Required and Optional keys

HTML forms can have required or optional fields. We can express this concept with two methods in our validations: required (which we already met in previous examples), and optional.

  1. require 'hanami/validations'
  2. class Signup
  3. include Hanami::Validations
  4. validations do
  5. required(:email) { ... }
  6. optional(:referral) { ... }
  7. end
  8. end

Type Safety

At this point, we need to explicitly tell something really important about built-in predicates. Each of them have expectations about the methods that an input is able to respond to.

Why this is so important? Because if we try to invoke a method on the input we’ll get a NoMethodError if the input doesn’t respond to it. Which isn’t nice, right?

Before using a predicate, we want to ensure that the input is an instance of the expected type. Let’s introduce another new predicate for our need: #type?.

  1. required(:age) { type?(Integer) & gteq?(18) }

It takes the input and tries to coerce it. If it fails, the execution stops. If it succeed, the subsequent predicates can trust #type? and be sure that the input is an integer.

We suggest to use #type? at the beginning of the validations block. This type safety policy is crucial to prevent runtime errors.

Hanami::Validations supports the most common Ruby types:

  • Array (aliased as array?)
  • BigDecimal (aliased as decimal?)
  • Boolean (aliased as bool?)
  • Date (aliased as date?)
  • DateTime (aliased as date_time?)
  • Float (aliased as float?)
  • Hash (aliased as hash?)
  • Integer (aliased as int?)
  • String (aliased as str?)
  • Time (aliased as time?)

For each supported type, there a convenient predicate that acts as an alias. For instance, the two lines of code below are equivalent.

  1. required(:age) { type?(Integer) }
  2. required(:age) { int? }

Macros

Rule composition with blocks is powerful, but it can become verbose. To reduce verbosity, Hanami::Validations offers convenient macros that are internally expanded (aka interpreted) to an equivalent block expression

Filled

To use when we expect a value to be filled:

  1. # expands to
  2. # required(:age) { filled? }
  3. required(:age).filled
  1. # expands to
  2. # required(:age) { filled? & type?(Integer) }
  3. required(:age).filled(:int?)
  1. # expands to
  2. # required(:age) { filled? & type?(Integer) & gt?(18) }
  3. required(:age).filled(:int?, gt?: 18)

In the examples above age is always required as value.

Maybe

To use when a value can be nil:

  1. # expands to
  2. # required(:age) { none? | int? }
  3. required(:age).maybe(:int?)

In the example above age can be nil, but if we send the value, it must be an integer.

Each

To use when we want to apply the same validation rules to all the elements of an array:

  1. # expands to
  2. # required(:tags) { array? { each { str? } } }
  3. required(:tags).each(:str?)

In the example above tags must be an array of strings.

Confirmation

This is designed to check if pairs of web form fields have the same value. One wildly popular example is password confirmation.

  1. required(:password).filled.confirmation

It is valid if the input has password and password_confirmation keys with the same exact value.

For a given key password, the confirmation predicate expects another key password_confirmation. Easy to tell, it’s the concatenation of the original key with the _confirmation suffix. Their values must be equal.

Forms

Before implementing a validator, we should be aware of the use case’s expected input:

When we use validators for already preprocessed data it’s safe to use basic validations from Hanami::Validations mixin.

If the data is coming directly from user input via a HTTP form, it is advisable to use Hanami::Validations::Form instead. The two mixins have the same API, but the latter is able to do low level input preprocessing specific for forms. For instance, blank inputs are casted to nil in order to avoid blank strings in the database.

Rules

Predicates and macros are tools to code validations that concern a single key like first_name or email. If the outcome of a validation depends on two or more attributes we can use rules.

Here’s a practical example: a job board. We want to validate the form of the job creation with some mandatory fields: type (full time, part-time, contract), title (eg. Developer), description, company (just the name) and a website (which is optional). A user must specify the location: on-site or remote. If it is on-site, they must specify the location, otherwise they have to tick the checkbox for remote.

Here’s the code:

  1. class CreateJob
  2. include Hanami::Validations::Form
  3. validations do
  4. required(:type).filled(:int?, included_in?: [1, 2, 3])
  5. optional(:location).maybe(:str?)
  6. optional(:remote).maybe(:bool?)
  7. required(:title).filled(:str?)
  8. required(:description).filled(:str?)
  9. required(:company).filled(:str?)
  10. optional(:website).filled(:str?, format?: URI.regexp(%w(http https)))
  11. rule(location_presence: [:location, :remote]) do |location, remote|
  12. (remote.none? | remote.false?).then(location.filled?) &
  13. remote.true?.then(location.none?)
  14. end
  15. end
  16. end

We specify a rule with rule method, which takes an arbitrary name and an array of preconditions. Only if :location and :remote are valid according to their validations described above, the rule block is evaluated.

The block yields the same exact keys that we put in the precondintions. So for [:location, :remote] it will yield the corresponding values, bound to the location and remote variables.

We can use these variables to define the rule. We covered a few cases:

  • If remote is missing or false, then location must be filled
  • If remote is true, then location must be omitted

Nested Input Data

While we’re building complex web forms, we may find it comfortable to organise data in a hierarchy of cohesive input fields. For instance, all the fields related to a customer may have the customer prefix. Reflecting this arrangement on the server side, we can group keys.

