JADNC: Required Input validation disabled for partial patching / relationships (#781)

sasman0001 · Bart Koelman · web-flow · commit 423f45f36dd6 · 2020-06-16T11:09:59.000+02:00
Fixes #472 This feature allows the Required validator to be disabled. This will allow partial patching in the case that the attribute is excluded from a patch. Validation is applied when the attribute is present in post or patch. Required validation also disabled for a relationships attributes (in attempt to fix [#472 (comment)](#472 (comment))). Co-authored-by: Bart Koelman <bart@degreed.com>
diff --git a/Directory.Build.props b/Directory.Build.props
@@ -18,4 +18,4 @@
     <BogusVersion>29.0.1</BogusVersion>
     <MoqVersion>4.13.1</MoqVersion>
   </PropertyGroup>
-</Project>
+</Project>
diff --git a/benchmarks/Serialization/JsonApiDeserializerBenchmarks.cs b/benchmarks/Serialization/JsonApiDeserializerBenchmarks.cs
@@ -8,6 +8,7 @@
 using JsonApiDotNetCore.Models;
 using JsonApiDotNetCore.Serialization;
 using JsonApiDotNetCore.Serialization.Server;
+using Microsoft.AspNetCore.Http;
 using Newtonsoft.Json;
 
 namespace Benchmarks.Serialization
@@ -38,8 +39,7 @@ public JsonApiDeserializerBenchmarks()
             var options = new JsonApiOptions();
             IResourceGraph resourceGraph = DependencyFactory.CreateResourceGraph(options);
             var targetedFields = new TargetedFields();
-
-            _jsonApiDeserializer = new RequestDeserializer(resourceGraph, new DefaultResourceFactory(new ServiceContainer()), targetedFields);
+            _jsonApiDeserializer = new RequestDeserializer(resourceGraph, new DefaultResourceFactory(new ServiceContainer()), targetedFields, new HttpContextAccessor());
         }
 
         [Benchmark]
diff --git a/docs/usage/options.md b/docs/usage/options.md
@@ -88,4 +88,12 @@ If you would like to use ASP.NET Core ModelState validation into your controller
 ```c#
 options.ValidateModelState = true;
 ```
+You will need to use the JsonApiDotNetCore 'IsRequiredAttribute' instead of the built-in 'RequiredAttribute' because it contains modifications to enable partial patching.
 
+```c#
+public class Person : Identifiable
+{
+    [IsRequired(AllowEmptyStrings = true)]
+    public string FirstName { get; set; }
+}
+```
diff --git a/src/Examples/JsonApiDotNetCoreExample/Models/Article.cs b/src/Examples/JsonApiDotNetCoreExample/Models/Article.cs
@@ -7,6 +7,7 @@ namespace JsonApiDotNetCoreExample.Models
     public sealed class Article : Identifiable
     {
         [Attr]
+        [IsRequired(AllowEmptyStrings = true)]
         public string Name { get; set; }
 
         [HasOne]
diff --git a/src/Examples/JsonApiDotNetCoreExample/Models/Author.cs b/src/Examples/JsonApiDotNetCoreExample/Models/Author.cs
@@ -6,6 +6,7 @@ namespace JsonApiDotNetCoreExample.Models
     public sealed class Author : Identifiable
     {
         [Attr]
+        [IsRequired(AllowEmptyStrings = true)]
         public string Name { get; set; }
 
