C
C#17mo ago
Reed

❔ removing sensitive info (invalid post body)

I currently have the problem that when I make a post request with a body in which an attribute is of incorrect type (DateTime fileld with string). I get an error with too much detail. I want to make it more user readable.
10 Replies
Reed
ReedOP17mo ago
code snippet: 
"xxController.cs":
namespace xx.Controllers
{
  [ApiController]  // it is an option to remove this to be able to parse the body properly (see: https://stackoverflow.com/questions/60071028/invalid-model-class-property-error-in-net-core-api)
  [Produces("application/json")]
  [Route("xx/api/[controller]")]
  [PostBodyFilterAttribute("xxController")]
  public class xxController : Controller
  {
        [HttpPost]
        public async Task<ActionResult<ResponseFormDto>> PostTodoItem([FromBody]RequestFormDto requestForm)
        {   
            // DOES NOT REACH THIS PART
            try
            { ....
            
"RequestFormDto.cs"
public class RequestFormDto
  {
        [JsonPropertyName("whencalculated")]
        public DateTime? WhenCalculated {
      get;
      set; }
      ....
      
"xxController.cs":
namespace xx.Controllers
{
  [ApiController]  // it is an option to remove this to be able to parse the body properly (see: https://stackoverflow.com/questions/60071028/invalid-model-class-property-error-in-net-core-api)
  [Produces("application/json")]
  [Route("xx/api/[controller]")]
  [PostBodyFilterAttribute("xxController")]
  public class xxController : Controller
  {
        [HttpPost]
        public async Task<ActionResult<ResponseFormDto>> PostTodoItem([FromBody]RequestFormDto requestForm)
        {   
            // DOES NOT REACH THIS PART
            try
            { ....
            
"RequestFormDto.cs"
public class RequestFormDto
  {
        [JsonPropertyName("whencalculated")]
        public DateTime? WhenCalculated {
      get;
      set; }
      ....
      
{
    "type": "sdfsdfsdfsd",
    "title": "One or more validation errors occurred.",
    "status": 400,
    "traceId": "sdfsdfsdfsdf",
    "errors": {
        "requestForm": [
            "The requestForm field is required."
        ],
        "$.whencalculated": [
            "The JSON value could not be converted to System.Nullable`1[System.DateTime]. Path: SENSITIVE DATA"
        ]
    }
}
{
    "type": "sdfsdfsdfsd",
    "title": "One or more validation errors occurred.",
    "status": 400,
    "traceId": "sdfsdfsdfsdf",
    "errors": {
        "requestForm": [
            "The requestForm field is required."
        ],
        "$.whencalculated": [
            "The JSON value could not be converted to System.Nullable`1[System.DateTime]. Path: SENSITIVE DATA"
        ]
    }
}
above is the error I get
Jimmacle
Jimmacle17mo ago
that looks like a pretty standard error response
Reed
ReedOP17mo ago
It has references to which line of code it originated I don't think a client should know that I would like something of the form: error message: xxx status code: xxx
Jimmacle
Jimmacle17mo ago
i assume that's only included in debug builds of your program because that debugging data isn't generated in release builds by default
Reed
ReedOP17mo ago
that is possible 🤔 But is it possible to catch or "Filter" this exception?
Jimmacle
Jimmacle17mo ago
Reed
ReedOP17mo ago
I found out that [ApiController] is responsible for throwing default 400's if there's something wrong with the body of the request I will read on it, thank you I thought the section"Use exceptions to modify the response" Would fix it but after implementing it I still wasn't able to catch the repsonse
Jimmacle
Jimmacle17mo ago
i linked you directly to the section for changing how validation errors are responded to
Reed
ReedOP17mo ago
oh, thought you wanted me to read the whole article. I will look into that specific part
Accord
Accord17mo ago
Was this issue resolved? If so, run /close - otherwise I will mark this as stale and this post will be archived until there is new activity.
Want results from more Discord servers?
Add your server