final comment updates

waspc/data/Generator/templates/react-app/src/utils.js

@@ -1,3 +1,3 @@
 export const errorMessage = (e) => {
-  return `Error: ${e.message} ${e.data && e.data.message ? '- Details: ' + e.data.message : ''}`
+  return `Error: ${e.message} ${e.data?.message ? '- Details: ' + e.data.message : ''}`
 }

waspc/data/Generator/templates/server/src/core/auth/prismaMiddleware.js

@@ -5,16 +5,19 @@ import AuthError from '../AuthError.js'
 const EMAIL_FIELD = 'email'
 const PASSWORD_FIELD = 'password'
 
-// Ensure strong plaintext password.
+// Allows flexible validation of a user entity.
+// Users can skip default validations by passing _waspSkipDefaultValidations = true
+// Users can also add custom validations by passing an array of _waspCustomValidations
+// with the same format as our default validations.
 // Throws an AuthError on the first validation that fails.
 const registerUserEntityValidation = (prismaClient) => {
   prismaClient.$use(async (params, next) => {
     if (params.model === '{= userEntityUpper =}') {
       if (['create', 'update', 'updateMany'].includes(params.action)) {
-        validateUserData(params.args.data, params.args, params.action)
+        validateUser(params.args.data, params.args, params.action)
       } else if (params.action === 'upsert') {
-        validateUserData(params.args.create.data, params.args, 'create')
-        validateUserData(params.args.update.data, params.args, 'update')
+        validateUser(params.args.create.data, params.args, 'create')
+        validateUser(params.args.update.data, params.args, 'update')
       }
 
       // Remove from downstream Prisma processing to avoid "Unknown arg" error
@@ -51,13 +54,13 @@ const registerPasswordHashing = (prismaClient) => {
 }
 
 export const registerAuthMiddleware = (prismaClient) => {
-  // registerUserEntityValidation must come before registerPasswordHashing
+  // NOTE: registerUserEntityValidation must come before registerPasswordHashing.
   registerUserEntityValidation(prismaClient)
   registerPasswordHashing(prismaClient)
 }
 
-const validateUserData = (data, args, action) => {
-  data = data || {}
+const validateUser = (user, args, action) => {
+  user = user || {}
 
   const defaultValidations = [
     { validates: EMAIL_FIELD, message: 'email must be present', validator: email => !!email },
@@ -71,10 +74,11 @@ const validateUserData = (data, args, action) => {
     ...(args._waspCustomValidations || [])
   ]
 
-  // Validations always run on create, but only when the field is present for updates
+  // On 'create' validations run always, otherwise (on updates)
+  // they run only when the field they are validating is present.
   for (const v of validations) {
-    if (action === 'create' || data.hasOwnProperty(v.validates)) {
-      if (!v.validator(data[v.validates])) {
+    if (action === 'create' || user.hasOwnProperty(v.validates)) {
+      if (!v.validator(user[v.validates])) {
         throw new AuthError(v.message)
       }
     }

waspc/data/Generator/templates/server/src/utils.js

@@ -34,6 +34,7 @@ export const prismaErrorToHttpError = (e) => {
     } else {
       // TODO(shayne): Go through https://www.prisma.io/docs/reference/api-reference/error-reference#error-codes
       // and decide which are input errors (422) and which are not (500)
+      // See: https://github.com/wasp-lang/wasp/issues/384
       return new HttpError(500)
     }
   } else if (e instanceof Prisma.PrismaClientValidationError) {

web/docs/language/basic-elements.md

@@ -374,28 +374,23 @@ You don't need to worry about hashing the password yourself! Even when you are u
 
 ##### Customizing user entity validations
 
-To disable default validations, or add your own, you can do:
+To disable/enable default validations, or add your own, you can do:
 ```js
 const newUser = context.entities.User.create({
   data: { email: 'some@email.com', password: 'this will be hashed!' },
-  _waspSkipDefaultValidations: true, // defaults to false
+  _waspSkipDefaultValidations: false, // can be omitted if false (default), or explicitly set true
   _waspCustomValidations: [
     {
       validates: 'password',
-      message: 'password must be present',
-      validator: password => !!password
-    },
-    {
-      validates: 'password',
-      message: 'password must be at least 8 characters',
-      validator: password => password.length >= 8
+      message: 'password must contain an uppercase letter',
+      validator: password => /[A-Z]/.test(password)
     },
   ]
 })
 ```
 
 :::info
-Validations always run on `create()`, but only when the `validates` field is present for `update()`. The validation process stops on the first `validator` to return false. If enabled, default validations run first and validate basic properties of both the `'email'` or `'password'` fields.
+Validations always run on `create()`, but only when the field mentioned in `validates` is present for `update()`. The validation process stops on the first `validator` to return false. If enabled, default validations run first and validate basic properties of both the `'email'` or `'password'` fields.
 :::
 
 #### Specification