         [HasMany]
diff --git a/src/JsonApiDotNetCore/Extensions/HttpContextExtensions.cs b/src/JsonApiDotNetCore/Extensions/HttpContextExtensions.cs
@@ -14,5 +14,17 @@ internal static void SetJsonApiRequest(this HttpContext httpContext)
         {
             httpContext.Items["IsJsonApiRequest"] = bool.TrueString;
         }
+
+        internal static void DisableValidator(this HttpContext httpContext, string propertyName, string model)
+        {
+            var itemKey = $"JsonApiDotNetCore_DisableValidation_{model}_{propertyName}";
+            httpContext.Items[itemKey] = true;
+        }
+
+        internal static bool IsValidatorDisabled(this HttpContext httpContext, string propertyName, string model)
+        {
+            return httpContext.Items.ContainsKey($"JsonApiDotNetCore_DisableValidation_{model}_{propertyName}") ||
+                   httpContext.Items.ContainsKey($"JsonApiDotNetCore_DisableValidation_{model}_Relation");
+        }
     }
 }
diff --git a/src/JsonApiDotNetCore/JsonApiDotNetCore.csproj b/src/JsonApiDotNetCore/JsonApiDotNetCore.csproj
@@ -1,4 +1,4 @@
-﻿<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <VersionPrefix>4.0.0</VersionPrefix>
     <TargetFramework>$(NetCoreAppVersion)</TargetFramework>
diff --git a/src/JsonApiDotNetCore/Models/IsRequiredAttribute.cs b/src/JsonApiDotNetCore/Models/IsRequiredAttribute.cs
@@ -0,0 +1,24 @@
+using System.ComponentModel.DataAnnotations;
+using Microsoft.AspNetCore.Http;
+using Microsoft.Extensions.DependencyInjection;
+using JsonApiDotNetCore.Extensions;
+
+namespace JsonApiDotNetCore.Models
+{
+    public sealed class IsRequiredAttribute : RequiredAttribute
+    {
+        private bool _isDisabled;
+
+        public override bool IsValid(object value)
+        {
+            return _isDisabled || base.IsValid(value);
+        }
+
+        protected override ValidationResult IsValid(object value, ValidationContext validationContext)
+        {
+            var httpContextAccessor = (IHttpContextAccessor)validationContext.GetRequiredService(typeof(IHttpContextAccessor));
+            _isDisabled = httpContextAccessor.HttpContext.IsValidatorDisabled(validationContext.MemberName, validationContext.ObjectType.Name);
+            return _isDisabled ? ValidationResult.Success : base.IsValid(value, validationContext);
+        }
+    }
+}
diff --git a/src/JsonApiDotNetCore/Serialization/Common/BaseDocumentParser.cs b/src/JsonApiDotNetCore/Serialization/Common/BaseDocumentParser.cs
@@ -69,7 +69,7 @@ protected object Deserialize(string body)
         /// <param name="attributeValues">Attributes and their values, as in the serialized content</param>
         /// <param name="attributes">Exposed attributes for <paramref name="entity"/></param>
         /// <returns></returns>
-        protected IIdentifiable SetAttributes(IIdentifiable entity, Dictionary<string, object> attributeValues, List<AttrAttribute> attributes)
+        protected virtual IIdentifiable SetAttributes(IIdentifiable entity, Dictionary<string, object> attributeValues, List<AttrAttribute> attributes)
         {
             if (attributeValues == null || attributeValues.Count == 0)
                 return entity;
@@ -86,14 +86,15 @@ protected IIdentifiable SetAttributes(IIdentifiable entity, Dictionary<string, o
 
             return entity;
         }
+
         /// <summary>
         /// Sets the relationships on a parsed entity
         /// </summary>
         /// <param name="entity">The parsed entity</param>
         /// <param name="relationshipsValues">Relationships and their values, as in the serialized content</param>
         /// <param name="relationshipAttributes">Exposed relationships for <paramref name="entity"/></param>
         /// <returns></returns>
-        protected IIdentifiable SetRelationships(IIdentifiable entity, Dictionary<string, RelationshipEntry> relationshipsValues, List<RelationshipAttribute> relationshipAttributes)
+        protected virtual IIdentifiable SetRelationships(IIdentifiable entity, Dictionary<string, RelationshipEntry> relationshipsValues, List<RelationshipAttribute> relationshipAttributes)
         {
             if (relationshipsValues == null || relationshipsValues.Count == 0)
                 return entity;
@@ -108,7 +109,6 @@ protected IIdentifiable SetRelationships(IIdentifiable entity, Dictionary<string
                     SetHasOneRelationship(entity, entityProperties, hasOneAttribute, relationshipData);
                 else
                     SetHasManyRelationship(entity, (HasManyAttribute)attr, relationshipData);
-
             }
             return entity;
         }
diff --git a/src/JsonApiDotNetCore/Serialization/Server/RequestDeserializer.cs b/src/JsonApiDotNetCore/Serialization/Server/RequestDeserializer.cs
@@ -1,8 +1,12 @@
-using System;
 using JsonApiDotNetCore.Exceptions;
 using JsonApiDotNetCore.Internal;
 using JsonApiDotNetCore.Internal.Contracts;
 using JsonApiDotNetCore.Models;
+using Microsoft.AspNetCore.Http;
+using System.Collections.Generic;
+using System.Reflection;
+using JsonApiDotNetCore.Extensions;
+using System.Net.Http;
 
 namespace JsonApiDotNetCore.Serialization.Server
 {
@@ -12,11 +16,13 @@ namespace JsonApiDotNetCore.Serialization.Server
     public class RequestDeserializer : BaseDocumentParser, IJsonApiDeserializer
     {
         private readonly ITargetedFields  _targetedFields;
+        private readonly IHttpContextAccessor _httpContextAccessor;
 
