# Lesson 4: Advanced Data Validation with Marshmallow

Here's the formatted version in Markdown:

# Advanced Data Validation with Marshmallow

In this lesson, we'll focus on mastering more types of constraints for data validation with Marshmallow in a Flask application. Robust data validation is crucial in web applications to ensure data integrity, consistency, and prevent security vulnerabilities. By the end of this lesson, you will be adept at implementing various data validation techniques that will significantly enhance the reliability of your web applications.

## Recap of Basic Setup

Before we dive into advanced validation techniques, let’s quickly recap our basic setup that we've been building in earlier lessons.

```python
from flask import Flask

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database as a list of dictionaries
database = [
    {"id": 1, "username": "cosmo", "email": "cosmo@example.com"},
    {"id": 2, "username": "jake", "email": "jake@example.com"},
    {"id": 3, "username": "emma", "email": "emma@example.com"}
]
```

With this setup in place, we are ready to explore other types of constraints and validations to further refine our data handling capabilities.

## String Fields with Length Constraints

We often need to ensure that certain string fields meet specific length requirements. This is critical for user-generated fields such as usernames.

```python
from marshmallow import validate

username = fields.Str(validate=validate.Length(min=3, max=20))
```

Here, we define the `username` field as a required string with a length between 3 and 20 characters. This ensures that only valid usernames are accepted by our application.

## Integer Fields with Range Constraints

Similarly, numerical inputs often need to fall within a certain range to ensure they are within acceptable limits.

```python
from marshmallow import validate

age = fields.Int(validate=validate.Range(min=18, max=99))
```

Here, we define an `age` field as an integer that must fall between 18 and 99. This is useful for applications with age restrictions.

## Validate URL Fields

Lastly, let's look at how to validate URL fields to guarantee that any URLs provided are correctly formatted.

```python
from marshmallow import fields

website = fields.Url()
```

In this scenario, `website` must be a valid URL. By ensuring this, our application can trust the integrity of the provided URLs.

## Putting it All Together

Now, let's tie all these validations together and implement a user creation feature that leverages these advanced validations. In this implementation, we will mix both optional and required fields to create a comprehensive user schema.

```python
from marshmallow import Schema, fields, validate

class UserSchema(Schema):
    id = fields.Int()  # Optional
    username = fields.Str(  # Required
        required=True,
        validate=validate.Length(min=3, max=20)
    )
    email = fields.Email(required=True)  # Required
    age = fields.Int(validate=validate.Range(min=18, max=99))  # Optional
    website = fields.Url()  # Optional
```

In the `UserSchema` class, we incorporate all the field validations we've discussed. This schema can now be used to validate incoming user data within a route.

## Summary and Hands-on Tasks

In this lesson, we’ve enhanced our data validation skills with Marshmallow by:

- Implementing string length constraints.
- Applying integer range constraints.
- Validating optional fields like URLs.

Now, it’s your turn to practice these validations in the upcoming exercises. These hands-on tasks will reinforce your understanding and help you gain confidence. Keep applying these skills to your projects, and you’ll continue to see improvement in your work. Happy coding!

## Advanced Validations for User Creation

Let's apply what you've learned about data validation techniques using Marshmallow and Flask

Your mission is to complete the constraints for the fields of our UserSchema.

Fill in the missing parts as indicated.

```py
from flask import Flask, request, jsonify
from marshmallow import Schema, fields, ValidationError, validate

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database as a list of dictionaries
database = [
    {"id": 1, "username": "cosmo", "email": "cosmo@example.com"},
    {"id": 2, "username": "jake", "email": "jake@example.com"},
    {"id": 3, "username": "emma", "email": "emma@example.com"}
]

# Define a schema for user data with various validations
class UserSchema(Schema):
    id = fields.Int()
    username = fields.Str(
        required=True,
        # TODO: Complete the validation for length between 3-20 chars
        validate=validate.Length(min=3, max=20)
    )
    email = fields.Email(required=True)
    # TODO: Complete the validation for age between 18-99
    age = fields.Int(validate=validate.Length(min=18, max=99))
    # TODO: Complete the field to validate a valid URL
    website = fields.Url()

# Create an instance of the User schema
user_schema = UserSchema()

# Define a route to handle user creation
@app.route('/users', methods=['POST'])
def create_user():
    try:
        # Validate the incoming JSON data against the schema
        user_data = user_schema.load(request.get_json())
    except ValidationError as err:
        # Return validation errors as JSON response
        return jsonify(error=err.messages), 400

    # Generate a new ID by finding the maximum existing ID and adding 1
    new_id = max(user['id'] for user in database) + 1
    user_data["id"] = new_id
    # Add the new user to the mock database
    database.append(user_data)
    # Return the newly created user data as JSON response
    return jsonify(user_data), 201
```


