-
-
Notifications
You must be signed in to change notification settings - Fork 155
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Parser passes incomplete data to marshmallow.pre_load schema methods #173
Comments
Thanks for the report. I would be happy to review a PR. |
I have been having a look at how this currently works / why this error is occurring in the hopes of creating a PR to correct it. I ran into the bug when trying to run the example from the Marshmallow validators example which throws a validation error when unused arguments are present. It think the error boils down to the fact that the I see a couple of solutions to this problems, however, they may have unintended consequences:
I am pretty sure that the logic for the last two options actually exists in Marshmallow rather than inside of Webargs so is not reasonable to change for this. However, option 1 has a different problem. In the case of Fields that have specified load locations (instead of the general passed in ones) this can cause problems. I am pretty sure that this is a webargs specific feature since Marshmallow isn't going to be aware of the request context. This is because it is no longer clear what the full set of data to load should be (or rather there are now more options). The options I see for full set of fields is:
1 gives the validation method the ability to really be certain that no unnecessary arguments are being passed (e.g. in the example that I came here from), however, it also means that they would always have to think about what headers may be attached, which is not something you always want to do. Both 1 & 2, however, come with the property that it is hard for them to actually limit the reading of arguments to only the locations that were requested. I believe that this is because loading is done using Marshamallow which doesn't have a notion of where an argument came from. Instead it will simply read arguments from the dictionary it gets no matter their original source. 3 is the option which is the middle ground between the two. This ensures that the loading code only gets fields which it is actually allowed to see, and does not require any changes. However, it does limit what is seen as the 'full' set of original parameters. It also runs into a difficulty with cases like that found in For my PR I am going to try implement options 1 & 3 above. Any feedback would be much appreciated. |
Are there any workarounds on this for now? I still can't get arguments that are not in schema in any |
Let's continue discussion of this in #267, as it's the same issue described here. |
When using a Marshmallow schema with a
@pre_load
-decorated method, thedata
passed as the arg to the method includes only fields specified in the schema. This breaks pre_load methods that depend on data entires not in fields such as the enveloping example given in the Marshmallow docs.Here's a minimal example using Flask to demonstrate the issue:
When sending data to the route above (for example using httpie:
http POST :5001/ data:='{"foo": "bar"}'
the following trace is produced:If
additional = ['data']
is added to theMeta
class above, the example code works as intended since the envelope key is now a field. However, I doubt this seeming-hack is the intended approach.The culprit appears to be in
webargs.core.Parser#_parse_request
. Per the line linked here, the parser iterates over and adds only values that correspond toschema.fields
— rather than all request data — to the dict that is ultimately passed to the given schema's load method.If this is indeed an unintended bug I would be happy to submit a PR.
The text was updated successfully, but these errors were encountered: