// Copyright IBM Corp. 2013,2019. All Rights Reserved. // Node module: loopback-datasource-juggler // This file is licensed under the MIT License. // License text available at https://opensource.org/licenses/MIT 'use strict'; const g = require('strong-globalize')(); const util = require('util'); const extend = util._extend; /*! * Module exports */ exports.ValidationError = ValidationError; exports.Validatable = Validatable; /** * This class provides methods that add validation cababilities to models. * Each of the validations runs when the `obj.isValid()` method is called. * * All of the methods have an options object parameter that has a * `message` property. When there is only a single error message, this property is just a string; * for example: `Post.validatesPresenceOf('title', { message: 'can not be blank' });` * * In more complicated cases it can be a set of messages, for each possible error condition; for example: * `User.validatesLengthOf('password', { min: 6, max: 20, message: {min: 'too short', max: 'too long'}});` * @class Validatable */ function Validatable() { } /** * Validate presence of one or more specified properties. * * Requires a model to include a property to be considered valid; fails when validated field is blank. * * For example, validate presence of title * ``` * Post.validatesPresenceOf('title'); * ``` * Validate that model has first, last, and age properties: * ``` * User.validatesPresenceOf('first', 'last', 'age'); * ``` * Example with custom message * ``` * Post.validatesPresenceOf('title', {message: 'Cannot be blank'}); * ``` * * @param {String} propertyName One or more property names. * @options {Object} options Configuration parameters; see below. * @property {String} message Error message to use instead of default. * @property {String} if Validate only if `if` exists. * @property {String} unless Validate only if `unless` exists. */ Validatable.validatesPresenceOf = getConfigurator('presence'); /** * Validate absence of one or more specified properties. * * A model should not include a property to be considered valid; fails when validated field is not blank. * * For example, validate absence of reserved * ``` * Post.validatesAbsenceOf('reserved', { unless: 'special' }); * ``` * * @param {String} propertyName One or more property names. * @options {Object} options Configuration parameters; see below. * @property {String} message Error message to use instead of default. * @property {String} if Validate only if `if` exists. * @property {String} unless Validate only if `unless` exists. */ Validatable.validatesAbsenceOf = getConfigurator('absence'); /** * Validate length. * * Require a property length to be within a specified range. * * There are three kinds of validations: min, max, is. * * Default error messages: * * - min: too short * - max: too long * - is: length is wrong * * Example: length validations * ``` * User.validatesLengthOf('password', {min: 7}); * User.validatesLengthOf('email', {max: 100}); * User.validatesLengthOf('state', {is: 2}); * User.validatesLengthOf('nick', {min: 3, max: 15}); * ``` * Example: length validations with custom error messages * ``` * User.validatesLengthOf('password', {min: 7, message: {min: 'too weak'}}); * User.validatesLengthOf('state', {is: 2, message: {is: 'is not valid state name'}}); * ``` * * @param {String} propertyName Property name to validate. * @options {Object} options Configuration parameters; see below. * @property {Number} is Value that property must equal to validate. * @property {Number} min Value that property must be less than to be valid. * @property {Number} max Value that property must be less than to be valid. * @property {Object} message Optional object with string properties for custom error message for each validation: is, min, or max. */ Validatable.validatesLengthOf = getConfigurator('length'); /** * Validate numericality. * * Requires a value for property to be either an integer or number. * * Example * ``` * User.validatesNumericalityOf('age', { message: { number: 'is not a number' }}); * User.validatesNumericalityOf('age', {int: true, message: { int: 'is not an integer' }}); * ``` * * @param {String} propertyName Property name to validate. * @options {Object} options Configuration parameters; see below. * @property {Boolean} int If true, then property must be an integer to be valid. * @property {Boolean} allowBlank Allow property to be blank. * @property {Boolean} allowNull Allow property to be null. * @property {Object} message Optional object with string properties for 'int' for integer validation. Default error messages: * - number: is not a number * - int: is not an integer */ Validatable.validatesNumericalityOf = getConfigurator('numericality'); /** * Validate inclusion in set. * * Require a value for property to be in the specified array. * * Example: * ``` * User.validatesInclusionOf('gender', {in: ['male', 'female']}); * User.validatesInclusionOf('role', { * in: ['admin', 'moderator', 'user'], message: 'is not allowed' * }); * ``` * * @param {String} propertyName Property name to validate. * @options {Object} options Configuration parameters; see below. * @property {Array} in Property must match one of the values in the array to be valid. * @property {String} message Optional error message if property is not valid. * Default error message: "is not included in the list". * @property {Boolean} allowNull Whether null values are allowed. */ Validatable.validatesInclusionOf = getConfigurator('inclusion'); /** * Validate exclusion in a set. * * Require a property value not be in the specified array. * * Example: `Company.validatesExclusionOf('domain', {in: ['www', 'admin']});` * * @param {String} propertyName Property name to validate. * @options {Object} options Configuration parameters; see below. * @property {Array} in Property must not match any of the values in the array to be valid. * @property {String} message Optional error message if property is not valid. Default error message: "is reserved". * @property {Boolean} allowNull Whether null values are allowed. */ Validatable.validatesExclusionOf = getConfigurator('exclusion'); /** * Validate format. * * Require a model to include a property that matches the given format. * * Example: `User.validatesFormatOf('name', {with: /\w+/});` * * @param {String} propertyName Property name to validate. * @options {Object} options Configuration parameters; see below. * @property {RegExp} with Regular expression to validate format. * @property {String} message Optional error message if property is not valid. Default error message: " is invalid". * @property {Boolean} allowNull Whether null values are allowed. */ Validatable.validatesFormatOf = getConfigurator('format'); /** * Validate using custom validation function. * * Example: *```javascript * User.validate('name', customValidator, {message: 'Bad name'}); * function customValidator(err) { * if (this.name === 'bad') err(); * }); * var user = new User({name: 'Peter'}); * user.isValid(); // true * user.name = 'bad'; * user.isValid(); // false * ``` * * @param {String} propertyName Property name to validate. * @param {Function} validatorFn Custom validation function. * @options {Object} options Configuration parameters; see below. * @property {String} message Optional error message if property is not valid. Default error message: " is invalid". * @property {Boolean} allowNull Whether null values are allowed. */ Validatable.validate = getConfigurator('custom'); /** * Validate using custom asynchronous validation function. * * Example: *```js * User.validateAsync('name', customValidator, {message: 'Bad name'}); * function customValidator(err, done) { * process.nextTick(function () { * if (this.name === 'bad') err(); * done(); * }); * }); * var user = new User({name: 'Peter'}); * user.isValid(); // false (because async validation setup) * user.isValid(function (isValid) { * isValid; // true * }) * user.name = 'bad'; * user.isValid(); // false * user.isValid(function (isValid) { * isValid; // false * }) * ``` * * @param {String} propertyName Property name to validate. * @param {Function} validatorFn Custom validation function. * @options {Object} options Configuration parameters; see below. * @property {String} message Optional error message if property is not valid. Default error message: " is invalid". * @property {Boolean} allowNull Whether null values are allowed. */ Validatable.validateAsync = getConfigurator('custom', {async: true}); /** * Validate uniqueness of the value for a property in the collection of models. * * Not available for all connectors. Currently supported with these connectors: * - In Memory * - Oracle * - MongoDB * * ``` * // The login must be unique across all User instances. * User.validatesUniquenessOf('login'); * * // Assuming SiteUser.belongsTo(Site) * // The login must be unique within each Site. * SiteUser.validateUniquenessOf('login', { scopedTo: ['siteId'] }); * ``` * * @param {String} propertyName Property name to validate. * @options {Object} options Configuration parameters; see below. * @property {RegExp} with Regular expression to validate format. * @property {Array.