Issue #23 new

Using Validation on .get()

Randall Degges
created an issue

Hi Guys,

So, this is a feature request, really. I'm attempting to heavily use onctous in my DynamoDB models, and bumping into a few issues. The current issue is that when I'm attempting to 'fetch' a number from DynamoDB (using Model.get()), no validation is done on the hash key input.

For instance, if I have a model that looks like:

class User(DynamoDBModel):
    __table__ = 'users_user'
    __hash_key__ = u'username'
    __schema__ = {
        u'username': All(Coerce(unicode), ToLower()),
    }

And I want to 'fetch' a User from Dynamo, assuming I have sloppy user input, I'd do something like:

username = raw_input('please enter your username!')
User.get(username)

But this would fail if the username the user entered was in upper or mixed case, since the validator rule wasn't applied before the actual get request was done from Dynamo.

I think that this would be really useful to have, as (at least from a user perspective), when you define your schema, and apply those validator (and transformation) rules, you basically expect them to just be applied everywhere: before an object is retrieved, after an object is retrieved, etc.

The way it works now means that in addition to using validators, I also have write my own custom validators and use them on user input before sending things off to dynamodb-mapper, which doubles my effort.

Comments (2)

  1. Max Noel

    I'm... Divided on this issue. On one hand, I see how it can save work, but on the other, I like to be very strict on user input validation.

    At the very least, it would be great to raise validation errors on .get (that way, when your key is very obviously wrong, you get a detailed explanation of why instead of having to backtrack from the DynamoDBKeyNotFoundError). If that means (thanks to the way Coerce works) that we'll auto-translate stuff and potentially distort some user input... I don't know. I suppose I could live with that.

  2. Randall Degges reporter

    Hrm, I see that point of view. What I'm wondering is if it's worth doing or not. I mean, for most people--is handling user input and validation necessary?

    I know that for what I'm using DynamoDB for, having it work that way would be a time saver as I wouldn't have to duplicate my efforts in the codebase, and could purely rely on the validators to handle everything.

    I'm not sure if my use case is the norm, however.

    Just for the record: I'm running an API company which handles phone numbers as user input. A user queries our API endpoint with a phone number in any format (eg: (222) 333-4444), and I've got to clean the number up into a standard format (+12223334444) then fetch the data from DynamoDB (whose hash key is the phone number in a sanitized format).

  3. Log in to comment