flask_Marshmallow 的 Flask sqlAlchemy 验证问题
Flask sqlAlchemy validation issue with flask_Marshmallow
使用 flask_marshmallow 进行输入验证,使用 scheme.load() ,我无法捕获模型中 @validates 装饰器生成的错误
我在资源中捕获了结果和错误,但错误直接发送给用户
==========model.py==========
```python
from sqlalchemy.orm import validates
from sqlalchemy import Column, ForeignKey, Integer, String, DateTime
from sqlalchemy.orm import relationship, backref
from sqlalchemy import create_engine
from sqlalchemy.sql import func
from flask_marshmallow import Marshmallow
from flask_sqlalchemy import SQLAlchemy
from datetime import datetime
from sqlalchemy.orm import joinedload
db = SQLAlchemy()
ma = Marshmallow()
class Company(db.Model):
__tablename__ = "company"
id = db.Column(db.Integer, primary_key=True)
name = db.Column(db.String(250), nullable=False)
addressLine1 = db.Column(db.String(250), nullable=False)
addressLine2 = db.Column(db.String(250), nullable=True)
city = db.Column(db.String(250), nullable=False)
state = db.Column(db.String(250), nullable=False)
zipCode = db.Column(db.String(10), nullable=False)
logo = db.Column(db.String(250), nullable=True)
website = db.Column(db.String(250), nullable=False)
recognition = db.Column(db.String(250), nullable=True)
vision = db.Column(db.String(250), nullable=True)
history = db.Column(db.String(250), nullable=True)
mission = db.Column(db.String(250), nullable=True)
jobs = relationship("Job", cascade="all, delete-orphan")
def save_to_db(self):
db.session.add(self)
db.session.commit()
@validates('name')
def validate_name(self, key, name):
print("=====inside validate_name=======")
if not name:
raise AssertionError('No Company name provided')
if Company.query.filter(Company.name == name).first():
raise AssertionError('Company name is already in use')
if len(name) < 4 or len(name) > 120:
raise AssertionError('Company name must be between 3 and 120 characters')
return name
```
==========schemas_company.py==============
```python
from ma import ma
from models.model import Company
class CompanySchema(ma.ModelSchema):
class Meta:
model = Company
```
=============resources_company.py
```python
from schemas.company import CompanySchema
company_schema = CompanySchema(exclude='jobs')
COMPANY_ALREADY_EXIST = "A company with the same name already exists"
COMPANY_CREATED_SUCCESSFULLY = "The company was sucessfully created"
@api.route('/company')
class Company(Resource):
def post(self, *args, **kwargs):
""" Creating a new Company """
data = request.get_json(force=True)
schema = CompanySchema()
if data:
logger.info("Data got by /api/test/testId methd %s" % data)
# Validation with schema.load() OPTION_2
company, errors = schema.load(data)
print(company)
print(errors)
if errors:
return {"errors": errors}, 422
company.save_to_db()
return {"message": COMPANY_CREATED_SUCCESSFULLY}, 201
```
===========请求==========
这是来自用户POST的请求
{
"name": "123",
"addressLine1": "400 S Royal King Ave",
"addressLine2": "Suite 356",
"city": "Miami",
"state": "FL",
"zipCode": "88377",
"logo": "This is the logo",
"website": "http://www.python.com",
"recognition": "Most innovated company in the USA 2018-2019",
"vision": "We want to change for better all that needs to be changed",
"history": "Created in 2016 with the objective of automate all needed process",
"mission": " Our mission is to find solutions to old problems"
}
====问题描述======
上面的 POST 请求根据 model.py 中的 validate_name 函数生成一个 AssertionError 异常,如下所示:
File "code/models/model.py", line 95, in validate_name
raise AssertionError('Company name must be between 3 and 120 characters')
AssertionError: Company name must be between 3 and 120 characters
127.0.0.1 - - [30/Dec/2018 13:44:58] "POST /api/company HTTP/1.1" 500 -
所以 returns 给用户的响应是这个无用的错误消息
{
"message": "Internal Server Error"
}
我的问题是:
我必须做什么才能将引发的 AssertionError 消息发送给用户,而不是这个丑陋的错误消息?