  1. validations do
  2. required(:customer).schema do
  3. required(:email) { }
  4. required(:name) { }
  5. # other validations …
  6. end
  7. end

Groups can be deeply nested, without any limitation.

  1. validations do
  2. required(:customer).schema do
  3. # other validations …
  4. required(:address).schema do
  5. required(:street) { }
  6. # other address validations …
  7. end
  8. end
  9. end

Composition

Until now, we have seen only small snippets to show specific features. That really close view prevents us to see the big picture of complex real world projects.

As the code base grows, it’s a good practice to DRY validation rules.

  1. class AddressValidator
  2. include Hanami::Validations
  3. validations do
  4. required(:street) { }
  5. end
  6. end

This validator can be reused by other validators.

  1. class CustomerValidator
  2. include Hanami::Validations
  3. validations do
  4. required(:email) { }
  5. required(:address).schema(AddressValidator)
  6. end
  7. end

Again, there is no limit to the nesting levels.

  1. class OrderValidator
  2. include Hanami::Validations
  3. validations do
  4. required(:number) { }
  5. required(:customer).schema(CustomerValidator)
  6. end
  7. end

In the end, OrderValidator is able to validate a complex data structure like this:

  1. {
  2. number: "123",
  3. customer: {
  4. email: "user@example.com",
  5. address: {
  6. city: "Rome"
  7. }
  8. }
  9. }

Whitelisting

Another fundamental role that validators plays in the architecture of our projects is input whitelisting. For security reasons, we want to allow known keys to come in and reject everything else.

This process happens when we invoke #validate. Allowed keys are the ones defined with .required.

Please note that whitelisting is only available for Hanami::Validations::Form mixin.

Result

When we trigger the validation process with #validate, we get a result object in return. It’s able to tell if it’s successful, which rules the input data has violated and an output data bag.

  1. result = OrderValidator.new({}).validate
  2. result.success? # => false

Messages

result.messages returns a nested set of validation error messages.

Each error carries on informations about a single rule violation.

  1. result.messages.fetch(:number) # => ["is missing"]
  2. result.messages.fetch(:customer) # => ["is missing"]

Output

result.output is a Hash which is the result of whitelisting and coercions. It’s useful to pass it do other components that may want to persist that data.

  1. {
  2. "number" => "123",
  3. "unknown" => "foo"
  4. }

If we receive the input above, output will look like this.

  1. result.output
  2. # => { :number => 123 }

We can observe that:

  • Keys are symbolized
  • Only whitelisted keys are included
  • Data is coerced

Error Messages

Picking a fitting error message is crucial for the user experience. Hanami::Validations handles most common cases while allowing customized behavior as well.

We have seen that built-in predicates have default messages, while inline predicates allow to specify a custom message via the :message option.

  1. class SignupValidator
  2. include Hanami::Validations
  3. predicate :email?, message: 'must be an email' do |current|
  4. # ...
  5. end
  6. validations do
  7. required(:email).filled(:str?, :email?)
  8. required(:age).filled(:int?, gt?: 18)
  9. end
  10. end
  11. result = SignupValidator.new(email: 'foo', age: 1).validate
  12. result.success? # => false
  13. result.messages.fetch(:email) # => ['must be an email']
  14. result.messages.fetch(:age) # => ['must be greater than 18']

Configurable Error Messages

Inline error messages are ideal for quick and dirty development, but we suggest to use an external YAML file to configure these messages:

This example

  1. # config/messages.yml
  2. en:
  3. errors:
  4. email?: "must be an email"

can be used like this.

  1. class SignupValidator
  2. include Hanami::Validations
  3. messages_path 'config/messages.yml'
  4. predicate :email? do |current|
  5. # ...
  6. end
  7. validations do
  8. required(:email).filled(:str?, :email?)
  9. required(:age).filled(:int?, gt?: 18)
  10. end
  11. end

Custom Error Messages

In the example above, the failure message for age is fine: "must be greater than 18", but what if we need to change it? Again, we can use the YAML configuration file for our purpose.

  1. # config/messages.yml
  2. en:
  3. errors:
  4. email?: "must be an email"
  5. rules:
  6. signup:
  7. age:
  8. gt?: "must be an adult"

Now our validator is able to pick the right error message.

  1. result = SignupValidator.new(email: 'foo', age: 1).validate
  2. result.success? # => false
  3. result.messages.fetch(:age) # => ['must be an adult']

Custom namespace

For a given validator named SignupValidator, the framework will look for a signup translation key.

If for some reason that doesn’t work for us, we can customize the namespace:

  1. class SignupValidator
  2. include Hanami::Validations
  3. messages_path 'config/messages.yml'
  4. namespace :my_signup
  5. # ...
  6. end

The new namespace should be used in the YAML file, too.

  1. # config/messages.yml
  2. en:
  3. # ...
  4. rules:
  5. my_signup:
  6. age:
  7. gt?: "must be an adult"

Internationalization (I18n)

If your project already depends on i18n gem, Hanami::Validations is able to look at the translations defined for that gem and to use them.

  1. class SignupValidator
  2. include Hanami::Validations
  3. messages :i18n
  4. # ...
  5. end
  1. # config/locales/en.yml
  2. en:
  3. errors:
  4. signup:
  5. # ...