More tests and add DisableValidationFilter

captainsafia · captainsafia · commit 1ff9b043e976 · 2025-03-06T15:13:18.000-08:00
diff --git a/src/Http/Http.Abstractions/src/Metadata/IDisableValidationMetadata.cs b/src/Http/Http.Abstractions/src/Metadata/IDisableValidationMetadata.cs
@@ -0,0 +1,12 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+namespace Microsoft.AspNetCore.Http.Metadata;
+
+/// <summary>
+/// A marker interface which can be used to identify metadata that disables validation
+/// on a given endpoint.
+/// </summary>
+public interface IDisableValidationMetadata
+{
+}
diff --git a/src/Http/Http.Abstractions/src/PublicAPI.Unshipped.txt b/src/Http/Http.Abstractions/src/PublicAPI.Unshipped.txt
@@ -1,6 +1,7 @@
 #nullable enable
 abstract Microsoft.AspNetCore.Http.Validation.ValidatableParameterInfo.GetValidationAttributes() -> System.ComponentModel.DataAnnotations.ValidationAttribute![]!
 abstract Microsoft.AspNetCore.Http.Validation.ValidatablePropertyInfo.GetValidationAttributes() -> System.ComponentModel.DataAnnotations.ValidationAttribute![]!
+Microsoft.AspNetCore.Http.Metadata.IDisableValidationMetadata
 Microsoft.AspNetCore.Http.ProducesResponseTypeMetadata.Description.get -> string?
 Microsoft.AspNetCore.Http.ProducesResponseTypeMetadata.Description.set -> void
 Microsoft.AspNetCore.Http.Metadata.IProducesResponseTypeMetadata.Description.get -> string?
diff --git a/src/Http/Http.Abstractions/test/Validation/ValidatableInfoResolverTests.cs b/src/Http/Http.Abstractions/test/Validation/ValidatableInfoResolverTests.cs
diff --git a/src/Http/Http.Abstractions/test/Validation/ValidatableParameterInfoTests.cs b/src/Http/Http.Abstractions/test/Validation/ValidatableParameterInfoTests.cs
diff --git a/src/Http/Http.Abstractions/test/Validation/ValidatableTypeInfoTests.cs b/src/Http/Http.Abstractions/test/Validation/ValidatableTypeInfoTests.cs
@@ -354,6 +354,143 @@ [new RequiredAttribute()]),
         Assert.Contains("Maximum validation depth of 3 exceeded at 'Children[0].Parent.Children[0]'. This is likely caused by a circular reference in the object graph. Consider increasing the MaxDepth in ValidationOptions if deeper validation is required.", exception.Message);
     }
 
+    [Fact]
+    public async Task Validate_HandlesCustomValidationAttributes()
+    {
+        // Arrange
+        var productType = new TestValidatableTypeInfo(
+            typeof(Product),
+            [
+                CreatePropertyInfo(typeof(Product), typeof(string), "SKU", "SKU", false, false, true, false, [new RequiredAttribute(), new CustomSkuValidationAttribute()]),
+            ],
+            false
+        );
+
+        var context = new ValidatableContext
+        {
+            ValidationOptions = new TestValidationOptions(new Dictionary<Type, ValidatableTypeInfo>
+            {
+                { typeof(Product), productType }
+            })
+        };
+
+        var product = new Product { SKU = "INVALID-SKU" };
+        context.ValidationContext = new ValidationContext(product);
+
+        // Act
+        await productType.Validate(product, context);
+
+        // Assert
+        Assert.NotNull(context.ValidationErrors);
+        var error = Assert.Single(context.ValidationErrors);
+        Assert.Equal("SKU", error.Key);
+        Assert.Equal("SKU must start with 'PROD-'.", error.Value.First());
+    }
+
+    [Fact]
+    public async Task Validate_HandlesMultipleErrorsOnSameProperty()
+    {
+        // Arrange
+        var userType = new TestValidatableTypeInfo(
+            typeof(User),
+            [
+                CreatePropertyInfo(typeof(User), typeof(string), "Password", "Password", false, false, true, false,
+                    [
+                        new RequiredAttribute(),
+                        new MinLengthAttribute(8) { ErrorMessage = "Password must be at least 8 characters." },
