-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fixing FormatException when the login screen is posted with values other than true/false for RememberMe (Lombiq Technologies: OCORE-132) #14845
Conversation
…her than true/false for RememberMe
|
||
// When the value of the RememberMe field is set to anything else than "true" or "false" by the client, which is | ||
// the case with automated cracking attempts, then otherwise we'd get a FormatException from the model binder. | ||
if (!ViewContext.ModelState.IsValid && |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why we don't move the logic into the controller? The view should have a minimalistic logic that is related to the presentation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a workaround solely for the <input asp-for="RememberMe" class="form-check-input" tabindex="3">
line below, that's where the exception is thrown, due to using the auto-generation of the editor with asp-for
. With a different implementation of the field (like by having a checkbox implemented directly) the exception won't be thrown. So, for other implementations of this view the code wouldn't necessarily be appropriate.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
When I initially thought about this issue, I didn't think of creating a workaround like you did. If it's fine for all to accept this workaround, or I might propose another PR to fix it in a proper way
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What did you think about? Alternatives I tried but didn't like better:
- Nullable
RememberMe
but that would need a hand-crafted checkbox because the tag helper doesn't support nullable booleans. - Hand-crafted checkbox by itself.
- Custom model binding but that would be just ugly.
@Piedone what happens if the client sends a bad value to DateTime or any other types? Likely we'll get similar behavior. Do we really need to implement a workaround for that? |
I guess so. I'd expect this to be a simple validation issue that model binding should handle, but apparently, it doesn't, and I couldn't find any better options, see above. To be clear, the problem is only in the view, due to |
@Piedone implementing this kinds of work around feels wrong to me. So I am going to suggest that we stay away doing this. However, if you think we should support this kind of binding in OC, we should be able to register a custom boolean binder that would be applied through the app. Try implementing
|
I looked into that approach as well as mentioned, but I don't think it's better. Anyway, I changed it to that, please check. |
@Piedone what do you not like about this approach? I think this is a much cleaner approach. However, I don't think this logic should be in the Users module. I think it should be available in then register it here
|
src/OrchardCore.Modules/OrchardCore.Users/Services/SafeBoolModelBinder.cs
Outdated
Show resolved
Hide resolved
The #14792 issue is specific to what the Users module does in its view, thus I don't think it warrants a custom model binder for the whole app. But perhaps other modules also display a similar checkbox that can benefit from this, so sure, I moved it up. |
Thanks for the review! Anything you'd add @hishamco? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This might be looks better than the old workaround :)
src/OrchardCore/OrchardCore.Mvc.Core/ModelBinding/SafeBoolModelBinder.cs
Show resolved
Hide resolved
@Piedone please merge after fixing the suggested format |
Co-authored-by: Hisham Bin Ateya <hishamco_2007@yahoo.com>
…her than true/false for RememberMe (Lombiq Technologies: OCORE-132) (OrchardCMS#14845) * Fixing FormatException when the login screen is posted with values other than true/false for RememberMe * Changing anti-cracking attempt model binding to use a custom model binder instead * Moving SafeBoolModelBinder to OrchardCore.Mvc.Core * Sealing internal classes * Formatting Co-authored-by: Hisham Bin Ateya <hishamco_2007@yahoo.com> --------- Co-authored-by: Hisham Bin Ateya <hishamco_2007@yahoo.com>
Fixes #14792