search

yiisoft / validator

Yii validator library
https://www.yiiframework.com/
BSD 3-Clause "New" or "Revised" License
112 stars 39 forks source link

Separate technical and non-technical error messages #546

Open arogachev opened 1 year ago

arogachev commented 1 year ago

Extracted from https://github.com/yiisoft/validator/issues/492#issuecomment-1422471435. This was discussed before. The topic raised again by @cebe.

Related - #526.

samdark commented 1 year ago

I see two potential outcomes:

  1. We won't translate such messages always returning these in English. That's less work for translators but is questionable by itself. What if that's API and I want these messages translated?
  2. Developer will be able to handle such messages in a special way. But I have no idea how. Maybe @cebe can shed a light on this matter...
BoShurik commented 1 year ago

FYI, in symfony such cases generate exceptions not violations (e.g. https://github.com/symfony/validator/blob/6.2/Constraints/BicValidator.php#L69)

samdark commented 1 year ago

I don't think it is a correct behavior since validator is meant to validate data that could be incorrect, not to throw exceptions.

cebe commented 1 year ago

Exceptions should only be thrown if the error is not caused by the user input itself, but it is hard to figure out when this is the case.

Example: String Validator Max Length=30 gets an array. On a HTML form with a normal input field this can not happen so if this happens we can not tell the user to "please do not enter an array here". This somehow ended up in the program so it should be an exception.

But figuring out in which cases to throw an exception or provide validation error is a tricky thing. I'll try to think about possible solutions.

samdark commented 1 year ago

On a HTML form with a normal input field this can not happen so if this happens we can not tell the user to "please do not enter an array here".

If that won't happen, why should we worry?

vjik commented 1 year ago

Example: String Validator Max Length=30 gets an array. On a HTML form with a normal input field this can not happen so if this happens we can not tell the user to "please do not enter an array here". This somehow ended up in the program so it should be an exception.

Two reasons:

1) User pass array instead of string (little hacker 😎). Technial message "please do not enter an array here" is OK.

2) Programmer don't prepare user input… But it's business logic. If programmer want prepare data — let him do it.

BoShurik commented 1 year ago

In case of "little hacker" it's better to additionally log such request

vjik commented 1 year ago

In case of "little hacker" it's better to additionally log such request

My thoughts for implementation:

1) Add to validation errors property code with unique code by each error types (uuid ?). It's necessary in order to distinguish specific messages (e. g., message about string is more length).

2) Add to validation errors ability set flags (e. g., "unsupported value type").

3) Create validator decorator, that will be process validation errors and do what the programmer wants (log when has errors "unsuported value type" or something else).