search

teojunda / pe

0 stars 0 forks source link

Overzealous input validation for phone #8

Open teojunda opened 4 months ago

teojunda commented 4 months ago

Steps to reproduce, user runs edit 1 --phone=1234 5678 (HP) 1111-3333 (Office)

Screenshot 2024-04-19 at 4.49.19 PM.png

While application allows only one phone number in input values, a user might want to input 1234 5678 (HP) 1111-3333 (Office) -- blocking that input might not add any value but allowing it does.

soc-se-bot commented 4 months ago

Team's Response

Allowing this input does not add any value.

To add value, we would have to add another field called "office number".

Alternatively, secondary contact numbers can be added in the note field.

We had to restrict phone number field to contain only numbers and be at least 3 numbers long to ensure that invalid phone numbers will not be accidentally saved.

Items for the Tester to Verify

:question: Issue response

Team chose [response.Rejected]

Reason for disagreement: > Allow this input does not add any value.

This input does add value. It allows the user to store multiple phone numbers for a contact. This is extremely valuable, especially when working with vulnerable groups of people like social workers often do.

They may wish to store the contact of the client's guardian, in case the client is uncontactable and they suspect that they might be in a dangerous situation.

Otherwise, this can also allow them to store foreign numbers with country code like +60 12 345 6789, since they may work with clients from Johor who frequently travel to Singapore to work.

To add value, we would have to add another field called "office number".

As shown, in the example 1234 5678 (HP) 1111-3333 (Office), it is not necessary to add another field. It is sufficient to relax the constraints for phone number, by allowing alphabets, brackets and hyphens.

Alternatively, secondary contact numbers can be added in the note field.

Firstly, the user may not know of this workaround. Secondly, this workaround is not effective, since the user will be looking at the phone number section of a contact to look for the contact's phone numbers. If stored in the note field, this information can be easily missed if there is a lot of other information stored in the single note.

We had to restrict phone number field to contain only numbers and be at least 3 numbers long to ensure that invalid phone numbers will not be accidentally saved.

There is no purpose to having this constraint, since invalid phone numbers can still be saved. For example 00000 is an invalid phone number that can still be saved.

## :question: Issue severity Team chose [`severity.VeryLow`] Originally [`severity.Low`] - [x] I disagree **Reason for disagreement:** This is not a cosmetic issue.