+                        new PasswordComplexityAttribute()
+                    ])
+            ],
+            false
+        );
+
+        var context = new ValidatableContext
+        {
+            ValidationOptions = new TestValidationOptions(new Dictionary<Type, ValidatableTypeInfo>
+            {
+                { typeof(User), userType }
+            })
+        };
+
+        var user = new User { Password = "abc" };  // Too short and not complex enough
+        context.ValidationContext = new ValidationContext(user);
+
+        // Act
+        await userType.Validate(user, context);
+
+        // Assert
+        Assert.NotNull(context.ValidationErrors);
+        Assert.Single(context.ValidationErrors.Keys); // Only the "Password" key
+        Assert.Equal(2, context.ValidationErrors["Password"].Length); // But with 2 errors
+        Assert.Contains("Password must be at least 8 characters.", context.ValidationErrors["Password"]);
+        Assert.Contains("Password must contain at least one number and one special character.", context.ValidationErrors["Password"]);
+    }
+
+    [Fact]
+    public async Task Validate_HandlesMultiLevelInheritance()
+    {
+        // Arrange
+        var baseType = new TestValidatableTypeInfo(
+            typeof(BaseEntity),
+            [
+                CreatePropertyInfo(typeof(BaseEntity), typeof(Guid), "Id", "Id", false, false, false, false, [])
+            ],
+            false
+        );
+
+        var intermediateType = new TestValidatableTypeInfo(
+            typeof(IntermediateEntity),
+            [
+                CreatePropertyInfo(typeof(IntermediateEntity), typeof(DateTime), "CreatedAt", "CreatedAt", false, false, false, false, [new PastDateAttribute()])
+            ],
+            false,
+            [typeof(BaseEntity)]
+        );
+
+        var derivedType = new TestValidatableTypeInfo(
+            typeof(DerivedEntity),
+            [
+                CreatePropertyInfo(typeof(DerivedEntity), typeof(string), "Name", "Name", false, false, true, false, [new RequiredAttribute()])
+            ],
+            false,
+            [typeof(IntermediateEntity)]
+        );
+
+        var context = new ValidatableContext
+        {
+            ValidationOptions = new TestValidationOptions(new Dictionary<Type, ValidatableTypeInfo>
+            {
+                { typeof(BaseEntity), baseType },
+                { typeof(IntermediateEntity), intermediateType },
+                { typeof(DerivedEntity), derivedType }
+            })
+        };
+
+        var entity = new DerivedEntity
+        {
+            Name = "",  // Invalid: required
+            CreatedAt = DateTime.Now.AddDays(1) // Invalid: future date
+        };
+        context.ValidationContext = new ValidationContext(entity);
+
+        // Act
+        await derivedType.Validate(entity, context);
+
+        // Assert
+        Assert.NotNull(context.ValidationErrors);
+        Assert.Collection(context.ValidationErrors,
+            kvp =>
+            {
+                Assert.Equal("Name", kvp.Key);
+                Assert.Equal("The Name field is required.", kvp.Value.First());
+            },
+            kvp =>
+            {
+                Assert.Equal("CreatedAt", kvp.Key);
+                Assert.Equal("Date must be in the past.", kvp.Value.First());
+            });
+    }
+
     private ValidatablePropertyInfo CreatePropertyInfo(
         Type containingType,
         Type propertyType,
@@ -436,6 +573,76 @@ private class TreeNode
         public List<TreeNode> Children { get; set; } = [];
     }
 
+    private class Product
+    {
+        public string SKU { get; set; } = string.Empty;
+    }
+
+    private class User
+    {
+        public string Password { get; set; } = string.Empty;
+    }
+
+    private class BaseEntity
+    {
+        public Guid Id { get; set; } = Guid.NewGuid();
+    }
+
+    private class IntermediateEntity : BaseEntity
+    {
+        public DateTime CreatedAt { get; set; }
+    }
+
+    private class DerivedEntity : IntermediateEntity
+    {
+        public string Name { get; set; } = string.Empty;
+    }
+
+    private class PastDateAttribute : ValidationAttribute
+    {
+        protected override ValidationResult? IsValid(object? value, ValidationContext validationContext)
+        {
+            if (value is DateTime date && date > DateTime.Now)
+            {
+                return new ValidationResult("Date must be in the past.");
+            }
+
+            return ValidationResult.Success;
+        }
+    }
+
+    private class CustomSkuValidationAttribute : ValidationAttribute
+    {
+        protected override ValidationResult? IsValid(object? value, ValidationContext validationContext)
+        {
+            if (value is string sku && !sku.StartsWith("PROD-", StringComparison.Ordinal))
+            {
+                return new ValidationResult("SKU must start with 'PROD-'.");
+            }
+
+            return ValidationResult.Success;
+        }
+    }
+
+    private class PasswordComplexityAttribute : ValidationAttribute
+    {
+        protected override ValidationResult? IsValid(object? value, ValidationContext validationContext)
+        {
+            if (value is string password)
+            {
+                bool hasDigit = password.Any(c => char.IsDigit(c));
+                bool hasSpecial = password.Any(c => !char.IsLetterOrDigit(c));
+
+                if (!hasDigit || !hasSpecial)
+                {
+                    return new ValidationResult("Password must contain at least one number and one special character.");
+                }
+            }
+
+            return ValidationResult.Success;
+        }
+    }
+
     // Test implementations
     private class TestValidatablePropertyInfo : ValidatablePropertyInfo
     {
diff --git a/src/Http/Http.Extensions/test/ValidationEndpointConventionBuilderExtensionsTests.cs b/src/Http/Http.Extensions/test/ValidationEndpointConventionBuilderExtensionsTests.cs
@@ -0,0 +1,78 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using System.ComponentModel.DataAnnotations;
+using System.Text;
+using Microsoft.AspNetCore.Builder;
+using Microsoft.AspNetCore.Http.Metadata;
+using Microsoft.AspNetCore.InternalTesting;
+using Microsoft.AspNetCore.Routing;
+using Microsoft.Extensions.DependencyInjection;
+
+namespace Microsoft.AspNetCore.Http.Extensions.Tests;
+
+public class ValidationEndpointConventionBuilderExtensionsTests : LoggedTest
+{
+    [Fact]
+    public async Task DisableValidation_PreventsValidationFilterRegistration()
+    {
+        // Arrange
+        var services = new ServiceCollection();
+        services.AddValidation();
+        services.AddSingleton(LoggerFactory);
+        var serviceProvider = services.BuildServiceProvider();
+
+        var builder = new DefaultEndpointRouteBuilder(new ApplicationBuilder(serviceProvider));
+
+        // Act - Create two endpoints - one with validation disabled, one without
+        var regularBuilder = builder.MapGet("test-enabled", ([Range(5, 10)] int param) => "Validation enabled here.");
+        var disabledBuilder = builder.MapGet("test-disabled", ([Range(5, 10)] int param) => "Validation disabled here.");
+
+        disabledBuilder.DisableValidation();
+
+        // Build the endpoints
+        var dataSource = Assert.Single(builder.DataSources);
+        var endpoints = dataSource.Endpoints;
+
+        // Assert
+        Assert.Equal(2, endpoints.Count);
+
+        // Get filter factories from both endpoints
+        var regularEndpoint = endpoints[0];
+        var disabledEndpoint = endpoints[1];
