follow these gudelines:
Your class has to inherit from System.ComponentModel.DataAnnotations.ValidationAttribute class.
Override bool IsValid(object value) method and implement validation logic inside it.
That's it.
IMPORTANT Caution
Sometimes developers check that value is not null/empty and return false. This is usually incorrect behaviour, because that's on Required validator to check which means that your custom validators should only validate non-null data but return true otherwise (see example). This will make them usable on mandatory (required) and non-mandatory fields.
Example
public class StringLengthRangeAttribute : ValidationAttribute
{
public int Minimum { get; set; }
public int Maximum { get; set; }
public StringLengthRangeAttribute()
{
this.Minimum = 0;
this.Maximum = int.MaxValue;
}
public override bool IsValid(object value)
{
string strValue = value as string;
if (!string.IsNullOrEmpty(strValue))
{
int len = strValue.Length;
return len >= this.Minimum && len <= this.Maximum;
}
return true;
}
}
All properties can be set in attribute as you wish to set them.
Some examples:
[Required]
[StringLengthRange(Minimum = 10, ErrorMessage = "Must be >10 characters.")]
[StringLengthRange(Maximum = 20)]
[Required]
[StringLengthRange(Minimum = 10, Maximum = 20)]
When a particular property isn't set, its value is set in the constructor, so it always has a value. In above usage examples I deliberately added the Required validator as well, so it's in sync with the above caution I've written.
Important
So this validator will still work on your model value that's not required, but when it's present it validates (think of a text field in a web form, that's not required, but if a user enters a value in, it has to be valid).
Use the CustomValidationAttribute together with a validate function with signature
public static ValidationResult Validate(MyType x, ValidationContext context)
Example (for a string property)
using System.ComponentModel.DataAnnotations;
public class MyClass
{
[CustomValidation(typeof(MyClass), "Validate")]
public string MyProperty { get; set; }
public static ValidationResult Validate(string x, ValidationContext context)
{
return (x == "valid")
? new ValidationResult(null)
: ValidationResult.Success;
}
}
I know this is a really old topic but I had trouble finding the answer I actually wanted until I found this answer.
To summarise it, you need to configure the service on startup, creating appropriate objects that handle the error you want to return:
services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2).ConfigureApiBehaviorOptions(options =>
{
options.InvalidModelStateResponseFactory = (context) =>
{
var errors = context.ModelState.Values.SelectMany(x => x.Errors.Select(p => new ErrorModel()
{
ErrorCode = ((int)HttpStatusCode.BadRequest).ToString(CultureInfo.CurrentCulture),
ErrorMessage = p.ErrorMessage,
ServerErrorMessage = string.Empty
})).ToList();
var result = new BaseResponse
{
Error = errors,
ResponseCode = (int)HttpStatusCode.BadRequest,
ResponseMessage = ResponseMessageConstants.VALIDATIONFAIL,
};
return new BadRequestObjectResult(result);
};
});
I'm using entity framework code first in an ASP MVC project, and I'd like to change the error message that appears for validation of a numeric type.
I have a property like
public decimal Amount1 { get; set; }
If I enter a non-number in the field, I get the message: The field Amount1 must be a number. How do I change that message?
For other validations, like Required I can just use the ErrorMessage parameter like: [Required(ErrorMessage = "My message...")]
Is there something similar for validating types?
Thank you.
Unfortunately Microsoft didn't expose any interfaces to change the default messages.
But if you are desperate enough to change these non friendly messages, you can do so by creating validation attribute for decimal, creating corresponding validator and finally register it with DataAnnotationsModelValidatorProvider at the application startup. Hope this helps.
UPDATE:
Sample below
Step 1: Create validation attribute
[AttributeUsage(AttributeTargets.Field | AttributeTargets.Method | AttributeTargets.Parameter | AttributeTargets.Property, AllowMultiple = false)]
public class ValidDecimalAttribute : ValidationAttribute
{
protected override ValidationResult IsValid(object value, ValidationContext validationContext) {
if (value == null || value.ToString().Length == 0) {
return ValidationResult.Success;
}
decimal d;
return !decimal.TryParse(value.ToString(), out d) ? new ValidationResult(ErrorMessage) : ValidationResult.Success;
}
}
Step 2: Create validator
public class ValidDecimalValidator : DataAnnotationsModelValidator<ValidDecimal>
{
public ValidDecimalValidator(ModelMetadata metadata, ControllerContext context, ValidDecimal attribute)
: base(metadata, context, attribute)
{
if (!attribute.IsValid(context.HttpContext.Request.Form[metadata.PropertyName]))
{
var propertyName = metadata.PropertyName;
context.Controller.ViewData.ModelState[propertyName].Errors.Clear();
context.Controller.ViewData.ModelState[propertyName].Errors.Add(attribute.ErrorMessage);
}
}
}
Step 3: Register the adapter in Global.asax under Application_Start() method or Main() method
DataAnnotationsModelValidatorProvider.RegisterAdapter(typeof(ValidDecimal), typeof(ValidDecimalValidator));
Step 4: Finally decorate your property in your model with this attribute
[ValidDecimal(ErrorMessage = "Only decimal numbers allowed")]
public decimal CPEHours { get; set; }
Hope it helps.
I couldn't find a clean solution. If there is something like [Required] you could override it in the same way. Only option I find is to remove and add another error into the model state. Again NOT the best option if you have better alternates, but does the job. This example only works if you have something like must be a number at the end. You can create a filter with this kind of loop:
foreach (var m in ModelState)
{
var errors = m.Value.Errors;
foreach (var error in errors)
{
if (error.ErrorMessage.EndsWith("must be a number"))
{
errors.Remove(error);
ModelState.AddModelError(m.Key, $"This is my own validation");
}
}
}
While it's not possible to change the whole message, you can at least change the string used to reference the field. Use the [Display(Name = "amount field"] attribute, like:
[BindProperty]
[Display(Name = "line length")]
public decimal? LineLength { get; set; }
If the user enters a string into a field like this, they will at least see an error message that reads "The value 'sdf' is not valid for line length."
Not a complete solution, but good enough in many scenarios.
I am currently trying to write a Web API application where one of the parameters I'd like to validate is a query parameter (that is, I wish to pass it in in the form /route?offset=0&limit=100):
[HttpGet]
public async Task<HttpResponseMessage> GetItems(
int offset = 0,
int limit = 100)
{
if (!ModelState.IsValid)
{
// Handle error
}
// Handle request
}
In particular, I want to ensure that "offset" is greater than 0, since a negative number will cause the database to throw an exception.
I went straight for the logical approach of attaching a ValidationAttribute to it:
[HttpGet]
public async Task<HttpResponseMessage> GetItems(
[Range(0, int.MaxValue)] int offset = 0,
int limit = 100)
{
if (!ModelState.IsValid)
{
// Handle error
}
// Handle request
}
This does not cause any errors at all.
After a lot of painful debugging into ASP.NET, it appears to me that this may be simply impossible. In particular, because the offset parameter is a method parameter rather than a field, the ModelMetadata is created using GetMetadataForType rather than GetMetadataForProperty, which means that the PropertyName will be null. In turn, this means that AssociatedValidatorProvider calls GetValidatorsForType, which uses an empty list of attributes even though the parameter had attributes on it.
I don't even see a way to write a custom ModelValidatorProvider in such a way as to get at that information, because the information that this was a function parameter seems to have been lost long ago. One way to do that might be to derive from the ModelMetadata class and use a custom ModelMetadataProvider as well but there's basically no documentation for any of this code so it would be a crapshoot that it actually works correctly, and I'd have to duplicate all of the DataAnnotationsModelValidatorProvider logic.
Can someone prove me wrong? Can someone show me how to get validation to work on a parameter, similar to how the BindAttribute works in MVC? Or is there an alternative way to bind query parameters that will allow the validation to work correctly?