} scopedTo List of properties defining the scope. * @property {String} message Optional error message if property is not valid. Default error message: "is not unique". * @property {Boolean} allowNull Whether null values are allowed. * @property {String} ignoreCase Make the validation case insensitive. * @property {String} if Validate only if `if` exists. * @property {String} unless Validate only if `unless` exists. */ Validatable.validatesUniquenessOf = getConfigurator('uniqueness', {async: true}); /** * Validate if a value for a property is a Date. * * Example * ``` * User.validatesDateOf('today', {message: 'today is not a date!'}); * ``` * * @param {String} propertyName Property name to validate. * @options {Object} options Configuration parameters; see below. * @property {String} message Error message to use instead of default. */ Validatable.validatesDateOf = getConfigurator('date'); // implementation of validators /*! * Presence validator */ function validatePresence(attr, conf, err, options) { if (blank(this[attr])) { err(); } } /*! * Absence validator */ function validateAbsence(attr, conf, err, options) { if (!blank(this[attr])) { err(); } } /*! * Length validator */ function validateLength(attr, conf, err, options) { if (nullCheck.call(this, attr, conf, err)) return; const len = this[attr].length; if (conf.min && len < conf.min) { err('min'); } if (conf.max && len > conf.max) { err('max'); } if (conf.is && len !== conf.is) { err('is'); } } /*! * Numericality validator */ function validateNumericality(attr, conf, err, options) { if (nullCheck.call(this, attr, conf, err)) return; if (typeof this[attr] !== 'number' || isNaN(this[attr])) { return err('number'); } if (conf.int && this[attr] !== Math.round(this[attr])) { return err('int'); } } /*! * Inclusion validator */ function validateInclusion(attr, conf, err, options) { if (nullCheck.call(this, attr, conf, err)) return; if (!~conf.in.indexOf(this[attr])) { err(); } } /*! * Exclusion validator */ function validateExclusion(attr, conf, err, options) { if (nullCheck.call(this, attr, conf, err)) return; if (~conf.in.indexOf(this[attr])) { err(); } } /*! * Format validator */ function validateFormat(attr, conf, err, options) { if (nullCheck.call(this, attr, conf, err)) return; if (typeof this[attr] === 'string' || typeof this[attr] === 'number') { const regex = new RegExp(conf['with']); if (!regex.test(this[attr])) { err(); } } else { err(); } } /*! * Custom validator */ function validateCustom(attr, conf, err, options, done) { if (typeof options === 'function') { done = options; options = {}; } if (!done) { // called from a sync validator, stick options on end conf.customValidator.call(this, err, options); } else { if (conf.customValidator.length === 3) { // if they declared the validator with 3 args, they are expecting options conf.customValidator.call(this, err, options, done); } else { // otherwise just pass the expected two (no context) conf.customValidator.call(this, err, done); } } } function escapeStringRegexp(str) { if (typeof str !== 'string') { throw new TypeError('Expected a string'); } const matchOperatorsRe = /[|\\{}()[\]^$+*?.]/g; return str.replace(matchOperatorsRe, '\\$&'); } /*! * Uniqueness validator */ function validateUniqueness(attr, conf, err, options, done) { if (typeof options === 'function') { done = options; options = {}; } if (blank(this[attr])) { return process.nextTick(done); } const cond = {where: {}}; if (conf && conf.ignoreCase) { cond.where[attr] = new RegExp('^' + escapeStringRegexp(this[attr]) + '$', 'i'); } else { cond.where[attr] = this[attr]; } if (conf && conf.scopedTo) { conf.scopedTo.forEach(function(k) { const val = this[k]; if (val !== undefined) cond.where[k] = this[k]; }, this); } const idName = this.constructor.definition.idName(); const isNewRecord = this.isNewRecord(); this.constructor.find(cond, options, function(error, found) { if (error) { err(error); } else if (found.length > 1) { err(); } else if (found.length === 1 && idName === attr && isNewRecord) { err(); } else if (found.length === 1 && ( !this.id || !found[0].id || found[0].id.toString() != this.id.toString() )) { err(); } done(); }.bind(this)); } /*! * Date validator */ function validateDate(attr, conf, err) { if (this[attr] === null || this[attr] === undefined) return; const date = new Date(this[attr]); if (isNaN(date.getTime())) return err(); } const validators = { presence: validatePresence, absence: validateAbsence, length: validateLength, numericality: validateNumericality, inclusion: validateInclusion, exclusion: validateExclusion, format: validateFormat, custom: validateCustom, uniqueness: validateUniqueness, date: validateDate, }; function getConfigurator(name, opts) { return function() { const args = Array.prototype.slice.call(arguments); args[1] = args[1] || {}; configure(this, name, args, opts); }; } /** * This method performs validation and triggers validation hooks. * Before validation the `obj.errors` collection is cleaned. * Each validation can add errors to `obj.errors` collection. * If collection is not blank, validation failed. * * NOTE: This method can be called as synchronous only when no asynchronous validation is * configured. It's strongly recommended to run all validations as asyncronous. * * Example: ExpressJS controller - render user if valid, show flash otherwise * ```javascript * user.isValid(function (valid) { * if (valid) res.render({user: user}); * else res.flash('error', 'User is not valid'), console.log(user.errors), res.redirect('/users'); * }); * ``` * Another example: * ```javascript * user.isValid(function (valid) { * if (!valid) { * console.log(user.errors); * // => hash of errors * // => { * // => username: [errmessage, errmessage, ...], * // => email: ... * // => } * } * }); * ``` * @callback {Function} callback Called with (valid). * @param {Object} data Data to be validated. * @param {Object} options Options to be specified upon validation. * @returns {Boolean} True if no asynchronous validation is configured and all properties pass validation. */ Validatable.prototype.isValid = function(callback, data, options) { options = options || {}; let valid = true, wait = 0, async = false; const inst = this; const validations = this.constructor.validations; const reportDiscardedProperties = this.__strict && this.__unknownProperties && this.__unknownProperties.length; // exit with success when no errors if (typeof validations !== 'object' && !reportDiscardedProperties) { cleanErrors(this); if (callback) { this.trigger('validate', function(validationsDone) { validationsDone.call(inst, function() { callback(valid); }); }, data, callback); } return valid; } Object.defineProperty(this, 'errors', { enumerable: false, configurable: true, value: new Errors, }); this.trigger('validate', function(validationsDone) { const inst = this; let asyncFail = false; const attrs = Object.keys(validations || {}); attrs.forEach(function(attr) { const attrValidations = validations[attr] || []; attrValidations.forEach(function(v) { if (v.options && v.options.async) { async = true; wait += 1; process.nextTick(function() { validationFailed(inst, attr, v, options, done); }); } else { if (validationFailed(inst, attr, v, options)) { valid = false; } } }); }); if (reportDiscardedProperties) { for (const ix in inst.__unknownProperties) { const key = inst.__unknownProperties[ix]; const code = 'unknown-property'; const msg = defaultMessages[code]; inst.errors.add(key, msg, code); valid = false; } } if (!async) { validationsDone.call(inst, function() { if (valid) cleanErrors(inst); if (callback) { callback(valid); } }); } function done(fail) { asyncFail = asyncFail || fail; if (--wait === 0) { validationsDone.call(inst, function() { if (valid && !asyncFail) cleanErrors(inst); if (callback) { callback(valid && !asyncFail); } }); } } }, data, callback); if (async) { // in case of async validation we should return undefined here, // because not all validations are finished yet return; } else { return valid; } }; function cleanErrors(inst) { Object.defineProperty(inst, 'errors', { enumerable: false, configurable: true, value: false, }); } function validationFailed(inst, attr, conf, options, cb) { const opts = conf.options || {}; if (typeof options === 'function') { cb = options; options = {}; } if (typeof attr !== 'string') return false; // here we should check skip validation conditions (if, unless) // that can be specified in conf if (skipValidation(inst, conf, 'if') || skipValidation(inst, conf, 'unless')) { if (cb) cb(false); return false; } let fail = false; const validator = validators[conf.validation]; const validatorArguments = []; validatorArguments.push(attr); validatorArguments.push(conf); validatorArguments.push(function onerror(kind) { let message, code = conf.code || conf.validation; if (conf.message) { message = conf.message; } if (!message && defaultMessages[conf.validation]) { message = defaultMessages[conf.validation]; } if (!message) { message = 'is invalid'; } if (kind) { code += '.' + kind; if (message[kind]) { // get deeper message = message[kind]; } else if (defaultMessages.common[kind]) { message = defaultMessages.common[kind]; } else { message = 'is invalid'; } } if (kind !== false) inst.errors.add(attr, message, code); fail = true; }); validatorArguments.push(options); if (cb) { validatorArguments.push(function() { cb(fail); }); } validator.apply(inst, validatorArguments); return fail; } function skipValidation(inst, conf, kind) { let doValidate = true; if (typeof conf[kind] === 'function') { doValidate = conf[kind].call(inst); if (kind === 'unless') doValidate = !doValidate; } else if (typeof conf[kind] === 'string') { if (typeof inst[conf[kind]] === 'function') { doValidate = inst[conf[kind]].call(inst); if (kind === 'unless') doValidate = !doValidate; } else if (inst.__data.hasOwnProperty(conf[kind])) { doValidate = inst[conf[kind]]; if (kind === 'unless') doValidate = !doValidate; } else { doValidate = kind === 'if'; } } return !doValidate; } const defaultMessages = { presence: 'can\'t be blank', absence: 'can\'t be set', 'unknown-property': 'is not defined in the model', length: { min: 'too short', max: 'too long', is: 'length is wrong', }, common: { blank: 'is blank', 'null': 'is null', }, numericality: { 'int': 'is not an integer', 'number': 'is not a number', }, inclusion: 'is not included in the list', exclusion: 'is reserved', uniqueness: 'is not unique', date: 'is not a valid date', }; /** * Checks if attribute is undefined or null. Calls err function with 'blank' or 'null'. * See defaultMessages. You can affect this behaviour with conf.allowBlank and conf.allowNull. * @private * @param {String} attr Property name of attribute * @param {Object} conf conf object for validator * @param {Function} err * @return {Boolean} returns true if attribute is null or blank */ function nullCheck(attr, conf, err) { // First determine if attribute is defined if (typeof this[attr] === 'undefined' || this[attr] === '') { if (!conf.allowBlank) { err('blank'); } return true; } else { // Now check if attribute is null if (this[attr] === null) { if (!conf.allowNull) { err('null'); } return true; } } return false; } /*! * Return true when v is undefined, blank array, null or empty string * otherwise returns false * * @param {Mix} v * Returns true if `v` is blank. */ function blank(v) { if (typeof v === 'undefined') return true; if (v instanceof Array && v.length === 0) return true; if (v === null) return true; if (typeof v === 'number' && isNaN(v)) return true; if (typeof v == 'string' && v === '') return true; return false; } function configure(cls, validation, args, opts) { if (!cls.validations) { Object.defineProperty(cls, 'validations', { writable: true, configurable: true, enumerable: false, value: {}, }); } args = [].slice.call(args); let conf; if (typeof args[args.length - 1] === 'object') { conf = args.pop(); } else { conf = {}; } if (validation === 'custom' && typeof args[args.length - 1] === 'function') { conf.customValidator = args.pop(); } conf.validation = validation; args.forEach(function(attr) { if (typeof attr === 'string') { const validation = extend({}, conf); validation.options = opts || {}; cls.validations[attr] = cls.validations[attr] || []; cls.validations[attr].push(validation); } }); } function Errors() { Object.defineProperty(this, 'codes', { enumerable: false, configurable: true, value: {}, }); } Errors.prototype.add = function(field, message, code) { code = code || 'invalid'; if (!this[field]) { this[field] = []; this.codes[field] = []; } this[field].push(message); this.codes[field].push(code); }; function ErrorCodes(messages) { const c = this; Object.keys(messages).forEach(function(field) { c[field] = messages[field].codes; }); } /** * ValidationError is raised when the application attempts to save an invalid model instance. * Example: * ``` * { * "name": "ValidationError", * "status": 422, * "message": "The Model instance is not valid. \ * See `details` property of the error object for more info.", * "statusCode": 422, * "details": { * "context": "user", * "codes": { * "password": [ * "presence" * ], * "email": [ * "uniqueness" * ] * }, * "messages": { * "password": [ * "can't be blank" * ], * "email": [ * "Email already exists" * ] * } * }, * } * ``` * You might run into situations where you need to raise a validation error yourself, for example in a "before" hook or a * custom model method. * ``` * MyModel.prototype.preflight = function(changes, callback) { * // Update properties, do not save to db * for (var key in changes) { * model[key] = changes[key]; * } * * if (model.isValid()) { * return callback(null, { success: true }); * } * * // This line shows how to create a ValidationError * var err = new MyModel.ValidationError(model); * callback(err); * } * ``` * * @private */ function ValidationError(obj) { if (!(this instanceof ValidationError)) return new ValidationError(obj); this.name = 'ValidationError'; const context = obj && obj.constructor && obj.constructor.modelName; this.message = g.f( 'The %s instance is not valid. Details: %s.', context ? '`' + context + '`' : 'model', formatErrors(obj.errors, obj.toJSON()) || '(unknown)', ); this.statusCode = 422; this.details = { context: context, codes: obj.errors && obj.errors.codes, messages: obj.errors, }; if (Error.captureStackTrace) { // V8 (Chrome, Opera, Node) Error.captureStackTrace(this, this.constructor); } else if (errorHasStackProperty) { // Firefox this.stack = (new Error).stack; } // Safari and PhantomJS initializes `error.stack` on throw // Internet Explorer does not support `error.stack` } util.inherits(ValidationError, Error); const errorHasStackProperty = !!(new Error).stack; ValidationError.maxPropertyStringLength = 32; function formatErrors(errors, propertyValues) { const DELIM = '; '; errors = errors || {}; return Object.getOwnPropertyNames(errors) .filter(function(propertyName) { return Array.isArray(errors[propertyName]); }) .map(function(propertyName) { const messages = errors[propertyName]; const propertyValue = propertyValues[propertyName]; return messages.map(function(msg) { return formatPropertyError(propertyName, propertyValue, msg); }).join(DELIM); }) .join(DELIM); } function formatPropertyError(propertyName, propertyValue, errorMessage) { let formattedValue; const valueType = typeof propertyValue; if (valueType === 'string') { formattedValue = JSON.stringify(truncatePropertyString(propertyValue)); } else if (propertyValue instanceof Date) { formattedValue = isNaN(propertyValue.getTime()) ? propertyValue.toString() : propertyValue.toISOString(); } else if (valueType === 'object') { // objects and arrays formattedValue = util.inspect(propertyValue, { showHidden: false, color: false, // show top-level object properties only depth: Array.isArray(propertyValue) ? 1 : 0, }); formattedValue = truncatePropertyString(formattedValue); } else { formattedValue = truncatePropertyString('' + propertyValue); } return '`' + propertyName + '` ' + errorMessage + ' (value: ' + formattedValue + ')'; } function truncatePropertyString(value) { let len = ValidationError.maxPropertyStringLength; if (value.length <= len) return value; // preserve few last characters like `}` or `]`, but no more than 3 // this way the last `} ]` in the array of objects is included in the message let tail; const m = value.match(/([ \t})\]]+)$/); if (m) { tail = m[1].slice(-3); len -= tail.length; } else { tail = value.slice(-3); len -= 3; } return value.slice(0, len - 4) + '...' + tail; }