+
+        // Verify the disabled endpoint has the IDisableValidationMetadata
+        Assert.Contains(disabledEndpoint.Metadata, m => m is IDisableValidationMetadata);
+
+        // Verify that invalid arguments on the disabled endpoint do not trigger validation
+        var context = new DefaultHttpContext
+        {
+            RequestServices = serviceProvider
+        };
+        context.Request.Method = "GET";
+        context.Request.QueryString = new QueryString("?param=15");
+        var ms = new MemoryStream();
+        context.Response.Body = ms;
+
+        await disabledEndpoint.RequestDelegate(context);
+        Assert.Equal(StatusCodes.Status200OK, context.Response.StatusCode);
+        Assert.Equal("Validation disabled here.", Encoding.UTF8.GetString(ms.ToArray()));
+
+        context = new DefaultHttpContext
+        {
+            RequestServices = serviceProvider
+        };
+        context.Request.Method = "GET";
+        context.Request.QueryString = new QueryString("?param=15");
+        await regularEndpoint.RequestDelegate(context);
+        Assert.Equal(StatusCodes.Status400BadRequest, context.Response.StatusCode);
+    }
+
+    private class DefaultEndpointRouteBuilder(IApplicationBuilder applicationBuilder) : IEndpointRouteBuilder
+    {
+        private IApplicationBuilder ApplicationBuilder { get; } = applicationBuilder ?? throw new ArgumentNullException(nameof(applicationBuilder));
+        public IApplicationBuilder CreateApplicationBuilder() => ApplicationBuilder.New();
+        public ICollection<EndpointDataSource> DataSources { get; } = [];
+        public IServiceProvider ServiceProvider => ApplicationBuilder.ApplicationServices;
+    }
+}
diff --git a/src/Http/Routing/src/Builder/ValidationRouteHandlerBuilderExtensions.cs b/src/Http/Routing/src/Builder/ValidationRouteHandlerBuilderExtensions.cs
@@ -0,0 +1,32 @@
+// Licensed to the .NET Foundation under one or more agreements.
+// The .NET Foundation licenses this file to you under the MIT license.
+
+using Microsoft.AspNetCore.Http.Metadata;
+
+namespace Microsoft.AspNetCore.Builder;
+
+/// <summary>
+/// Extension methods for <see cref="IEndpointConventionBuilder"/> to interact with
+/// parameter validation features.
+/// </summary>
+public static class ValidationEndpointConventionBuilderExtensions
+{
+    /// <summary>
+    /// Disables validation for the specified endpoint.
+    /// </summary>
+    /// <typeparam name="TBuilder">The type of the builder.</typeparam>
+    /// <param name="builder">The endpoint convention builder.</param>
+    /// <returns>
+    /// The <see cref="IEndpointConventionBuilder"/> for chaining.
+    /// </returns>
+    public static TBuilder DisableValidation<TBuilder>(this TBuilder builder)
+        where TBuilder : IEndpointConventionBuilder
+    {
+        builder.WithMetadata(new DisableValidationMetadata());
+        return builder;
+    }
+
+    private sealed class DisableValidationMetadata : IDisableValidationMetadata
+    {
+    }
+}
diff --git a/src/Http/Routing/src/PublicAPI.Unshipped.txt b/src/Http/Routing/src/PublicAPI.Unshipped.txt
@@ -1 +1,3 @@
 #nullable enable
+Microsoft.AspNetCore.Builder.ValidationEndpointConventionBuilderExtensions
+static Microsoft.AspNetCore.Builder.ValidationEndpointConventionBuilderExtensions.DisableValidation<TBuilder>(this TBuilder builder) -> TBuilder
diff --git a/src/Http/Routing/src/RouteEndpointDataSource.cs b/src/Http/Routing/src/RouteEndpointDataSource.cs

Original file line number	Diff line number	Diff line change
`@@ -1 +1,3 @@`
`1`	`1`	`#nullable enable`
	`2`	`+Microsoft.AspNetCore.Builder.ValidationEndpointConventionBuilderExtensions`
	`3`	`+static Microsoft.AspNetCore.Builder.ValidationEndpointConventionBuilderExtensions.DisableValidation<TBuilder>(this TBuilder builder) -> TBuilder`