fix(validator): primitive iml expression bypass (#18)

In case a field contains a primitive IML Expression, the primitive type
validators for number, boolean and so on are currently mistakenly
returning validation error, even when a valid-typed primitive value
could be mapped into them. This is patch for such behavior.

_There's a catch when someone would do:_

```
const context = {
    first: 'fal',
    second: 'se'
}
```

and then `{{context.first}}{{context.second}}` to get `false` as string
which would be casted later, similarly with numbers, but that sounds too
obscure to be significant at the moment.

If we ever encounter a problem with the `isPrimitiveIMLExpression`, we
can always make it more relaxed to the `containsIMLExpression` instead,
but we want to be stricter when we can now.

---------

Co-authored-by: Patrik Simek <[email protected]>

Author: dominikkadera

package-lock.json

@@ -1,6 +1,6 @@
 {
     "name": "@makehq/forman-schema",
-    "version": "1.4.0",
+    "version": "1.4.1",
     "description": "Forman Schema Tools",
     "license": "MIT",
     "author": "Make",

package.json

@@ -46,6 +46,16 @@ export function containsIMLExpression(value: unknown): boolean {
     return value.indexOf('{{') > -1 && value.indexOf('}}') > -1;
 }
 
+/**
+ * Utility function to check if a value is a primitive IML expression.
+ * @param value
+ */
+export function isPrimitiveIMLExpression(value: unknown): boolean {
+    if (typeof value !== 'string') return false;
+    // The last index of '{{' has to be at the start, meaning there's no following '{{' anywhere further, and the first closing '}}' has to be at the end
+    return value.lastIndexOf('{{') === 0 && value.indexOf('}}') === value.length - 2;
+}
+
 /**
  * Constants for API endpoints
  */

src/utils.ts

@@ -8,7 +8,14 @@ import {
     FormanValidationOptions,
     FormanSchemaNested,
 } from './types';
-import { containsIMLExpression, FORMAN_VISUAL_TYPES, isObject, isOptionGroup, normalizeFormanFieldType } from './utils';
+import {
+    containsIMLExpression,
+    FORMAN_VISUAL_TYPES,
+    isObject,
+    isOptionGroup,
+    isPrimitiveIMLExpression,
+    normalizeFormanFieldType,
+} from './utils';
 
 /**
  * Context for schema validation operations
@@ -223,7 +230,7 @@ async function validateFormanValue(
     let actualType: string = typeof value;
     if (actualType === 'object' && Array.isArray(value)) actualType = 'array';
 
-    if (expectedType && expectedType !== actualType) {
+    if (expectedType && expectedType !== actualType && !isPrimitiveIMLExpression(value)) {
         return {
             valid: false,
             errors: [

src/validator.ts

@@ -4,6 +4,7 @@ import {
     isObject,
     isOptionGroup,
     containsIMLExpression,
+    isPrimitiveIMLExpression,
     normalizeFormanFieldType,
     API_ENDPOINTS,
     FORMAN_VISUAL_TYPES,
@@ -97,6 +98,53 @@ describe('Utils Functions', () => {
         });
     });
 
+    describe('isPrimitiveIMLExpression', () => {
+        it('should return true for primitive IML expressions', () => {
+            expect(isPrimitiveIMLExpression('{{variable}}')).toBe(true);
+            expect(isPrimitiveIMLExpression('{{user.email}}')).toBe(true);
+            expect(isPrimitiveIMLExpression('{{data.items[0].name}}')).toBe(true);
+        });
+
+        it('should return false for strings with IML expressions but not primitive', () => {
+            expect(isPrimitiveIMLExpression('Hello {{name}}')).toBe(false);
+            expect(isPrimitiveIMLExpression('{{name}} welcome')).toBe(false);
+            expect(isPrimitiveIMLExpression('Start {{middle}} end')).toBe(false);
+            expect(isPrimitiveIMLExpression('prefix{{variable}}')).toBe(false);
+            expect(isPrimitiveIMLExpression('{{variable}}suffix')).toBe(false);
+        });
+
+        it('should return false for strings with multiple IML expressions', () => {
+            expect(isPrimitiveIMLExpression('{{first}}{{second}}')).toBe(false);
+            expect(isPrimitiveIMLExpression('{{first}} {{second}}')).toBe(false);
+            expect(isPrimitiveIMLExpression('{{a}}{{b}}{{c}}')).toBe(false);
+        });
+
+        it('should return false for strings without IML expressions', () => {
+            expect(isPrimitiveIMLExpression('regular string')).toBe(false);
+            expect(isPrimitiveIMLExpression('{ single brace }')).toBe(false);
+            expect(isPrimitiveIMLExpression('{{ incomplete')).toBe(false);
+            expect(isPrimitiveIMLExpression('incomplete }}')).toBe(false);
+            expect(isPrimitiveIMLExpression('')).toBe(false);
+        });
+
+        it('should return false for non-string values', () => {
+            expect(isPrimitiveIMLExpression(123)).toBe(false);
+            expect(isPrimitiveIMLExpression(null)).toBe(false);
+            expect(isPrimitiveIMLExpression(undefined)).toBe(false);
+            expect(isPrimitiveIMLExpression(true)).toBe(false);
+            expect(isPrimitiveIMLExpression({})).toBe(false);
+            expect(isPrimitiveIMLExpression([])).toBe(false);
+        });
+
+        it('should return false for malformed IML expressions', () => {
+            expect(isPrimitiveIMLExpression('{variable}')).toBe(false);
+            expect(isPrimitiveIMLExpression('{{variable}')).toBe(false);
+            expect(isPrimitiveIMLExpression('{{{variable}}}')).toBe(false);
+            expect(isPrimitiveIMLExpression('{{varia{{ble}}')).toBe(false);
+            expect(isPrimitiveIMLExpression('{{varia}}ble}}')).toBe(false);
+        });
+    });
+
     describe('normalizeFormanFieldType', () => {
         it('should normalize account: prefixed types', () => {
             const field = {

test/utils.spec.ts

@@ -314,6 +314,10 @@ describe('Forman Schema Extended Validation', () => {
                 normalField: 'invalid-email',
                 imlField: '{{user.email}}',
                 mixedField: 'Hello {{user.name}}, welcome!',
+                numericField: '{{1.id}}',
+                booleanField: '{{2.isEmpty}}',
+                conflatedNumericField: '{{object.firstHalf}}{{object.secondHalf}}',
+                complexField: '{{user}}',
             };
 
             const formanSchema = [
@@ -338,6 +342,26 @@ describe('Forman Schema Extended Validation', () => {
                         min: 50,
                     },
                 },
+                {
+                    name: 'numericField',
+                    type: 'number',
+                },
+                {
+                    name: 'booleanField',
+                    type: 'boolean',
+                },
+                {
+                    name: 'conflatedNumericField',
+                    type: 'number',
+                },
+                {
+                    name: 'complexField',
+                    type: 'collection',
+                    spec: [
+                        { name: 'name', type: 'text' },
+                        { name: 'email', type: 'email' },
+                    ],
+                },
             ];
 
             expect(await validateForman(formanValue, formanSchema)).toEqual({
@@ -348,6 +372,11 @@ describe('Forman Schema Extended Validation', () => {
                         path: 'normalField',
                         message: "Value doesn't match the pattern: ^[^@]+@[^@]+\\.[^@]+$",
                     },
+                    {
+                        domain: 'default',
+                        message: "Expected type 'number', got type 'string'.",
+                        path: 'conflatedNumericField',
+                    },
                 ],
             });
         });