Here’s the corrected version of the code where I’ve completed the missing parts for the `UserSchema` constraints:

```py
from flask import Flask, request, jsonify
from marshmallow import Schema, fields, ValidationError, validate

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database as a list of dictionaries
database = [
    {"id": 1, "username": "cosmo", "email": "cosmo@example.com"},
    {"id": 2, "username": "jake", "email": "jake@example.com"},
    {"id": 3, "username": "emma", "email": "emma@example.com"}
]

# Define a schema for user data with various validations
class UserSchema(Schema):
    id = fields.Int()
    
    # Username is required and must be between 3 and 20 characters
    username = fields.Str(
        required=True,
        validate=validate.Length(min=3, max=20)
    )
    
    # Email is required and must be a valid email format
    email = fields.Email(required=True)
    
    # Age is optional but must be between 18 and 99 if provided
    age = fields.Int(validate=validate.Range(min=18, max=99))
    
    # Website is optional but must be a valid URL if provided
    website = fields.Url()

# Create an instance of the User schema
user_schema = UserSchema()

# Define a route to handle user creation
@app.route('/users', methods=['POST'])
def create_user():
    try:
        # Validate the incoming JSON data against the schema
        user_data = user_schema.load(request.get_json())
    except ValidationError as err:
        # Return validation errors as JSON response
        return jsonify(error=err.messages), 400

    # Generate a new ID by finding the maximum existing ID and adding 1
    new_id = max(user['id'] for user in database) + 1
    user_data["id"] = new_id
    # Add the new user to the mock database
    database.append(user_data)
    # Return the newly created user data as JSON response
    return jsonify(user_data), 201

# Run the app if the script is executed directly
if __name__ == '__main__':
    app.run(debug=True)
```

### Changes Made:
1. **Username Validation**: The username must be between 3 and 20 characters, as per the given instruction.
2. **Age Validation**: The `age` field was corrected to use `validate.Range(min=18, max=99)` instead of `validate.Length(min=18, max=99)`, as `Length` is used for strings and not integers.
3. **Website Validation**: The `website` field will now validate that the provided URL is in a correct format using `fields.Url()`.

This `UserSchema` now properly enforces:
- Username length constraints.
- Email format validation.
- Age constraints (if provided).
- URL format validation (if provided).

You can now test this schema by sending a POST request to `/users` with JSON data that meets these validation criteria.

## Tweak Age Validation Constraints

Great job on the basic validations! Now, let's make a slight adjustment.

Modify the UserSchema class to remove the maximum age constraint for the age field.

This tweak will help you understand how to adjust constraints based on app requirements. Keep it going!

```py
from flask import Flask, request, jsonify
from marshmallow import Schema, fields, ValidationError, validate

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database as a list of dictionaries
database = [
    {"id": 1, "username": "cosmo", "email": "cosmo@example.com"},
    {"id": 2, "username": "jake", "email": "jake@example.com"},
    {"id": 3, "username": "emma", "email": "emma@example.com"}
]

# Define a schema for user data with various validations
class UserSchema(Schema):
    id = fields.Int()  # Optional
    username = fields.Str(
        required=True, # Required
        validate=validate.Length(min=3, max=20) # Between 3-20 chars
    )
    email = fields.Email(required=True)  # Required, valid email
    # TODO: Remove the maximum age constraint
    age = fields.Int(validate=validate.Range(min=18, max=99))  # Optional, int between 18-99
    website = fields.Url()  # Optional, valid URL

# Create an instance of the User schema
user_schema = UserSchema()

# Define a route to handle user creation
@app.route('/users', methods=['POST'])
def create_user():
    try:
        # Validate the incoming JSON data against the schema
        user_data = user_schema.load(request.get_json())
    except ValidationError as err:
        # Return validation errors as JSON response
        return jsonify(error = err.messages), 400

    # Generate a new ID by finding the maximum existing ID and adding 1
    new_id = max(user['id'] for user in database) + 1
    user_data["id"] = new_id
    # Add the new user to the mock database
    database.append(user_data)
    # Return the newly created user data as JSON response
    return jsonify(user_data), 201
```

