Merge pull request #523 from deepjyoti30Alt/fix/optional-form-validation

rishabhpoddar · web-flow · commit dd17c8b23b85 · 2024-09-03T17:40:47.000+05:30
Fix optional form validation
diff --git a/supertokens_python/recipe/emailpassword/api/utils.py b/supertokens_python/recipe/emailpassword/api/utils.py
@@ -34,19 +34,26 @@ async def validate_form_or_throw_error(
     tenant_id: str,
 ):
     validation_errors: List[ErrorFormField] = []
-    if len(config_form_fields) != len(inputs):
-        raise_bad_input_exception("Are you sending too many / too few formFields?")
+    if len(config_form_fields) < len(inputs):
+        raise_bad_input_exception("Are you sending too many formFields?")
 
     for field in config_form_fields:
         input_field: Union[None, FormField] = find_first_occurrence_in_list(
             lambda x: x.id == field.id, inputs
         )
-        if input_field is None or (input_field.value == "" and not field.optional):
+        is_invalid_value = input_field is None or input_field.value == ""
+        if not field.optional and is_invalid_value:
             validation_errors.append(ErrorFormField(field.id, "Field is not optional"))
-        else:
-            error = await field.validate(input_field.value, tenant_id)
-            if error is not None:
-                validation_errors.append(ErrorFormField(field.id, error))
+            continue
+
+        # If the field was invalid and not optional, execution won't reach here.
+        # so we need to skip it if  the value is invalid and optional.
+        if is_invalid_value:
+            continue
+
+        error = await field.validate(input_field.value, tenant_id)
+        if error is not None:
+            validation_errors.append(ErrorFormField(field.id, error))
 
     if len(validation_errors) != 0:
         # raise BadInputError(msg="Error in input formFields")
diff --git a/tests/emailpassword/test_signin.py b/tests/emailpassword/test_signin.py
@@ -16,8 +16,8 @@
 
 from fastapi import FastAPI
 from fastapi.requests import Request
-from tests.testclient import TestClientWithNoCookieJar as TestClient
 from pytest import fixture, mark
+
 from supertokens_python import InputAppInfo, SupertokensConfig, init
 from supertokens_python.asyncio import delete_user, get_user_count
 from supertokens_python.framework.fastapi import get_middleware
@@ -31,6 +31,7 @@
     refresh_session,
 )
 from supertokens_python.utils import is_version_gte
+from tests.testclient import TestClientWithNoCookieJar as TestClient
 from tests.utils import (
     clean_st,
     extract_all_cookies,
@@ -424,9 +425,11 @@ async def test_bad_input_not_a_JSON_to_signin_api(driver_config_client: TestClie
 
     response_2 = driver_config_client.post(url="/auth/signin", json={"x": "y"})
 
-    assert response_2.status_code == 400
+    assert response_2.status_code == 200
     dict_response = json.loads(response_2.text)
-    assert dict_response["message"] == "Are you sending too many / too few formFields?"
+    assert dict_response["status"] == "FIELD_ERROR"
+    assert len(dict_response["formFields"]) == 2
+    assert dict_response["formFields"][0]["error"] == "Field is not optional"
 
 
 @mark.asyncio
@@ -456,9 +459,11 @@ async def test_bad_input_not_a_JSON_to_signin_API(driver_config_client: TestClie
 
     response_2 = driver_config_client.post(url="/auth/signin", json={"x": "y"})
 
-    assert response_2.status_code == 400
+    assert response_2.status_code == 200
     dict_response = json.loads(response_2.text)
-    assert dict_response["message"] == "Are you sending too many / too few formFields?"
+    assert dict_response["status"] == "FIELD_ERROR"
+    assert len(dict_response["formFields"]) == 2
+    assert dict_response["formFields"][0]["error"] == "Field is not optional"
 
 
 @mark.asyncio
@@ -580,7 +585,12 @@ async def test_formFields_has_no_email_field(driver_config_client: TestClient):
         json={"formFields": [{"id": "password", "value": "validpassword123"}]},
     )
 
-    assert response_2.status_code == 400
+    assert response_2.status_code == 200
+    dict_response = json.loads(response_2.text)
+    assert dict_response["status"] == "FIELD_ERROR"
+    assert len(dict_response["formFields"]) == 1
+    assert dict_response["formFields"][0]["error"] == "Field is not optional"
+    assert dict_response["formFields"][0]["id"] == "email"
 
 
 @mark.asyncio
@@ -613,7 +623,12 @@ async def test_formFields_has_no_password_field(driver_config_client: TestClient
         json={"formFields": [{"id": "email", "value": "randomgmail.com"}]},
     )
 
-    assert response_2.status_code == 400
+    assert response_2.status_code == 200
+    dict_response = json.loads(response_2.text)
+    assert dict_response["status"] == "FIELD_ERROR"
+    assert len(dict_response["formFields"]) == 2
+    assert dict_response["formFields"][0]["error"] == "Field is not optional"
+    assert dict_response["formFields"][1]["error"] == "Email is not valid"
 
 
 @mark.asyncio
@@ -658,4 +673,135 @@ async def test_delete_user(driver_config_client: TestClient):
         assert error_raised
 
 
+@mark.asyncio
+async def test_optional_custom_field_without_input(driver_config_client: TestClient):
+    init(
+        supertokens_config=SupertokensConfig("http://localhost:3567"),
+        app_info=InputAppInfo(
+            app_name="SuperTokens Demo",
+            api_domain="http://api.supertokens.io",
+            website_domain="http://supertokens.io",
+            api_base_path="/auth",
+        ),
+        framework="fastapi",
+        recipe_list=[
+            emailpassword.init(
+                sign_up_feature=emailpassword.InputSignUpFeature(
+                    form_fields=[
+                        emailpassword.InputFormField("test_field", optional=True)
+                    ]
+                )
+            ),
+            session.init(get_token_transfer_method=lambda _, __, ___: "cookie"),
+        ],
+    )
+    start_st()
+
+    response_1 = sign_up_request(
+        driver_config_client, "random@gmail.com", "validpassword123"
+    )
+    assert response_1.status_code == 200
+    dict_response = json.loads(response_1.text)
+    assert dict_response["status"] == "OK"
+
+    response_2 = driver_config_client.post(
+        url="/auth/signin",
+        json={
+            "formFields": [
+                {"id": "email", "value": "random@gmail.com"},
+                {"id": "password", "value": "validpassword123"},
+            ]
+        },
+    )
+
+    assert response_2.status_code == 200
+    dict_response = json.loads(response_2.text)
+    assert dict_response["status"] == "OK"
+
+
+@mark.asyncio
+async def test_too_many_fields(driver_config_client: TestClient):
+    init(
+        supertokens_config=SupertokensConfig("http://localhost:3567"),
+        app_info=InputAppInfo(
+            app_name="SuperTokens Demo",
+            api_domain="http://api.supertokens.io",
+            website_domain="http://supertokens.io",
+            api_base_path="/auth",
+        ),
+        framework="fastapi",
+        recipe_list=[
+            emailpassword.init(
+                sign_up_feature=emailpassword.InputSignUpFeature(
+                    form_fields=[
+                        emailpassword.InputFormField("test_field", optional=True)
+                    ]
+                )
+            ),
+            session.init(get_token_transfer_method=lambda _, __, ___: "cookie"),
+        ],
+    )
+    start_st()
+
+    response_1 = sign_up_request(
+        driver_config_client, "random@gmail.com", "validpassword123"
+    )
+    assert response_1.status_code == 200
+    dict_response = json.loads(response_1.text)
+    assert dict_response["status"] == "OK"
+
+    response_2 = driver_config_client.post(
+        url="/auth/signin",
+        json={
+            "formFields": [
+                {"id": "email", "value": "random@gmail.com"},
+                {"id": "password", "value": "validpassword123"},
+                {"id": "test_field", "value": "gmail.com"},
+                {"id": "extra_field", "value": "random@gmail.com"},
+            ]
+        },
+    )
+
+    assert response_2.status_code == 400
+    dict_response = json.loads(response_2.text)
+    assert dict_response["message"] == "Are you sending too many formFields?"
+
+
+@mark.asyncio
+async def test_non_optional_custom_field_without_input(
+    driver_config_client: TestClient,
+):
+    init(
+        supertokens_config=SupertokensConfig("http://localhost:3567"),
+        app_info=InputAppInfo(
+            app_name="SuperTokens Demo",
+            api_domain="http://api.supertokens.io",
+            website_domain="http://supertokens.io",
+            api_base_path="/auth",
+        ),
+        framework="fastapi",
+        recipe_list=[
+            emailpassword.init(
+                sign_up_feature=emailpassword.InputSignUpFeature(
+                    form_fields=[
+                        emailpassword.InputFormField("test_field", optional=False)
+                    ]
+                )
+            ),
+            session.init(get_token_transfer_method=lambda _, __, ___: "cookie"),
+        ],
+    )
+    start_st()
+
+    response_1 = sign_up_request(
+        driver_config_client, "random@gmail.com", "validpassword123"
+    )
+    assert response_1.status_code == 200
+    dict_response = json.loads(response_1.text)
+    assert dict_response["status"] == "FIELD_ERROR"
+    assert len(dict_response["formFields"]) == 1
+    assert dict_response["formFields"][0]["error"] == "Field is not optional"
+    assert dict_response["formFields"][0]["id"] == "test_field"
+
+
 # TODO add few more tests