You can create a view request model class with those 2 properties and apply your validation attributes on the properties.
public class Req
{
[Range(1, Int32.MaxValue, ErrorMessage = "Enter number greater than 1 ")]
public int Offset { set; get; }
public int Limit { set; get; }
}
And in your method, use this as the parameter
public HttpResponseMessage Post(Req model)
{
if (!ModelState.IsValid)
{
// to do :return something. May be the validation errors?
var errors = new List<string>();
foreach (var modelStateVal in ModelState.Values.Select(d => d.Errors))
{
errors.AddRange(modelStateVal.Select(error => error.ErrorMessage));
}
return Request.CreateResponse(HttpStatusCode.OK, new { Status = "Error",
Errors = errors });
}
// Model validation passed. Use model.Offset and Model.Limit as needed
return Request.CreateResponse(HttpStatusCode.OK);
}
When a request comes, the default model binder will map the request params(limit and offset, assuming they are part of the request) to an object of Req class and you will be able to call ModelState.IsValid method.
For .Net 5.0 and validating query parameters:
using System.ComponentModel.DataAnnotations;
namespace XXApi.Models
{
public class LoginModel
{
[Required]
public string username { get; set; }
public string password { get; set; }
}
}
namespace XXApi.Controllers
{
[Route("api/[controller]")]
[ApiController]
public class LoginController : ControllerBase
{
[HttpGet]
public ActionResult login([FromQuery] LoginModel model)
{
//.Net automatically validates model from the URL string
//and gets here after validation succeeded
}
}
}
if (Offset < 1)
ModelState.AddModelError(string.Empty, "Enter number greater than 1");
if (ModelState.IsValid)
{
}
We have the following
public class Model
{
[Required]
public decimal Cost { get;set; }
}
When we receive an invalid value, such as "dasd" or whatever else, I return a BadRequest:
public HttpResponseMessage Post(Model data)
{
if (!ModelState.IsValid)
{
return Request.CreateErrorResponse(HttpStatusCode.BadRequest, ModelState);
}
return Request.CreateResponse(HttpStatusCode.OK);
}
But in the response, the json looks like:
{
"message": "The request is invalid.",
"modelState": {
"data.cost": ["Could not convert string to decimal: dasd. Path 'cost', line 1, position 181."],
}
}
First of all, how can I get rid of the data. prefix?
Also, I would like to implement a custom validator, something like MustBeDecimal attribute that could allow me to return more userfriendly error
message.
The Web API framework binds "dasd" to a decimal and it fails because it is not possible to convert "dasd" to decimal. Obviously, binding has to happen before validation. If you change decimal to string, binding will be okay and your regex validation will run and ModelState will be invalid but in this case also, the prefix that do you do not want to be present will be present.
The Validate method of DefaultBodyModelValidator has this keyPrefix parameter, which is used to create the prefix. Unfortunately, this method is not marked virtual for you to override. So, you will need to do something like this (see the first part).
You can set an errormessage on the RegularExpression data-annotation attribute. Is there any reason you can't use this?
public class Model
{
[Required]
[RegularExpression(#"^\d+.\d{0,2}$",ErrorMessage = "You didn't enter a decimal!")]
public decimal Cost { get;set; }
}
Here's the code:
public class MessagesController
{
public virtual ActionResult Compose(ComposeMessageViewModel composeMessageViewModel = null)
{
if (composeMessageViewModel == null)
{
// never executed as composeMessageViewModel is always not null
composeMessageViewModel = new ComposeMessageViewModel();
}
return View(composeMessageViewModel);
}
}
And the definition of ComposeMessageViewModel
public class ComposeMessageViewModel
{
[DisplayName("To:")]
[NotEmpty] //custom ValidationAttribute
public IEnumerable<MessageRecipientViewModel> Recipients { get; set; }
[DisplayName("Subject:")]
public string Subject { get; set; }
public string Body { get; set; }
}
The problem is, when I navigate to /Messages/Compose (no query string, no form parameters), I'm expecting the parameter to be null so that no validation errors would occur, but it's an actual object with all its fields/properties set to default values.
This is undesirable as it causes the validation for the model to be executed, when it should not be as nothing has been entered yet!
There's no custom ModelBinder set for this class, and the default ModelBinder has not been changed.
WTF?
Isn't that what your code is doing - creating an object with default values?
if (composeMessageViewModel == null)
{
composeMessageViewModel = new ComposeMessageViewModel();
}
The true answer: PEBKAC. I originally had a Send action which, if validation failed, I thought I would have to redirect to the Compose action for some reason instead of just returning the appropriate view with the appropriate ViewModel. Duuuuuuuh. :)