To remove the maximum age constraint while keeping the minimum age constraint, you can simply modify the `validate.Range()` to only include `min=18` without specifying a `max` value. Here's the updated `UserSchema`:

```py
from flask import Flask, request, jsonify
from marshmallow import Schema, fields, ValidationError, validate

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database as a list of dictionaries
database = [
    {"id": 1, "username": "cosmo", "email": "cosmo@example.com"},
    {"id": 2, "username": "jake", "email": "jake@example.com"},
    {"id": 3, "username": "emma", "email": "emma@example.com"}
]

# Define a schema for user data with various validations
class UserSchema(Schema):
    id = fields.Int()  # Optional
    username = fields.Str(
        required=True,  # Required
        validate=validate.Length(min=3, max=20)  # Between 3-20 chars
    )
    email = fields.Email(required=True)  # Required, valid email
    # Remove the maximum age constraint, leaving only the minimum constraint of 18
    age = fields.Int(validate=validate.Range(min=18))  # Optional, age >= 18
    website = fields.Url()  # Optional, valid URL

# Create an instance of the User schema
user_schema = UserSchema()

# Define a route to handle user creation
@app.route('/users', methods=['POST'])
def create_user():
    try:
        # Validate the incoming JSON data against the schema
        user_data = user_schema.load(request.get_json())
    except ValidationError as err:
        # Return validation errors as JSON response
        return jsonify(error=err.messages), 400

    # Generate a new ID by finding the maximum existing ID and adding 1
    new_id = max(user['id'] for user in database) + 1
    user_data["id"] = new_id
    # Add the new user to the mock database
    database.append(user_data)
    # Return the newly created user data as JSON response
    return jsonify(user_data), 201

# Run the app if the script is executed directly
if __name__ == '__main__':
    app.run(debug=True)
```

### Adjustments made:
- **Age Validation**: The maximum age constraint was removed, so now the `age` field only validates that the user is at least 18 years old (`validate.Range(min=18)`).
  
This tweak allows users to input any age as long as it's 18 or above.


## Fix Advanced Validations for Users

Excellent progress so far! You've learned a lot about data validation with Marshmallow.

Every programmer makes mistakes, and finding bugs in the details is essential. Your task now is to find and fix the bug!

Go through the existing code, identify the problem, and correct it to ensure proper data validation.

```py
from flask import Flask, request, jsonify
from marshmallow import Schema, fields, ValidationError, validate

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database as a list of dictionaries
database = [
    {"id": 1, "username": "cosmo", "email": "cosmo@example.com"},
    {"id": 2, "username": "jake", "email": "jake@example.com"},
    {"id": 3, "username": "emma", "email": "emma@example.com"}
]

# Define a schema for user data with various validations
class UserSchema(Schema):
    id = fields.Int()  # Optional
    username = fields.Str(
        required=True,  # Required
        validate=validate.Range(min=18, max=99)  # Between 3-20 chars
    )
    email = fields.Email(required=True)  # Required, valid email
    age = fields.Int(validate=validate.Length(min=3, max=20))  # Optional, int between 18-99
    website = fields.Url()  # Optional, valid URL

# Create an instance of the User schema
user_schema = UserSchema()

# Define a route to handle user creation
@app.route('/users', methods=['POST'])
def create_user():
    try:
        # Validate the incoming JSON data against the schema
        user_data = user_schema.load(request.get_json())
    except ValidationError as err:
        # Return validation errors as JSON response
        return jsonify(error=err.messages), 400

    # Generate a new ID by finding the maximum existing ID and adding 1
    new_id = max(user['id'] for user in database) + 1
    user_data["id"] = new_id
    # Add the new user to the mock database
    database.append(user_data)
    # Return the newly created user data as JSON response
    return jsonify(user_data), 201

```



## Write a Schema With Advanced Validation

You've been doing well! Now it's time to put everything into practice in a slightly different context.

