Optional doesn't check field.data

Question

Optional doesn't check field.data

Opened this issue 6 months ago · 1 comments

If the form was filled with an object (like in REST scenario), Optional validator always raises StopValidation because it checks field.raw_data (and not the field.data) which will be always empty.

from wtforms import Form
from wtforms.fields import StringField, FieldList
from wtforms.validators import IPAddress, Optional


class EditForm(Form):
    allow_list = FieldList(StringField(validators=[IPAddress(), Optional()]))


allow_list = ['555.555.555.555']


if __name__ == '__main__':
    form = EditForm()
    form.allow_list.process(None, allow_list)
    form.validate()
    print(form.errors)

Actual Behavior

> {}

Expected Behavior

> {'allow_list': [['Invalid IP address.']]}

Possible fix

class Optional:
    """
    Allows empty input and stops the validation chain from continuing.

    If input is empty, also removes prior errors (such as processing errors)
    from the field.

    :param strip_whitespace:
        If True (the default) also stop the validation chain on input which
        consists of only whitespace.

    Sets the `optional` attribute on widgets.
    """

    def __init__(self, strip_whitespace=True):
        if strip_whitespace:
            self.string_check = lambda s: s.strip()
        else:
            self.string_check = lambda s: s

        self.field_flags = {"optional": True}

    def __call__(self, form, field):
        if (
            not field.data
            or isinstance(field.data, str)
            and not self.string_check(field.data)
        ):
            field.errors[:] = []
            raise StopValidation()

If field.raw_data will be replaced with field.data, validation works as expected. But I don't know if this fix will break something in other places.

Environment

Python version: 3.10.13
wtforms version: 3.0.1

Answer 1 · 2024-05-16T12:08:55.000Z

WTForms assumes that passed in data is already valid. So you should only expect to be able to validate formdata. After all it's a forms library, not a general purpose validation library.

The Optional/InputRequired validators generally should also be first in the validation chain. I think the reason that Optional clears errors is to avoid processing errors from surfacing to the application if the field was left empty, leaving the form in a faulty state where it can't be submitted. It unfortunately as a side-effect also hides incorrect validation chains. Generally it's weird that Optional is a validator to begin with, it really should've been a field attribute, considering it doesn't even work correctly with all fields. The issue is even more apparent with DataRequired.

If you want general purpose data validation then use something like pydantic. It should also be fairly easy to auto-generate a Form based on a pydantic Model and vice versa.

Your change will break existing code. You can always create your own internal validator, if you want to use WTForms this way, although I'd highly recommend against it.