-        public RequestDeserializer(IResourceContextProvider contextProvider, IResourceFactory resourceFactory, ITargetedFields  targetedFields) 
+        public RequestDeserializer(IResourceContextProvider contextProvider, IResourceFactory resourceFactory, ITargetedFields  targetedFields, IHttpContextAccessor httpContextAccessor) 
             : base(contextProvider, resourceFactory)
         {
             _targetedFields = targetedFields;
+            _httpContextAccessor = httpContextAccessor;
         }
 
         /// <inheritdoc/>
@@ -50,5 +56,40 @@ protected override void AfterProcessField(IIdentifiable entity, IResourceField f
             else if (field is RelationshipAttribute relationship)
                 _targetedFields.Relationships.Add(relationship);
         }
+
+        protected override IIdentifiable SetAttributes(IIdentifiable entity, Dictionary<string, object> attributeValues, List<AttrAttribute> attributes)
+        {
+            if (_httpContextAccessor.HttpContext.Request.Method == HttpMethod.Patch.Method)
+            {
+                foreach (AttrAttribute attr in attributes)
+                {
+                    if (attr.PropertyInfo.GetCustomAttribute<IsRequiredAttribute>() != null)
+                    {
+                        bool disableValidator = attributeValues == null || attributeValues.Count == 0 ||
+                                                !attributeValues.TryGetValue(attr.PublicAttributeName, out _);
+
+                        if (disableValidator)
+                        {
+                            _httpContextAccessor.HttpContext.DisableValidator(attr.PropertyInfo.Name, entity.GetType().Name);
+                        }
+                    }
+                }
+            }
+
+            return base.SetAttributes(entity, attributeValues, attributes);
+        }
+
+        protected override IIdentifiable SetRelationships(IIdentifiable entity, Dictionary<string, RelationshipEntry> relationshipsValues, List<RelationshipAttribute> relationshipAttributes)
+        {
+            // If there is a relationship included in the data of the POST or PATCH, then the 'IsRequired' attribute will be disabled for any
+            // property within that object. For instance, a new article is posted and has a relationship included to an author. In this case,
+            // the author name (which has the 'IsRequired' attribute) will not be included in the POST. Unless disabled, the POST will fail.
+            foreach (RelationshipAttribute attr in relationshipAttributes)
+            {
+                _httpContextAccessor.HttpContext.DisableValidator("Relation", attr.PropertyInfo.Name);
+            }
+
+            return base.SetRelationships(entity, relationshipsValues, relationshipAttributes);
+        }
     }
 }
diff --git a/test/JsonApiDotNetCoreExampleTests/Acceptance/ManyToManyTests.cs b/test/JsonApiDotNetCoreExampleTests/Acceptance/ManyToManyTests.cs
@@ -21,18 +21,23 @@ namespace JsonApiDotNetCoreExampleTests.Acceptance
     [Collection("WebHostCollection")]
     public sealed class ManyToManyTests
     {
-        private readonly Faker<Article> _articleFaker = new Faker<Article>()
-            .RuleFor(a => a.Name, f => f.Random.AlphaNumeric(10))
-            .RuleFor(a => a.Author, f => new Author());
+        private readonly TestFixture<TestStartup> _fixture;
 
+        private readonly Faker<Author> _authorFaker;
+        private readonly Faker<Article> _articleFaker;
         private readonly Faker<Tag> _tagFaker;
 
-        private readonly TestFixture<TestStartup> _fixture;
-
         public ManyToManyTests(TestFixture<TestStartup> fixture)
         {
             _fixture = fixture;
 
+            _authorFaker = new Faker<Author>()
+                .RuleFor(a => a.Name, f => f.Random.Words(2));
+
+            _articleFaker = new Faker<Article>()
+                .RuleFor(a => a.Name, f => f.Random.AlphaNumeric(10))
+                .RuleFor(a => a.Author, f => _authorFaker.Generate());
+
             _tagFaker = new Faker<Tag>()
                 .CustomInstantiator(f => new Tag(_fixture.GetService<AppDbContext>()))
                 .RuleFor(a => a.Name, f => f.Random.AlphaNumeric(10));
@@ -282,7 +287,7 @@ public async Task Can_Create_Many_To_Many()
             // Arrange
             var context = _fixture.GetService<AppDbContext>();
             var tag = _tagFaker.Generate();
-            var author = new Author();
+            var author = _authorFaker.Generate();
             context.Tags.Add(tag);
             context.AuthorDifferentDbContextName.Add(author);
             await context.SaveChangesAsync();
@@ -294,6 +299,10 @@ public async Task Can_Create_Many_To_Many()
                 data = new
                 {
                     type = "articles",
+                    attributes = new Dictionary<string, object>
+                    {
+                        {"name", "An article with relationships"}
+                    },
                     relationships = new Dictionary<string, dynamic>
                     {
                         {  "author",  new {
diff --git a/test/JsonApiDotNetCoreExampleTests/Acceptance/ModelStateValidationTests.cs b/test/JsonApiDotNetCoreExampleTests/Acceptance/ModelStateValidationTests.cs
diff --git a/test/JsonApiDotNetCoreExampleTests/Acceptance/ResourceDefinitions/ResourceDefinitionTests.cs b/test/JsonApiDotNetCoreExampleTests/Acceptance/ResourceDefinitions/ResourceDefinitionTests.cs
diff --git a/test/UnitTests/Models/ResourceConstructionTests.cs b/test/UnitTests/Models/ResourceConstructionTests.cs
diff --git a/test/UnitTests/Serialization/DeserializerTestsSetup.cs b/test/UnitTests/Serialization/DeserializerTestsSetup.cs
diff --git a/test/UnitTests/Serialization/Server/RequestDeserializerTests.cs b/test/UnitTests/Serialization/Server/RequestDeserializerTests.cs

Original file line number	Diff line number	Diff line change
`@@ -7,6 +7,7 @@ namespace JsonApiDotNetCoreExample.Models`
`7`	`7`	`public sealed class Article : Identifiable`
`8`	`8`	`{`
`9`	`9`	`[Attr]`
	`10`	`+ [IsRequired(AllowEmptyStrings = true)]`
`10`	`11`	`public string Name { get; set; }`
`11`	`12`
`12`	`13`	`[HasOne]`
Original file line number	Diff line number	Diff line change
`@@ -6,6 +6,7 @@ namespace JsonApiDotNetCoreExample.Models`
`6`	`6`	`public sealed class Author : Identifiable`
`7`	`7`	`{`
`8`	`8`	`[Attr]`
	`9`	`+ [IsRequired(AllowEmptyStrings = true)]`
`9`	`10`	`public string Name { get; set; }`
`10`	`11`
`11`	`12`	`[HasMany]`
Original file line number	Diff line number	Diff line change
`@@ -14,5 +14,17 @@ internal static void SetJsonApiRequest(this HttpContext httpContext)`
`14`	`14`	`{`
`15`	`15`	`httpContext.Items["IsJsonApiRequest"] = bool.TrueString;`
`16`	`16`	`}`
	`17`	`+`
	`18`	`+ internal static void DisableValidator(this HttpContext httpContext, string propertyName, string model)`
	`19`	`+ {`
	`20`	`+ var itemKey = $"JsonApiDotNetCore_DisableValidation_{model}_{propertyName}";`
	`21`	`+ httpContext.Items[itemKey] = true;`
	`22`	`+ }`
	`23`	`+`
	`24`	`+ internal static bool IsValidatorDisabled(this HttpContext httpContext, string propertyName, string model)`
	`25`	`+ {`
	`26`	`+ return httpContext.Items.ContainsKey($"JsonApiDotNetCore_DisableValidation_{model}_{propertyName}") \|\|`
	`27`	`+ httpContext.Items.ContainsKey($"JsonApiDotNetCore_DisableValidation_{model}_Relation");`
	`28`	`+ }`
`17`	`29`	`}`
`18`	`30`	`}`
Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`		`-<Project Sdk="Microsoft.NET.Sdk">`
	`1`	`+<Project Sdk="Microsoft.NET.Sdk">`
`2`	`2`	`<PropertyGroup>`
`3`	`3`	`<VersionPrefix>4.0.0</VersionPrefix>`
`4`	`4`	`<TargetFramework>$(NetCoreAppVersion)</TargetFramework>`