AssertionError message
{
"message": "Company name must be between 3 and 120 characters"
}
Exception
{
"message": "Internal Server Error"
}
我以为错误会捕获@validates('name') 生成的异常,但看起来并非如此。
也许看看:
http://flask.pocoo.org/docs/1.0/errorhandling/
您可以为您的AssertionError
注册一个handler
。
我找到了解决问题的方法。
我将架构更改为:
from ma import ma
from models.model import Company
from marshmallow import fields, validate
class CompanySchema(ma.ModelSchema):
name = fields.Str(required=True, validate=[validate.Length(min=4, max=250)])
addressLine1 = fields.Str(required=True, validate=[validate.Length(min=5, max=250)])
addressLine2 = fields.Str(required=False, validate=[validate.Length(max=250)])
city = fields.Str(required=True, validate=[validate.Length(min=5, max=100)])
state = fields.Str(required=True, validate=[validate.Length(min=2, max=10)])
zipCode = fields.Str(required=True, validate=[validate.Length(min=5, max=250)])
logo = fields.Str(required=False, validate=[validate.Length(max=250)])
website = fields.Str(required=True, validate=[validate.Length(min=5, max=250)])
recognition = fields.Str(required=False, validate=[validate.Length(max=250)])
vision = fields.Str(required=False, validate=[validate.Length(max=250)])
history = fields.Str(required=False, validate=[validate.Length(max=250)])
mission = fields.Str(required=False, validate=[validate.Length(max=250)])
class Meta:
model = Company
现在我不验证模型中的任何内容,所以我的模型只是
class Company(db.Model):
__tablename__ = "company"
id = db.Column(db.Integer, primary_key=True)
name = db.Column(db.String(250), nullable=False)
addressLine1 = db.Column(db.String(250), nullable=False)
addressLine2 = db.Column(db.String(250), nullable=True)
city = db.Column(db.String(250), nullable=False)
state = db.Column(db.String(250), nullable=False)
zipCode = db.Column(db.String(10), nullable=False)
logo = db.Column(db.String(250), nullable=True)
website = db.Column(db.String(250), nullable=False)
recognition = db.Column(db.String(250), nullable=True)
vision = db.Column(db.String(250), nullable=True)
history = db.Column(db.String(250), nullable=True)
mission = db.Column(db.String(250), nullable=True)
jobs = relationship("Job", cascade="all, delete-orphan")
def save_to_db(self):
print("=====inside save_to_db=======")
db.session.add(self)
db.session.commit()
所以在资源(视图)端点中,我有:
@api.route('/company')
class Company(Resource):
def post(self, *args, **kwargs):
""" Creating a new Company """
data = request.get_json(force=True)
schema = CompanySchema()
if data:
logger.info("Data got by /api/test/testId method %s" % data)
# Validation with schema.load() OPTION_2
company, errors = schema.load(data)
print(company)
if errors:
return {"errors": errors}, 422
company.save_to_db()
return {"message": COMPANY_CREATED_SUCCESSFULLY}, 201
因此,现在当用户使用少于 4 个字符的名称发出错误请求时,我能够 return 向用户提供一个漂亮的错误响应,如下
{
"errors": {
"name": [
"Length must be between 4 and 250."
]
}
}
但如果您注意到我这样做的原因以及我使用的“模式”,您将看到以下详细信息
- -使用flask_marshmallow进行序列化和反序列化。
- -在我的模型中,我使用棉花糖(不是 flask_marshmallow)进行验证
- -验证适用于 schema.load()
- -我想知道如何才能向输入添加比我使用的验证更复杂的验证?
- -这是一个很好的模式,可以做哪些改进?
谢谢
我认为您的代码中的错误是您在验证器中引发了 AssertionError
而不是棉花糖的 ValidationError
.
