Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

POST with empty payload fails validation (with Joi) #2722

Closed
gunnarlium opened this issue Aug 17, 2015 · 6 comments
Closed

POST with empty payload fails validation (with Joi) #2722

gunnarlium opened this issue Aug 17, 2015 · 6 comments
Assignees
@hueniverse
Labels
documentation Non-code related changes non issue Issue is not a problem or requires changes

Comments

@gunnarlium
Copy link

I have a route with an optional payload. After upgrading to v9, the route returns 400 when the payload is missing. I assume this is because an empty payload is now transformed to null instead of {}, and when null is passed to Joi, Joi responds with "value" must be an object.

To reproduce:

var Hapi = require('hapi');
var Joi = require('joi');

// Create a server with a host and port
var server = new Hapi.Server();
server.connection({
    host: 'localhost',
    port: 8000
});

// Add the route
server.route({
    method: 'POST',
    path: '/hello',
    config: {
        validate: {
            payload: {
                name: Joi.string()
            }
        },
        handler: function (request, reply) {
           reply('hello ' + (request.payload.name || 'world'));
        }
    },
});

// Start the server
server.start(function() {
     console.log('Server running at:', server.info.uri);
});

My use case is an action for resetting a password, where users are allowed to provide a password in the payload, but if a password is not provided, we generate one automatically.
@kanongil
Copy link
Contributor

This definitely looks like a bug. Essentially, the value null is suppied to Joi.validate() when a POST request is empty and contains no content-type header.

@gunnarlium
Copy link
Author

The same happens if content-type is set to text/plain or application/json, or if it's not set at all.

@kanongil
Copy link
Contributor

It is possible that this is not a bug, but simply a consequence of the updated payload parsing. At least I managed to find a work around:

server.route({
    method: 'POST',
    path: '/hello',
    config: {
        validate: {
            payload: Joi.object({
                name: Joi.string()
            }).allow(null)
        },
        handler: function (request, reply) {
           reply('hello ' + ((request.payload || {}).name || 'world'));
        }
    }
});

@gunnarlium
Copy link
Author

allow(null) works for me. I had to change how I check for empty payload, but that's ok.

@devinivy
Copy link
Member

devinivy commented Sep 6, 2015

@hueniverse perhaps this can be resolved by noting in the "Empty Payload" section of the 9.0.0 migration checklist (#2682) how to field empty request payloads (that are allowed to be empty) when using Joi validation. The pattern is to use Joi.object(/* ... */).allow(null).

@matthieusieben
Copy link

Related to #2576 ?

@hueniverse hueniverse added documentation Non-code related changes non issue Issue is not a problem or requires changes labels Oct 3, 2015
@hueniverse hueniverse self-assigned this Oct 3, 2015
@lock lock bot locked as resolved and limited conversation to collaborators Jan 11, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@hueniverse hueniverse

Labels
documentation Non-code related changes non issue Issue is not a problem or requires changes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@hueniverse @gunnarlium @kanongil @matthieusieben @devinivy