Respect configured MaxModelValidationErrors in operations

Bart Koelman · Bart Koelman · commit c788cd7e2461 · 2021-10-18T13:18:46.000+02:00
diff --git a/src/JsonApiDotNetCore/Controllers/BaseJsonApiOperationsController.cs b/src/JsonApiDotNetCore/Controllers/BaseJsonApiOperationsController.cs
@@ -133,48 +133,79 @@ protected virtual void ValidateModelState(IList<OperationContainer> operations)
             using IDisposable _ = new RevertRequestStateOnDispose(_request, _targetedFields);
 
             int operationIndex = 0;
-            var requestModelState = new Dictionary<string, ModelStateEntry>();
+            var requestModelState = new List<(string key, ModelStateEntry entry)>();
+            int maxErrorsRemaining = ModelState.MaxAllowedErrors;
 
             foreach (OperationContainer operation in operations)
             {
-                if (operation.Request.WriteOperation is WriteOperationKind.CreateResource or WriteOperationKind.UpdateResource)
+                if (maxErrorsRemaining < 1)
                 {
-                    _targetedFields.CopyFrom(operation.TargetedFields);
-                    _request.CopyFrom(operation.Request);
-
-                    var validationContext = new ActionContext();
-                    ObjectValidator.Validate(validationContext, null, string.Empty, operation.Resource);
-
-                    CopyValidationErrorsFromOperation(validationContext.ModelState, operationIndex, requestModelState);
+                    break;
                 }
 
+                maxErrorsRemaining = ValidateOperation(operation, operationIndex, requestModelState, maxErrorsRemaining);
+
                 operationIndex++;
             }
 
             if (requestModelState.Any())
             {
-                throw new InvalidModelStateException(requestModelState, typeof(IList<OperationContainer>), _options.IncludeExceptionStackTraceInErrors,
+                Dictionary<string, ModelStateEntry> modelStateDictionary = requestModelState.ToDictionary(tuple => tuple.key, tuple => tuple.entry);
+
+                throw new InvalidModelStateException(modelStateDictionary, typeof(IList<OperationContainer>), _options.IncludeExceptionStackTraceInErrors,
                     _resourceGraph,
                     (collectionType, index) => collectionType == typeof(IList<OperationContainer>) ? operations[index].Resource.GetType() : null);
             }
         }
 
-        private static void CopyValidationErrorsFromOperation(ModelStateDictionary operationModelState, int operationIndex,
-            Dictionary<string, ModelStateEntry> requestModelState)
+        private int ValidateOperation(OperationContainer operation, int operationIndex, List<(string key, ModelStateEntry entry)> requestModelState,
+            int maxErrorsRemaining)
         {
-            if (!operationModelState.IsValid)
+            if (operation.Request.WriteOperation is WriteOperationKind.CreateResource or WriteOperationKind.UpdateResource)
             {
-                foreach (string key in operationModelState.Keys)
+                _targetedFields.CopyFrom(operation.TargetedFields);
+                _request.CopyFrom(operation.Request);
+
+                var validationContext = new ActionContext
+                {
+                    ModelState =
+                    {
+                        MaxAllowedErrors = maxErrorsRemaining
+                    }
+                };
+
+                ObjectValidator.Validate(validationContext, null, string.Empty, operation.Resource);
+
+                if (!validationContext.ModelState.IsValid)
                 {
-                    ModelStateEntry entry = operationModelState[key];
+                    int errorsRemaining = maxErrorsRemaining;
 
-                    if (entry.ValidationState == ModelValidationState.Invalid)
+                    foreach (string key in validationContext.ModelState.Keys)
                     {
-                        string operationKey = $"[{operationIndex}].{nameof(OperationContainer.Resource)}." + key;
-                        requestModelState[operationKey] = entry;
+                        ModelStateEntry entry = validationContext.ModelState[key];
+
+                        if (entry.ValidationState == ModelValidationState.Invalid)
+                        {
+                            string operationKey = $"[{operationIndex}].{nameof(OperationContainer.Resource)}." + key;
+
+                            if (entry.Errors.Count > 0 && entry.Errors[0].Exception is TooManyModelErrorsException)
+                            {
+                                requestModelState.Insert(0, (operationKey, entry));
+                            }
+                            else
+                            {
+                                requestModelState.Add((operationKey, entry));
+                            }
+
+                            errorsRemaining -= entry.Errors.Count;
+                        }
                     }
+
+                    return errorsRemaining;
                 }
             }
+
+            return maxErrorsRemaining;
         }
     }
 }
diff --git a/src/JsonApiDotNetCore/Errors/InvalidModelStateException.cs b/src/JsonApiDotNetCore/Errors/InvalidModelStateException.cs
@@ -26,8 +26,8 @@ public InvalidModelStateException(IReadOnlyDictionary<string, ModelStateEntry> m
         {
         }
 
-        private static IEnumerable<ErrorObject> FromModelStateDictionary(IReadOnlyDictionary<string, ModelStateEntry> modelState, Type modelType, IResourceGraph resourceGraph,
-            bool includeExceptionStackTraceInErrors, Func<Type, int, Type?>? getCollectionElementTypeCallback)
+        private static IEnumerable<ErrorObject> FromModelStateDictionary(IReadOnlyDictionary<string, ModelStateEntry> modelState, Type modelType,
+            IResourceGraph resourceGraph, bool includeExceptionStackTraceInErrors, Func<Type, int, Type?>? getCollectionElementTypeCallback)
         {
             ArgumentGuard.NotNull(modelState, nameof(modelState));
             ArgumentGuard.NotNull(modelType, nameof(modelType));
@@ -179,7 +179,7 @@ private static ErrorObject FromModelError(ModelError modelError, string? sourceP
             var error = new ErrorObject(HttpStatusCode.UnprocessableEntity)
             {
                 Title = "Input validation failed.",
-                Detail = modelError.ErrorMessage,
+                Detail = modelError.Exception is TooManyModelErrorsException tooManyException ? tooManyException.Message : modelError.ErrorMessage,
                 Source = sourcePointer == null
                     ? null
                     : new ErrorSource
diff --git a/test/JsonApiDotNetCoreTests/IntegrationTests/AtomicOperations/ModelStateValidation/AtomicModelStateValidationTests.cs b/test/JsonApiDotNetCoreTests/IntegrationTests/AtomicOperations/ModelStateValidation/AtomicModelStateValidationTests.cs
@@ -448,6 +448,7 @@ public async Task Validates_all_operations_before_execution_starts()
                             type = "musicTracks",
                             attributes = new
                             {
+                                title = "some",
                                 lengthInSeconds = -1
                             }
                         }
@@ -463,7 +464,7 @@ public async Task Validates_all_operations_before_execution_starts()
             // Assert
             httpResponse.Should().HaveStatusCode(HttpStatusCode.UnprocessableEntity);
 
-            responseDocument.Errors.Should().HaveCount(3);
+            responseDocument.Errors.Should().HaveCount(2);
 
             ErrorObject error1 = responseDocument.Errors[0];
             error1.StatusCode.Should().Be(HttpStatusCode.UnprocessableEntity);
@@ -474,14 +475,96 @@ public async Task Validates_all_operations_before_execution_starts()
             ErrorObject error2 = responseDocument.Errors[1];
             error2.StatusCode.Should().Be(HttpStatusCode.UnprocessableEntity);
             error2.Title.Should().Be("Input validation failed.");
-            error2.Detail.Should().Be("The Title field is required.");
-            error2.Source.Pointer.Should().Be("/atomic:operations[1]/data/attributes/title");
+            error2.Detail.Should().Be("The field LengthInSeconds must be between 1 and 1440.");
+            error2.Source.Pointer.Should().Be("/atomic:operations[1]/data/attributes/lengthInSeconds");
+        }
+
+        [Fact]
+        public async Task Does_not_exceed_MaxModelValidationErrors()
+        {
+            // Arrange
+            var requestBody = new
+            {
+                atomic__operations = new object[]
+                {
+                    new
+                    {
+                        op = "add",
+                        data = new
+                        {
+                            type = "playlists",
+                            attributes = new
+                            {
+                                name = (string)null
+                            }
+                        }
+                    },
+                    new
+                    {
+                        op = "add",
+                        data = new
+                        {
+                            type = "playlists",
+                            attributes = new
+                            {
+                                name = (string)null
+                            }
+                        }
+                    },
+                    new
+                    {
+                        op = "add",
+                        data = new
+                        {
+                            type = "musicTracks",
+                            attributes = new
+                            {
+                                lengthInSeconds = -1
+                            }
+                        }
+                    },
+                    new
+                    {
+                        op = "add",
+                        data = new
+                        {
+                            type = "playlists",
+                            attributes = new
+                            {
+                                name = (string)null
+                            }
+                        }
+                    }
+                }
+            };
+
+            const string route = "/operations";
+
+            // Act
+            (HttpResponseMessage httpResponse, Document responseDocument) = await _testContext.ExecutePostAtomicAsync<Document>(route, requestBody);
+
+            // Assert
+            httpResponse.Should().HaveStatusCode(HttpStatusCode.UnprocessableEntity);
+
+            responseDocument.Errors.Should().HaveCount(3);
+
+            ErrorObject error1 = responseDocument.Errors[0];
+            error1.StatusCode.Should().Be(HttpStatusCode.UnprocessableEntity);
+            error1.Title.Should().Be("Input validation failed.");
+            error1.Detail.Should().Be("The maximum number of allowed model errors has been reached.");
+            error1.Source.Should().BeNull();
+
+            ErrorObject error2 = responseDocument.Errors[1];
+            error2.StatusCode.Should().Be(HttpStatusCode.UnprocessableEntity);
+            error2.Title.Should().Be("Input validation failed.");
+            error2.Detail.Should().Be("The Name field is required.");
+            error2.Source.Pointer.Should().Be("/atomic:operations[0]/data/attributes/name");
 
             ErrorObject error3 = responseDocument.Errors[2];
             error3.StatusCode.Should().Be(HttpStatusCode.UnprocessableEntity);
             error3.Title.Should().Be("Input validation failed.");
-            error3.Detail.Should().Be("The field LengthInSeconds must be between 1 and 1440.");
-            error3.Source.Pointer.Should().Be("/atomic:operations[1]/data/attributes/lengthInSeconds");
+            error2.Detail.Should().Be("The Name field is required.");
+            error3.Source.Pointer.Should().Be("/atomic:operations[1]/data/attributes/name");
         }
     }
 }
diff --git a/test/JsonApiDotNetCoreTests/IntegrationTests/InputValidation/ModelState/ModelStateValidationTests.cs b/test/JsonApiDotNetCoreTests/IntegrationTests/InputValidation/ModelState/ModelStateValidationTests.cs
@@ -167,6 +167,7 @@ public async Task Cannot_create_resource_with_multiple_violations()
                     type = "systemDirectories",
                     attributes = new
                     {
+                        isCaseSensitive = false,
                         sizeInBytes = -1
                     }
                 }
@@ -180,7 +181,7 @@ public async Task Cannot_create_resource_with_multiple_violations()
             // Assert
             httpResponse.Should().HaveStatusCode(HttpStatusCode.UnprocessableEntity);
 
-            responseDocument.Errors.Should().HaveCount(3);
+            responseDocument.Errors.Should().HaveCount(2);
 
             ErrorObject error1 = responseDocument.Errors[0];
             error1.StatusCode.Should().Be(HttpStatusCode.UnprocessableEntity);
@@ -193,6 +194,45 @@ public async Task Cannot_create_resource_with_multiple_violations()
             error2.Title.Should().Be("Input validation failed.");
             error2.Detail.Should().Be("The field SizeInBytes must be between 0 and 9223372036854775807.");
             error2.Source.Pointer.Should().Be("/data/attributes/sizeInBytes");
+        }
+
+        [Fact]
+        public async Task Does_not_exceed_MaxModelValidationErrors()
+        {
+            // Arrange
+            var requestBody = new
+            {
+                data = new
+                {
+                    type = "systemDirectories",
+                    attributes = new
+                    {
+                        sizeInBytes = -1
+                    }
+                }
+            };
+
+            const string route = "/systemDirectories";
+
+            // Act
+            (HttpResponseMessage httpResponse, Document responseDocument) = await _testContext.ExecutePostAsync<Document>(route, requestBody);
+
+            // Assert
+            httpResponse.Should().HaveStatusCode(HttpStatusCode.UnprocessableEntity);
+
+            responseDocument.Errors.Should().HaveCount(3);
+
+            ErrorObject error1 = responseDocument.Errors[0];
+            error1.StatusCode.Should().Be(HttpStatusCode.UnprocessableEntity);
+            error1.Title.Should().Be("Input validation failed.");
+            error1.Detail.Should().Be("The maximum number of allowed model errors has been reached.");
+            error1.Source.Should().BeNull();
+
+            ErrorObject error2 = responseDocument.Errors[1];
+            error2.StatusCode.Should().Be(HttpStatusCode.UnprocessableEntity);
+            error2.Title.Should().Be("Input validation failed.");
+            error2.Detail.Should().Be("The Name field is required.");
+            error2.Source.Pointer.Should().Be("/data/attributes/directoryName");
 
             ErrorObject error3 = responseDocument.Errors[2];
             error3.StatusCode.Should().Be(HttpStatusCode.UnprocessableEntity);
diff --git a/test/JsonApiDotNetCoreTests/Startups/ModelStateValidationStartup.cs b/test/JsonApiDotNetCoreTests/Startups/ModelStateValidationStartup.cs
@@ -3,6 +3,7 @@
 using JetBrains.Annotations;
 using JsonApiDotNetCore.Configuration;
 using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.DependencyInjection;
 using TestBuildingBlocks;
 
 namespace JsonApiDotNetCoreTests.Startups
@@ -11,6 +12,13 @@ namespace JsonApiDotNetCoreTests.Startups
     public sealed class ModelStateValidationStartup<TDbContext> : TestableStartup<TDbContext>
         where TDbContext : DbContext
     {
+        public override void ConfigureServices(IServiceCollection services)
+        {
+            IMvcCoreBuilder mvcBuilder = services.AddMvcCore(options => options.MaxModelValidationErrors = 3);
+
+            services.AddJsonApi<TDbContext>(SetJsonApiOptions, mvcBuilder: mvcBuilder);
+        }
+
         protected override void SetJsonApiOptions(JsonApiOptions options)
         {
             base.SetJsonApiOptions(options);

Original file line number	Diff line number	Diff line change
`@@ -26,8 +26,8 @@ public InvalidModelStateException(IReadOnlyDictionary<string, ModelStateEntry> m`
`26`	`26`	`{`
`27`	`27`	`}`
`28`	`28`
`29`		`- private static IEnumerable<ErrorObject> FromModelStateDictionary(IReadOnlyDictionary<string, ModelStateEntry> modelState, Type modelType, IResourceGraph resourceGraph,`
`30`		`- bool includeExceptionStackTraceInErrors, Func<Type, int, Type?>? getCollectionElementTypeCallback)`
	`29`	`+ private static IEnumerable<ErrorObject> FromModelStateDictionary(IReadOnlyDictionary<string, ModelStateEntry> modelState, Type modelType,`
	`30`	`+ IResourceGraph resourceGraph, bool includeExceptionStackTraceInErrors, Func<Type, int, Type?>? getCollectionElementTypeCallback)`
`31`	`31`	`{`
`32`	`32`	`ArgumentGuard.NotNull(modelState, nameof(modelState));`
`33`	`33`	`ArgumentGuard.NotNull(modelType, nameof(modelType));`
`@@ -179,7 +179,7 @@ private static ErrorObject FromModelError(ModelError modelError, string? sourceP`
`179`	`179`	`var error = new ErrorObject(HttpStatusCode.UnprocessableEntity)`
`180`	`180`	`{`
`181`	`181`	`Title = "Input validation failed.",`
`182`		`- Detail = modelError.ErrorMessage,`
	`182`	`+ Detail = modelError.Exception is TooManyModelErrorsException tooManyException ? tooManyException.Message : modelError.ErrorMessage,`
`183`	`183`	`Source = sourcePointer == null`
`184`	`184`	`? null`
`185`	`185`	`: new ErrorSource`