Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enforce input validation against schema for patching object attributes #5696

Closed
labo-flg opened this issue Jan 25, 2024 · 1 comment
Closed

Enforce input validation against schema for patching object attributes #5696

labo-flg opened this issue Jan 25, 2024 · 1 comment
Assignees
@labo-flg
Labels
feature use for describing a new feature to develop solved use to identify issue that has been solved (must be linked to the solving PR)
Milestone
Release 6.0.6

Comments

@labo-flg
Copy link
Member

labo-flg commented Jan 25, 2024
edited
Loading

Problem

This issue appeared with the new schema definition introduced with #5392.
Patching attributes with editField was previously validated with json schema, which has been removed.

This is not an issue 99% of the time... but we introduced a new use case in #4304 : a non-multiple object attribute.

This kind of object can be updated with either a complete payload, such as

{
  "id": "4b762ee9-b2da-49fe-99d7-dfd6b9e1fe33",
  "input": {
    "key": "user_confidence_level",
    "value": {
      "max_confidence": 50,
      "overrides": []
  }
}

... or a partial "patch" update like

{
  "id": "4b762ee9-b2da-49fe-99d7-dfd6b9e1fe33",
  "input": {
    "key": "user_confidence_level",
    "object_path": "/user_confidence_level/max_confidence",
    "value": 50
}

However, nothing prevents the user from sending a complete update with a partial object, such as:

{
  "id": "4b762ee9-b2da-49fe-99d7-dfd6b9e1fe33",
  "input": {
    "key": "user_confidence_level",
    "value": {
      "max_confidence": 50,
    }
  }
}

This would still be valid for elastic, and there is no way of preventing this on elastic side (no concept of mandatory field).
The consequences are bad: the object is now partial in DB, but shall be complete for GQL (in my example, overrides cannot be null)

Solution

Enforce a validation against the schema when editing an object field.

This can be done at the earliest time (resolver) or at the bottom of the chain (just before elastic query). TBD.
-> done just before indexing, when the payload is ready.
@labo-flg labo-flg added the feature use for describing a new feature to develop label Jan 25, 2024
@labo-flg labo-flg self-assigned this Jan 25, 2024
This was referenced Jan 25, 2024
Closed
Closed
Closed
Closed
Closed
Closed
Merged
Merged
@Jipegien Jipegien added this to the Release 6.0.1 milestone Feb 16, 2024
@labo-flg labo-flg mentioned this issue Feb 20, 2024
Merged
@Jipegien Jipegien modified the milestones: Release 6.0.1, Release 6.0.2 Feb 29, 2024
@Jipegien Jipegien modified the milestones: Release 6.0.5, Release 6.0.6 Mar 4, 2024
labo-flg added a commit that referenced this issue Mar 11, 2024
@labo-flg @lndrtrbn
[backend] validate elUpdateElement input value against schema before …
7f524f6 
…indexing (#5696)

Co-authored-by: Landry Trebon <landry.trebon@filigran.io>
@labo-flg
Copy link
Member Author

Completed with #6046

@SamuelHassine SamuelHassine added the solved use to identify issue that has been solved (must be linked to the solving PR) label Mar 11, 2024
Archidoit pushed a commit that referenced this issue Jun 6, 2024
@labo-flg @lndrtrbn @Archidoit
[backend] validate elUpdateElement input value against schema before …
872ce5f 
…indexing (#5696)

Co-authored-by: Landry Trebon <landry.trebon@filigran.io>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@labo-flg labo-flg

Labels
feature use for describing a new feature to develop solved use to identify issue that has been solved (must be linked to the solving PR)
Projects
None yet
Milestone
Release 6.0.6
Development

No branches or pull requests
3 participants
@SamuelHassine @Jipegien @labo-flg