Your task is to define a ProductSchema class to validate product data with the following fields:

id: Optional, integer.
name: Required, string with a length between 3 and 50 characters.
price: Required, float between 0.01 and 1000.
description: Optional, string with a maximum length of 200 characters.
Ensure that you set the name and price fields as required.

```py
from flask import Flask, request, jsonify
from marshmallow import Schema, fields, ValidationError, validate

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database as a list of dictionaries
database = [
    {"id": 1, "name": "Laptop", "price": 999.99, "description": "A powerful laptop"},
    {"id": 2, "name": "Smartphone", "price": 499.99, "description": "A feature-rich smartphone"},
]

# TODO: Define a schema for product data with various validations:
# - id: optional, integer
# - name: required, string, length 3-50
# - price: required, float, range 0.01-1000
# - description: optional, string, max 200 characters

# TODO: Create an instance of the Product schema
product_schema =

# Define a route to handle product creation
@app.route('/products', methods=['POST'])
def create_product():
    try:
        # Validate the incoming JSON data against the schema
        product_data = product_schema.load(request.get_json())
    except ValidationError as err:
        # Return validation errors as JSON response
        return jsonify(error=err.messages), 400

    # Generate a new ID by finding the maximum existing ID and adding 1
    new_id = max(product['id'] for product in database) + 1
    product_data["id"] = new_id
    # Add the new product to the mock database
    database.append(product_data)
    # Return the newly created product data as JSON response
    return jsonify(product_data), 201

```

Here’s how you can define the `ProductSchema` class using the `marshmallow` library. This schema will enforce the specified validations for each field (`id`, `name`, `price`, and `description`). The `name` and `price` fields are required, while `id` and `description` are optional.

```py
from flask import Flask, request, jsonify
from marshmallow import Schema, fields, ValidationError, validate

# Initialize a Flask app instance
app = Flask(__name__)

# Mock database as a list of dictionaries
database = [
    {"id": 1, "name": "Laptop", "price": 999.99, "description": "A powerful laptop"},
    {"id": 2, "name": "Smartphone", "price": 499.99, "description": "A feature-rich smartphone"},
]

# Define the ProductSchema with required validations
class ProductSchema(Schema):
    id = fields.Int(required=False)  # Optional field, integer
    name = fields.Str(required=True, validate=validate.Length(min=3, max=50))  # Required, string 3-50 characters
    price = fields.Float(required=True, validate=validate.Range(min=0.01, max=1000))  # Required, float 0.01-1000
    description = fields.Str(required=False, validate=validate.Length(max=200))  # Optional, string max 200 characters

# Create an instance of the Product schema
product_schema = ProductSchema()

# Define a route to handle product creation
@app.route('/products', methods=['POST'])
def create_product():
    try:
        # Validate the incoming JSON data against the schema
        product_data = product_schema.load(request.get_json())
    except ValidationError as err:
        # Return validation errors as JSON response
        return jsonify(error=err.messages), 400

    # Generate a new ID by finding the maximum existing ID and adding 1
    new_id = max(product['id'] for product in database) + 1
    product_data["id"] = new_id
    # Add the new product to the mock database
    database.append(product_data)
    # Return the newly created product data as JSON response
    return jsonify(product_data), 201

if __name__ == '__main__':
    app.run(debug=True)
```

### Key Components:
1. **`ProductSchema` Class**:
   - `id`: Optional, integer.
   - `name`: Required, string between 3-50 characters.
   - `price`: Required, float between 0.01-1000.
   - `description`: Optional, string with a maximum length of 200 characters.

2. **Validation**: The `validate.Length` and `validate.Range` methods ensure that the input conforms to the specified constraints.

3. **Error Handling**: If the validation fails, a `400 Bad Request` response with detailed error messages will be returned.

### Conclusion:
This schema is now set up to validate product data before adding it to the mock database. This ensures that all required fields are present and that the data conforms to the specified constraints.