Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

DDLS-426 : Prevent user from inputting invalid year during registration #1781

Open
wants to merge 7 commits into
base: main
Choose a base branch
from

Conversation

MiaGordon91
Copy link
Contributor

@MiaGordon91 MiaGordon91 commented Dec 23, 2024

Purpose

Following investigation into a bug that prevented a document from syncing to Sirius, it appears that a user can enter an invalid year when entering the court date and reporting period during the registration process.

It looks like Symony's form component attempts to transform an invalid date into a valid DateTime object based on the configured format of 'yyyy-MM-dd'. For example, a user's input of 13-12-25 transforms into '0013-12-25' and is stored in the database.

This only seems to affect the year as validation is thrown when inputting invalid dates and months.

Fixes DDLS-426

Approach

  • Use the PRE_SUBMIT event in the form builder to capture the user's input (specifically the year) and throw an error to the user to input a valid four digit year if not done so
  • This has been applied to the court date and reporting period fields
  • Unit tests added to test validation when invalid year has been entered

Learning

Any tips and tricks, blog posts or tools which helped you. Plus anything notable you've discovered about DigiDeps

Checklist

  • I have performed a self-review of my own code
  • I have updated documentation (Confluence/ADR/tech debt doc) where relevant
  • I have added tests to prove my work
  • The product team have approved these changes
  • I have checked my work for potential security issues and refered to the OWASP top 10

Frontend

  • I have run an in-browser accessibility test (e.g. WAVE, Lighthouse)
  • There are no deprecated CSS classes noted in the profiler
  • Translations are used and the profiler doesn't identify any missing
  • Any links or buttons added are screen reader friendly and contextually complete
  • If adding GA events, I have updated or checked the existing category or label values

@MiaGordon91 MiaGordon91 marked this pull request as ready for review January 6, 2025 16:39
@MiaGordon91 MiaGordon91 requested a review from a team as a code owner January 6, 2025 16:39
$builder->addEventListener(FormEvents::PRE_SUBMIT, function (FormEvent $event) {
$data = $event->getData();
$data['firstname'] = strip_tags($data['firstname']);
$data['lastname'] = strip_tags($data['lastname']);
$event->setData($data);

if (!preg_match('/^\d{4}$/', $data['courtDate']['year'])) {
Copy link
Contributor

@Raffers Raffers Jan 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should move this to some form validation rather than here. Also should complete a check that's not in the future. Maybe also too far in the past, not sure there is any valid cases in the 1800's


->add('save', FormTypes\SubmitType::class);
if (!preg_match('/^\d{4}$/', $data['startDate']['year']) || !preg_match('/^\d{4}$/', $data['endDate']['year'])) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Same here, as well

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants