Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added validation for the user update route/UI #646

Merged
merged 15 commits into from
Mar 26, 2024
Merged

Added validation for the user update route/UI #646

merged 15 commits into from
Mar 26, 2024

Conversation

BenjaminCharmes
Copy link
Contributor

Linked to #640

Frontend:

  • Add error message and disabled submitting if display_name or contact_email isn't validated

Backend:

  • For more 'security', also add validator on the user model and in the save_user method so a user can't be updated with unvalidated data even if the form is already disabled.

ml-evs
ml-evs reviewed Mar 13, 2024
View reviewed changes
Copy link
Member

@ml-evs ml-evs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some minor immediate comments. Reviewing out of order as @jdbocarsly is going to also take a look at #627 first (which we will merge before this one).

Looks good so far, we can just discuss the right approach.

Although it seems a bit gross to have validation on both the client and server, I think it makes sense in this case since it really is easy to validate. One thing that might be missing is how the UI deals with a server-side validation, so you might want to test disabling the client side validation (e.g., making the display name max length on the client 151 and then providing a 151 char display name to the server to make sure that a nice error is returned).

pydatalab/pydatalab/routes/v0_1/users.py Outdated Show resolved Hide resolved
pydatalab/pydatalab/models/people.py Outdated Show resolved Hide resolved
pydatalab/pydatalab/models/people.py Outdated Show resolved Hide resolved
pydatalab/pydatalab/models/people.py Outdated Show resolved Hide resolved
pydatalab/pydatalab/routes/v0_1/users.py Outdated Show resolved Hide resolved
@BenjaminCharmes BenjaminCharmes linked an issue Mar 18, 2024 that may be closed by this pull request
Validate display names and contact emails #640
Closed
@ml-evs ml-evs mentioned this pull request Mar 20, 2024
Merged
@ml-evs ml-evs changed the title [WIP] Added validation for the model user Added validation for the model user Mar 20, 2024
@ml-evs ml-evs self-requested a review March 20, 2024 16:39
@ml-evs ml-evs changed the title Added validation for the model user Added validation for the user update route/UI Mar 20, 2024
ml-evs
ml-evs reviewed Mar 20, 2024
View reviewed changes
Copy link
Member

@ml-evs ml-evs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks good to me, thanks Ben! Just one comment about the display name (below) and the suggestion that we should add a simple test that the validator does what we expect.

pydatalab/pydatalab/models/people.py Outdated Show resolved Hide resolved
webapp/src/components/EditAccountSettingsModal.vue Outdated Show resolved Hide resolved
ml-evs
ml-evs reviewed Mar 25, 2024
View reviewed changes
Copy link
Member

@ml-evs ml-evs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @BenjaminCharmes, this is looking good, just a few minor comments (of things we can think about in future PRs) and one that I think should be addressed now.

pydatalab/pydatalab/models/people.py Outdated Show resolved Hide resolved
pydatalab/pydatalab/routes/v0_1/users.py Outdated Show resolved Hide resolved
pydatalab/pydatalab/models/people.py Outdated Show resolved Hide resolved
pydatalab/pydatalab/models/people.py Show resolved Hide resolved
webapp/src/components/EditAccountSettingsModal.vue Outdated Show resolved Hide resolved
ml-evs
ml-evs reviewed Mar 26, 2024
View reviewed changes
Copy link
Member

@ml-evs ml-evs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

See my comment here: https://github.com/the-grey-group/datalab/pull/646/files#r1539219700

I will remove some of the validation I asked for as we can never cover all cases, otherwise looks good!

pydatalab/pydatalab/routes/v0_1/users.py Outdated
if contact_email or contact_email in (None, ""):
if contact_email == "":
contact_email = None
update["contact_email"] = EmailStr(contact_email)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

None is not a valid EmailStr so we'll have to move that around a bit

@ml-evs
Copy link
Member

ml-evs commented Mar 26, 2024

Okay, running into a few issues (that it looks like I ran into last time I did this since an issue I opened myself 2 years ago was the first result when I googled...)

Basically the custom types defined here either work in the pydantic model OR in the the type itself, but never in both. I've just updated them so that they work in both (by making them both constrained string types in pydantic and calling their validation methods on __new__).

BenjaminCharmes and others added 14 commits March 26, 2024 15:09
@BenjaminCharmes @ml-evs
Added validators in people model and validators in frontend edit modal
7aca341 
[pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
@BenjaminCharmes @ml-evs
Added validation in save_user
19e7719 
[pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
@BenjaminCharmes @ml-evs
Update models/people.py to simplify updating the max_len value for di…
38fb419 
…splay_name

Co-authored-by: Matthew Evans <[email protected]>
@BenjaminCharmes @ml-evs
Removed unnecessary validator
05b16ff 
Removed unnecessary validator

[pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
@BenjaminCharmes @ml-evs
Update DisplayName validator with new custom type
5ff5264 
[pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
@BenjaminCharmes @ml-evs
Readd change
8fe0e18 
[pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
@BenjaminCharmes @ml-evs
Update front and back user's display_name validation
a09cddd 
Update front and back user's display_name validation

[pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
@BenjaminCharmes @ml-evs
Add test for user's model display_name validation
574f964 
[pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
@BenjaminCharmes @ml-evs
Update test for bad display_name
bc00f81
@BenjaminCharmes @ml-evs
Update user's validation
3ce076d 
[pre-commit.ci] auto fixes from pre-commit.com hooks

for more information, see https://pre-commit.ci
@ml-evs
Tweak EmailStr and DisplayName models to work both inside and outside…
c06a8c1 
… of pydantic

Display name updates in schema
@ml-evs
Tweak user route to group errors and allow for easier testing
e89d583 
Add test for display name with Chiense characters
@ml-evs
Add tests for save user endpoint
62aaa6b
@ml-evs
Renable client-side validation but weaken constraints
1bc621d
@ml-evs ml-evs self-requested a review March 26, 2024 15:11
ml-evs
ml-evs previously approved these changes Mar 26, 2024
View reviewed changes
Copy link
Member

@ml-evs ml-evs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Okay, running into a few issues (that it looks like I ran into last time I did this since an issue I opened myself 2 years ago was the first result when I googled...)

Basically the custom types defined here either work in the pydantic model OR in the the type itself, but never in both. I've just updated them so that they work in both (by making them both constrained string types in pydantic and calling their validation methods on new).

Have just tidied these up with my additional commits, as well as adding some integration tests to check that things behave. Happy to merge this now but will try to preserve the commit history so you can see what I changed @BenjaminCharmes!

Nice work and thanks again!

jdbocarsly
jdbocarsly requested changes Mar 26, 2024
View reviewed changes
Copy link
Member

@jdbocarsly jdbocarsly left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good! Tiny comment on one of the error messages.

Also, I'm noticing that when you are done with this modal and close it, the LoginDetails menu is still open. I think it would probably be more user friendly if it were closed, which you could do by changing line 28 in LoginDetails.vue to:

@click="editAccountSettingIsOpen = true; isUserDropdownVisible = false;"

webapp/src/components/EditAccountSettingsModal.vue Outdated Show resolved Hide resolved
@ml-evs ml-evs merged commit 40aaf96 into datalab-org:main Mar 26, 2024
6 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jdbocarsly jdbocarsly jdbocarsly requested changes

@ml-evs ml-evs ml-evs left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Validate display names and contact emails
3 participants
@BenjaminCharmes @ml-evs @jdbocarsly