Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

LocalDateDeserializer accept "numeric String" (like, "7"), should not #106

Closed
esHack opened this issue Mar 6, 2019 · 4 comments
Closed

LocalDateDeserializer accept "numeric String" (like, "7"), should not #106

esHack opened this issue Mar 6, 2019 · 4 comments
Milestone
2.10.0.pr2

Comments

@esHack
Copy link

esHack commented Mar 6, 2019
edited
Loading

Following dateofbirth(LocalDate) is a valid request(by jackson) even its an integer. It just add days to 1970-01-01 which is 1970-01-07.
Not every one need this to be valid. Its important to have flag in the @DateTimeFormat to disable this

{
"email": "[email protected]",
"dateOfBirth":"7"
}

More details available here
@cowtowncoder
Copy link
Member

Not quite sure if a flag is needed, but I agree in that it seems strange that a STRING value like this would be accepted -- it does not conform to any ISO-8601 format I think.
And just because it looks like a quoted integer does not -- I think -- mean it should be treated as such.

So I think it should rather fail with format mismatch.

@cowtowncoder cowtowncoder added 2.10 active Issue being actively investigated and/or worked on good first issue Issue that seems easy to resolve and is likely a good candidate for contributors new to project and removed good first issue Issue that seems easy to resolve and is likely a good candidate for contributors new to project labels Aug 13, 2019
@cowtowncoder
Copy link
Member

Thinking about this, I think I will want to tackle this via "leniency" setting, introduced by @JsonFormat annotation for fields (in 2.0) and for types using "config overrides" mechanism (2.8). Long story short I think that when

  1. Lenient handling enabled (default due to backwards compatibility), numeric timestamp is allowed
  2. If lenient disabled, numeric timestamp NOT allowed.

But I think that number-as-String should not be allowed either way; I consider this issue to cover that specific case.

@cowtowncoder cowtowncoder changed the title LocalDateDeserializer even takes integer, need a flag to disable this feature if not required LocalDateDeserializer accept "numeric String" (like, "7"), should not Aug 17, 2019
@cowtowncoder cowtowncoder mentioned this issue Aug 17, 2019
Closed
@cowtowncoder
Copy link
Member

@esHack I don't think your example is correct: I don't LocalDateDeserializer accepts value "7", although it does accept integer/number value '7'.

But for preventing use of integer there's now #129 specifically; so closing this one in favor of that (given that integer-as-String does not work).

@cowtowncoder cowtowncoder removed the active Issue being actively investigated and/or worked on label Aug 17, 2019
@cowtowncoder cowtowncoder added this to the 2.10.0.pr2 milestone Aug 18, 2019
@cowtowncoder
Copy link
Member

Implemented via #129, will add usage notes there.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
2.10.0.pr2
Development

No branches or pull requests
2 participants
@cowtowncoder @esHack