-
-
Notifications
You must be signed in to change notification settings - Fork 283
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FEAT] Non-nullable properties in requestBody can be null
and are not coerced into the correct type
#2355
Comments
Hello @markusenglund See you |
I'm well aware of the I'm not trying to get the API to accept |
Ok understood. The reason is the coerceType is neccessary to accept number a string field and vice versa. I won’t change that because it’s acceptable to use type coercion in this case. but i don’t want to use the coercion result performed by ajv because it’s the json-mapper to make it that. your issue is correct but it’s related to ajv. I tried many config with ajv but this is the best config that match the expected behavior actually. See you |
I see. Maybe it should be fixed in Json-mapper then? I saw that there are tests that imply that not converting Do you agree generally that this is something that should be fixed? There are security implications for letting users send in |
For this is the validator responsability to avoid null on field. Maybe ajv had an option to not coerce null value. |
I’ll try to take a time to find the best option ^^ |
This test is correct. null is value that can be used on String (combined with enum), when you haven't information over the property. Some teams use empty string, but other team use null. It's the same thing when a property expose a price from a Booking Engine:
This is why I don't use the coercion result from ajv: The solutionAdding a new option to let ajvService to returns the coerced value. Json-mapper won't see the difference, because the type will be correctly mapped by Ajv. Example: @Configuration({
ajv: {
returnsCoercedValue: true // let ajv Service to return the coerced value
}
}) Without class Model {
@Property()
propString: string; // null become ''
@Property()
propNumber: number; // null become 0
@Property()
propBool: boolean; // null become false
} But if Nullable decorator is used: class Model {
@Nullable(String)
propString: string | null; // keep null value
@Nullable(Number)
propNumber: number | null;
@Nullable(Boolean)
propBool: boolean | null;
} Acceptance criteria
|
It's an enhancement and not a bug. PR are welcome :) |
null
and are not coerced into the correct type
same issue #2504 |
The first problem is over AjvService. It try to coerce null to the expected type. I think has the right behavior regarding this discussion. Let AjvService coerce the expected value should resolve this issue and should make the use of |
🎉 This issue has been resolved in version 7.43.0 🎉 The release is available on:
Your semantic-release bot 📦🚀 |
Information
It's possible to send in
null
as the value for string, integer and bool properties. Unexpectedly, this will not cause a validation error and thenull
will not be coerced into the correct type.Example
Request body:
Inside the controller:
console.log(test) logs:
This is definitely not expected behavior. The problem can be fixed by setting
coerceTypes: false
in the AJV options, however that's not what we want to do.The problem seems to stem from the fact that the TS.ED code uses
coerceTypes: true
but then validates a deepCloned version of the object and returns the original version of the object that doesn't have the corrected types (https://github.com/tsedio/tsed/blob/production/packages/specs/ajv/src/services/AjvService.ts). Is there a reason for that?Acceptance criteria
null
should be correctly case into the correct schema type.The text was updated successfully, but these errors were encountered: