Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Add option to throw validation error on extra keys

See original GitHub issue

I’m not sure if I’m missing something, but I would like to throw error if extra keys are provided, as in:

>>> class AlbumSchema(Schema):
...     title = fields.Str()

>>> AlbumSchema(strict=True).load({'extra': 2}, allow_extra=False)
Traceback (most recent call last):
...
marshmallow.exceptions.ValidationError: {'_schema': ["Extra arguments passed: ['extra']"]}

I’ve been using the following implementation (taken from https://github.com/sloria/webargs/issues/87#issuecomment-183949558):

class BaseSchema(Schema):

    @pre_load
    def validate_extra(self, in_data):
        if not isinstance(in_data, dict):
            return

        extra_args = [key for key in in_data.keys() if key not in self.fields]
        if extra_args:
            raise ValidationError('Extra arguments passed: {}'.format(extra_args))

I would expect this to be a common need, however, so could it be supported by the library out-of-the-box?

Issue Analytics

State:
Created 7 years ago
Reactions:6
Comments:47 (36 by maintainers)

Top GitHub Comments

12reactions

sloriacommented, Jun 14, 2018

We still need to decide on a default. I think we should rule out “allow”–it is too permissive for the common use case. That leaves “ignore” and “raise”.

Let’s take a poll:

Add an emoji reaction to this comment with your vote.

😄 = “ignore” - Discard unknown fields but don’t error. This is the current behavior. DRF, Colander, and Valideer have this as the default. 🎉 = “raise” - Raise an error for unknown fields. Voluptuous, Cerberus, schema, and Schematics have this as the default.

7reactions

bivaldcommented, Mar 20, 2018

In my case it’s to avoid ambiguity. The API expects a set of keys to be present per method and only those keys. We use Marshmallow to power an API and you really want the boundaries of each API method to be crisp. I don’t want anyone to be able to “think”/“guess” that a key is valid because the API accepts it without sending an error.

A different use case is what I got from one of our developers today:

“I’m creating a page with a title and a slug but the API doesn’t accept the slug. It gives no error, it just creates a slug based on the title instead.”

Turns out the user sent the following JSON payload:

{
   "page_title": "My Page Title",
   "slug": "a-specific-slug"
}

But our API wants page_title and page_slug. However, supplying the slug is optional. So it doesn’t complain if the slug isn’t present, it just defaults to creating a slug from the title.

The backup option for us is to force page_slug key, but letting it be False if you want to auto-generate it. Perhaps thats what we’ll go with.

So that’s my use case.

Top Results From Across the Web

How to validate extra key in the Json Schema in C# and throw ...

So I have two Json files where I am validating them and If one file has extra key, I would like to throw...

Exceptions - Django REST framework

Exception handling in REST framework views. REST framework's views handle various exceptions, and deal with returning appropriate error responses.

Validation-and-Serialization - Fastify

The route validation internally relies upon Ajv v8 which is a high-performance JSON Schema validator. Validating the input is very easy: just add...

Active Record Validations - Ruby on Rails Guides

As you've already seen, the :message option lets you specify the message that will be added to the errors collection when validation fails....

validate.js

If an Error is thrown from an async validator the argument passed to the rejection handler ... validate.validators.custom = function(value, options, key, ...