-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request Body not present in ctx in case plumatic schema validation failure, defined in resource. #302
Comments
Hi @mayur-tavisca, are you asking for the the processed request body to be added to the Does the information at yada/src/yada/request_body.clj Lines 79 to 80 in 7a1c69d
If the request-body has failed schema validation, it could be anything. Any change here would need to be quite careful how it exposes the information further down to avoid people accidentally processing untrusted and invalid input. |
Hi Daniel,
My use case was to log request body if schema validation fails.
It should be somewhere inside ctx in case of failure, not directly as :body but may be inside a nested map e.g. :error :invalid-request inside ctx.
What did you think?
Thanks,
Mayur
From: Daniel Compton <notifications@github.com>
Sent: Thursday, June 27, 2019 4:40 AM
To: juxt/yada <yada@noreply.github.com>
Cc: Pandey, Mayur <mapandey@tavisca.com>; Mention <mention@noreply.github.com>
Subject: Re: [juxt/yada] Request Body not present in ctx in case plumatic schema validation failure, defined in resource. (#302)
Hi @mayur-tavisca<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_mayur-2Dtavisca&d=DwMCaQ&c=h4Hco3TqWGhswFY_DB9a0ROb2nz1Kbox_73PUtgNn3M&r=8J-KwrgrDNN8ERuP7q3rLbwb6m-jd6SB_IPNni8RSeo&m=z5Z3y2KprZgWGOmLCimVBOs2VZ8gtNoQfrFS0esjHNs&s=OZZZM-TTwoVWM0EwYkwLhVLbA0HPXs6Ho0U1_xeFJrw&e=>, are you asking for the the processed request body to be added to the ctx, even if the schema validation fails? Would you want it to go where it normally goes, or somewhere else?
Does the information at https://github.com/juxt/yada/blob/7a1c69d0f6e56af9d4cb4937d835b3b27e614ecd/src/yada/request_body.clj#L79-L80<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_juxt_yada_blob_7a1c69d0f6e56af9d4cb4937d835b3b27e614ecd_src_yada_request-5Fbody.clj-23L79-2DL80&d=DwMCaQ&c=h4Hco3TqWGhswFY_DB9a0ROb2nz1Kbox_73PUtgNn3M&r=8J-KwrgrDNN8ERuP7q3rLbwb6m-jd6SB_IPNni8RSeo&m=z5Z3y2KprZgWGOmLCimVBOs2VZ8gtNoQfrFS0esjHNs&s=lMlZ53uhM0n2oSBZ5muE2Y9K39mVrekgT1xgYzL43PI&e=> get you what you need, or is there something missing from there?
If the request-body has failed schema validation, it could be anything. Any change here would need to be quite careful how it exposes the information further down to avoid people accidentally processing untrusted and invalid input.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_juxt_yada_issues_302-3Femail-5Fsource-3Dnotifications-26email-5Ftoken-3DALVOJRVISKYEDW7MHID7QG3P4PZNZA5CNFSM4H24CEF2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGODYVCBTA-23issuecomment-2D506077388&d=DwMCaQ&c=h4Hco3TqWGhswFY_DB9a0ROb2nz1Kbox_73PUtgNn3M&r=8J-KwrgrDNN8ERuP7q3rLbwb6m-jd6SB_IPNni8RSeo&m=z5Z3y2KprZgWGOmLCimVBOs2VZ8gtNoQfrFS0esjHNs&s=-095o2A63ZUSnv9ih4_STfYMWI6-4BybQTvVhEjSgNM&e=>, or mute the thread<https://urldefense.proofpoint.com/v2/url?u=https-3A__github.com_notifications_unsubscribe-2Dauth_ALVOJRRRR3G3HHOPE2ADPD3P4PZNZANCNFSM4H24CEFQ&d=DwMCaQ&c=h4Hco3TqWGhswFY_DB9a0ROb2nz1Kbox_73PUtgNn3M&r=8J-KwrgrDNN8ERuP7q3rLbwb6m-jd6SB_IPNni8RSeo&m=z5Z3y2KprZgWGOmLCimVBOs2VZ8gtNoQfrFS0esjHNs&s=ygSPYjtgKFzbGIRy6DxYblN62tm_f2sa-FpsFC4jzbE&e=>.
Unless indicated otherwise, the information contained in this message is privileged and confidential, and is intended only for the use of the addressee(s) named above and others who have been specifically authorized to receive it. If you are not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message and/or attachments is strictly prohibited. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or may contain viruses. Therefore, the company accepts no liability for any damage caused by this email. If you have received this message in error, please contact the sender and delete the message
|
If the user wants to log the request-body in case of plumatic schema validation failure, request-body is not available downstream after processing the request-body. Incoming request-body is a stream and it gets consumed and added into the ctx only if it is validated against the schema.
The text was updated successfully, but these errors were encountered: