The Wayback Machine - https://web.archive.org/web/20220214125648/https://github.com/dotnet/aspnetcore/issues/40202
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Web API error response for malformed json using Text.Json is misleading and is exposing internals. #40202

Open
1 task done
KillerBoogie opened this issue Feb 14, 2022 · 0 comments
Open
1 task done

Web API error response for malformed json using Text.Json is misleading and is exposing internals. #40202

KillerBoogie opened this issue Feb 14, 2022 · 0 comments

Comments

@KillerBoogie
Copy link

@KillerBoogie KillerBoogie commented Feb 14, 2022

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

When a malformed Json is sent to a route the default serializer Text.Json creates a misleadig error message and exposes internal information. For example a malformed Guid or DateTime produces an error like:

"$.accountId": [
          "The JSON value could not be converted to Elwis.Orders.Application.CreateGroupDTO.
          Path: $.accountId | LineNumber: 1 | BytePositionInLine: 52."
        ]

Additionally, the variable name of the DTO is exposed and considered a field:

"createGroupDTO": [
          "The createGroupDTO field is required."
        ],

Expected Behavior

The error message for a malformed value must state that type only:
"The JSON value could not be converted to "Guid" or
"The JSON value could not be converted to "DateTime"

The name of the body variable should not be exposed in the error message. Only JSON values that can not be converted should be listed in the message.

Steps To Reproduce

Define DTO:

public record CreateGroupDTO(
            Guid AccountId,
            DateTime Start 
           );

Create method in GroupsController

[HttpPost]
[Route("")]
public ActionResult<GroupDTO> CreateGroup(CreateGroupDTO createGroupDTO) {...}

Post with malformed Json body

1) Guid

{
  "accountId": "4-5717-4562-b3fc-2c963f66afa6",
  "start": "2022-02-14T12:39:59.244Z"
}

response body:

{
  "type": "https://tools.ietf.org/html/rfc7231#section-6.5.1",
  "title": "One or more validation errors occurred.",
  "status": 400,
  "traceId": "00-44f0bdb2706fd407dbfa1282f04b66e1-5e64394e46fa6152-00",
  "errors": {
    "createGroupDTO": [
      "The createGroupDTO field is required."
    ],
    "$.accountId": [
      "The JSON value could not be converted to Elwis.Orders.Application.CreateGroupDTO. Path: $.accountId | LineNumber: 1 | BytePositionInLine: 46."
    ]
  }
}

2) DateTime

{
  "accountId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "start": "2022-02-30"
}

response body:

{
  "type": "https://tools.ietf.org/html/rfc7231#section-6.5.1",
  "title": "One or more validation errors occurred.",
  "status": 400,
  "traceId": "00-8f49393621db7dea28f797f4ee69f203-2612b8bd5fe0aa0d-00",
  "errors": {
    "createGroupDTO": [
      "The createGroupDTO field is required."
    ],
    "$.start": [
      "The JSON value could not be converted to Elwis.Orders.Application.CreateGroupDTO. Path: $.start | LineNumber: 2 | BytePositionInLine: 23."
    ]
  }
}

Exceptions (if any)

No response

.NET Version

6.0.101

Anything else?

No response
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
1 participant
@KillerBoogie