您的回答方向正确,创建了一个使用棉花糖验证器的模式(required
、Length
、...)。您可以通过定义其他验证器(字段或模式验证器)来添加自定义验证。
您可以使用 webargs 来验证输入,而不是在视图函数中手动验证。它在内部使用 marshmallow,由 marshmallow 团队维护。
我做的是做一个方法而不是棉花糖的加载
def json_loader(schema, json):
try:
assert json is not None, "request body is required"
except AssertionError as assertionError:
raise InvalidUsage(40001, assertionError.args[0], 400)
result = schema.load(json)
if result.errors:
raise InvalidUsage(40001, result.errors, 400)
else:
return result.data
但是,如果使用3.0版本。他们改变了这部分。这是他们的例子。
from marshmallow import ValidationError
try:
result = UserSchema().load({'name': 'John', 'email': 'foo'})
except ValidationError as err:
err.messages # => {'email': ['"foo" is not a valid email address.']}
valid_data = err.valid_data # => {'name': 'John'}
https://marshmallow.readthedocs.io/en/3.0/quickstart.html#validation
我希望这还不算太晚,
下面的示例是将错误显示到 api 响应的工作示例。
诀窍是使用 returns 错误字典的验证方法,或者更确切地说是可以向用户显示的错误字典列表。
from flask import request
import datetime as dt
from marshmallow import (
Schema,RAISE,fields,pprint,validate,ValidationError,post_load)
from flask_restplus import Api,Resource
app = Flask(__name__)
api = Api(app, prefix="/api/v1")
class User:
def __init__(self, name,email,age,permission):
self.name = name
self.email = email
self.age = age
self.permission = permission
self.created_at = dt.datetime.utcnow()
def __repr__(self):
return "User(name={})".format(self.name)
class Userschema(Schema):
name = fields.Str(required=True,validate=[validate.Length(min=1)])
email = fields.Email(required=True,validate=[validate.Length(min=1)])
permission = fields.Str(validate=[validate.OneOf(["read","write","admin"])])
age = fields.Int(validate=[validate.Range(min=10,max=30)])
@post_load
def make_user(self,data,**kwargs):
return User(**data)
users = []
class UserCollection(Resource):
def get(self):
return {"subscriberList":users}
def post(self,*args,**kwargs):
schema = Userschema()
data = request.get_json(force=True)
errors = schema.validate(api.payload)
if errors:
return errors, 422
user=schema.load(data)
result = schema.dump(user)
users.append(result)
return {"msg": "Subscriber added"},201
api.add_resource(UserCollection,'/subscribers')
if __name__ == "__main__":
app.run(debug=True)
请求 && 响应
http://localhost:5000/api/v1/subscribers
Post正文
{
"name": "derrick",
"permission": "esc",
"age": 2,
"email":"me@gmail"
}
回应
{
"email": [
"Not a valid email address."
],
"permission": [
"Must be one of: read, write, admin."
],
"age": [
"Must be greater than or equal to 10 and less than or equal to 30."
]
}
使用 flask_marshmallow 进行输入验证,使用 scheme.load() ,我无法捕获模型中 @validates 装饰器生成的错误
我在资源中捕获了结果和错误,但错误直接发送给用户
==========model.py==========
```python
from sqlalchemy.orm import validates
from sqlalchemy import Column, ForeignKey, Integer, String, DateTime
from sqlalchemy.orm import relationship, backref
from sqlalchemy import create_engine
from sqlalchemy.sql import func
from flask_marshmallow import Marshmallow
from flask_sqlalchemy import SQLAlchemy
from datetime import datetime
from sqlalchemy.orm import joinedload
db = SQLAlchemy()
ma = Marshmallow()
class Company(db.Model):
__tablename__ = "company"
id = db.Column(db.Integer, primary_key=True)
name = db.Column(db.String(250), nullable=False)
addressLine1 = db.Column(db.String(250), nullable=False)
addressLine2 = db.Column(db.String(250), nullable=True)
city = db.Column(db.String(250), nullable=False)
state = db.Column(db.String(250), nullable=False)
zipCode = db.Column(db.String(10), nullable=False)
logo = db.Column(db.String(250), nullable=True)
website = db.Column(db.String(250), nullable=False)
recognition = db.Column(db.String(250), nullable=True)
vision = db.Column(db.String(250), nullable=True)
history = db.Column(db.String(250), nullable=True)
mission = db.Column(db.String(250), nullable=True)
jobs = relationship("Job", cascade="all, delete-orphan")
def save_to_db(self):
db.session.add(self)
db.session.commit()
@validates('name')
def validate_name(self, key, name):
print("=====inside validate_name=======")
if not name:
raise AssertionError('No Company name provided')
if Company.query.filter(Company.name == name).first():
raise AssertionError('Company name is already in use')
if len(name) < 4 or len(name) > 120:
raise AssertionError('Company name must be between 3 and 120 characters')
return name
```
==========schemas_company.py==============
```python
from ma import ma
from models.model import Company
class CompanySchema(ma.ModelSchema):
class Meta:
model = Company
```
=============resources_company.py
```python
from schemas.company import CompanySchema
company_schema = CompanySchema(exclude='jobs')
COMPANY_ALREADY_EXIST = "A company with the same name already exists"
COMPANY_CREATED_SUCCESSFULLY = "The company was sucessfully created"
@api.route('/company')
class Company(Resource):
def post(self, *args, **kwargs):
""" Creating a new Company """
data = request.get_json(force=True)
schema = CompanySchema()
if data:
logger.info("Data got by /api/test/testId methd %s" % data)
# Validation with schema.load() OPTION_2
company, errors = schema.load(data)
print(company)
print(errors)
if errors:
return {"errors": errors}, 422
company.save_to_db()
return {"message": COMPANY_CREATED_SUCCESSFULLY}, 201
```
===========请求==========
这是来自用户POST的请求
{
"name": "123",
"addressLine1": "400 S Royal King Ave",
"addressLine2": "Suite 356",
"city": "Miami",
"state": "FL",
"zipCode": "88377",
"logo": "This is the logo",
"website": "http://www.python.com",
"recognition": "Most innovated company in the USA 2018-2019",
"vision": "We want to change for better all that needs to be changed",
"history": "Created in 2016 with the objective of automate all needed process",
"mission": " Our mission is to find solutions to old problems"
}
====问题描述======
上面的 POST 请求根据 model.py 中的 validate_name 函数生成一个 AssertionError 异常,如下所示:
File "code/models/model.py", line 95, in validate_name
raise AssertionError('Company name must be between 3 and 120 characters')
AssertionError: Company name must be between 3 and 120 characters
127.0.0.1 - - [30/Dec/2018 13:44:58] "POST /api/company HTTP/1.1" 500 -
所以 returns 给用户的响应是这个无用的错误消息
{
"message": "Internal Server Error"
}
我的问题是:
我必须做什么才能将引发的 AssertionError 消息发送给用户,而不是这个丑陋的错误消息?
AssertionError message
{
"message": "Company name must be between 3 and 120 characters"
}
Exception
{
"message": "Internal Server Error"
}
我以为错误会捕获@validates('name') 生成的异常,但看起来并非如此。
也许看看:
http://flask.pocoo.org/docs/1.0/errorhandling/
您可以为您的AssertionError
注册一个handler
。
我找到了解决问题的方法。 我将架构更改为:
from ma import ma
from models.model import Company
from marshmallow import fields, validate
class CompanySchema(ma.ModelSchema):
name = fields.Str(required=True, validate=[validate.Length(min=4, max=250)])
addressLine1 = fields.Str(required=True, validate=[validate.Length(min=5, max=250)])
addressLine2 = fields.Str(required=False, validate=[validate.Length(max=250)])
city = fields.Str(required=True, validate=[validate.Length(min=5, max=100)])
state = fields.Str(required=True, validate=[validate.Length(min=2, max=10)])
zipCode = fields.Str(required=True, validate=[validate.Length(min=5, max=250)])
logo = fields.Str(required=False, validate=[validate.Length(max=250)])
website = fields.Str(required=True, validate=[validate.Length(min=5, max=250)])
recognition = fields.Str(required=False, validate=[validate.Length(max=250)])
vision = fields.Str(required=False, validate=[validate.Length(max=250)])
history = fields.Str(required=False, validate=[validate.Length(max=250)])
mission = fields.Str(required=False, validate=[validate.Length(max=250)])
class Meta:
model = Company
现在我不验证模型中的任何内容,所以我的模型只是
class Company(db.Model):
__tablename__ = "company"
id = db.Column(db.Integer, primary_key=True)
name = db.Column(db.String(250), nullable=False)
addressLine1 = db.Column(db.String(250), nullable=False)
addressLine2 = db.Column(db.String(250), nullable=True)
city = db.Column(db.String(250), nullable=False)
state = db.Column(db.String(250), nullable=False)
zipCode = db.Column(db.String(10), nullable=False)
logo = db.Column(db.String(250), nullable=True)
website = db.Column(db.String(250), nullable=False)
recognition = db.Column(db.String(250), nullable=True)
vision = db.Column(db.String(250), nullable=True)
history = db.Column(db.String(250), nullable=True)
mission = db.Column(db.String(250), nullable=True)
jobs = relationship("Job", cascade="all, delete-orphan")
def save_to_db(self):
print("=====inside save_to_db=======")
db.session.add(self)
db.session.commit()
所以在资源(视图)端点中,我有:
@api.route('/company')
class Company(Resource):
def post(self, *args, **kwargs):
""" Creating a new Company """
data = request.get_json(force=True)
schema = CompanySchema()
if data:
logger.info("Data got by /api/test/testId method %s" % data)
# Validation with schema.load() OPTION_2
company, errors = schema.load(data)
print(company)
if errors:
return {"errors": errors}, 422
company.save_to_db()
return {"message": COMPANY_CREATED_SUCCESSFULLY}, 201
因此,现在当用户使用少于 4 个字符的名称发出错误请求时,我能够 return 向用户提供一个漂亮的错误响应,如下
{
"errors": {
"name": [
"Length must be between 4 and 250."
]
}
}
但如果您注意到我这样做的原因以及我使用的“模式”,您将看到以下详细信息
- -使用flask_marshmallow进行序列化和反序列化。
- -在我的模型中,我使用棉花糖(不是 flask_marshmallow)进行验证
- -验证适用于 schema.load()
- -我想知道如何才能向输入添加比我使用的验证更复杂的验证?
- -这是一个很好的模式,可以做哪些改进?
谢谢
我认为您的代码中的错误是您在验证器中引发了 AssertionError
而不是棉花糖的 ValidationError
.
您的回答方向正确,创建了一个使用棉花糖验证器的模式(required
、Length
、...)。您可以通过定义其他验证器(字段或模式验证器)来添加自定义验证。
您可以使用 webargs 来验证输入,而不是在视图函数中手动验证。它在内部使用 marshmallow,由 marshmallow 团队维护。
我做的是做一个方法而不是棉花糖的加载
def json_loader(schema, json):
try:
assert json is not None, "request body is required"
except AssertionError as assertionError:
raise InvalidUsage(40001, assertionError.args[0], 400)
result = schema.load(json)
if result.errors:
raise InvalidUsage(40001, result.errors, 400)
else:
return result.data
但是,如果使用3.0版本。他们改变了这部分。这是他们的例子。
from marshmallow import ValidationError
try:
result = UserSchema().load({'name': 'John', 'email': 'foo'})
except ValidationError as err:
err.messages # => {'email': ['"foo" is not a valid email address.']}
valid_data = err.valid_data # => {'name': 'John'}
https://marshmallow.readthedocs.io/en/3.0/quickstart.html#validation
我希望这还不算太晚, 下面的示例是将错误显示到 api 响应的工作示例。
诀窍是使用 returns 错误字典的验证方法,或者更确切地说是可以向用户显示的错误字典列表。
from flask import request
import datetime as dt
from marshmallow import (
Schema,RAISE,fields,pprint,validate,ValidationError,post_load)
from flask_restplus import Api,Resource
app = Flask(__name__)
api = Api(app, prefix="/api/v1")
class User:
def __init__(self, name,email,age,permission):
self.name = name
self.email = email
self.age = age
self.permission = permission
self.created_at = dt.datetime.utcnow()
def __repr__(self):
return "User(name={})".format(self.name)
class Userschema(Schema):
name = fields.Str(required=True,validate=[validate.Length(min=1)])
email = fields.Email(required=True,validate=[validate.Length(min=1)])
permission = fields.Str(validate=[validate.OneOf(["read","write","admin"])])
age = fields.Int(validate=[validate.Range(min=10,max=30)])
@post_load
def make_user(self,data,**kwargs):
return User(**data)
users = []
class UserCollection(Resource):
def get(self):
return {"subscriberList":users}
def post(self,*args,**kwargs):
schema = Userschema()
data = request.get_json(force=True)
errors = schema.validate(api.payload)
if errors:
return errors, 422
user=schema.load(data)
result = schema.dump(user)
users.append(result)
return {"msg": "Subscriber added"},201
api.add_resource(UserCollection,'/subscribers')
if __name__ == "__main__":
app.run(debug=True)
请求 && 响应
http://localhost:5000/api/v1/subscribers
Post正文
{
"name": "derrick",
"permission": "esc",
"age": 2,
"email":"me@gmail"
}
回应
{
"email": [
"Not a valid email address."
],
"permission": [
"Must be one of: read, write, admin."
],
"age": [
"Must be greater than or equal to 10 and less than or equal to 30."
]
}