Wednesday, April 08, 2020

Laravel 6 - Creating Custom Form Request Validation


There is few ways to validate form submission data in Laravel.

The standard way is to use Validator facade in the beginning of your controller.
Lets see the example:

/**
 * Store a newly created resource in storage.
 *
 * @param \Illuminate\Http\Request $request
 *
 * @return \Illuminate\Http\Response
 */
public function store(Request $request)
{
  $validator = Validator::make($request->all(), [
    'title'  => 'required|min:5|max:200',
    'body_content'=> 'required|min:10',
    'blog_tag_id' => 'nullable',
  ],[
    'title.required' => trans('blog::alert.danger.reason.title_required'),
    'title.min'     => trans('blog::alert.danger.reason.title_min'),
    'title.max'      => trans('blog::alert.danger.reason.title_max'),
    'body_content.required' => trans('blog::alert.danger.reason.content_required'),
    'body_content.min' => trans('blog::alert.danger.reason.content_min'),
  ]);

  // ... next part of code after validation
}

In this example we perform validation inside the controller's action. It looks nice enough until you want to use the same code in another places: when you create a post in Backend or if you want to add a Unit tests. In such cases, you will copy-paste the same pieces of your code, that is not good, because you have to support all of them and such style of programming breaks DRY principle (Don't Repeat Yourself).

So... what the better way to implement such validation?
Laravel allows us to create our own Request class, instead of using a standard \Illuminate\Http\Request and use as a function parameter.

The first thing you have to do it to create such class.
Run following command:
$ php artisan make:request App\\Http\\Requests\\MyOwnRequest

This command will create MyOwnRequest request class in App\Http\Requests\ directory.
By default it will be looked as follow:


namespace App\Http\Requests\Auth;

use Illuminate\Foundation\Http\FormRequest;

class MyOwnRequest extends FormRequest
{
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {
        return false;
    }

    /**
     * Get the validation rules that apply to the request.
     *
     * @return array
     */
    public function rules()
    {
        return [
            //
        ];
    }
}

Now you may move here your validation rules and replace Request parameter in store method with MyOwnRequest:

Your controller store method will be looking:

/**
 * Store a newly created resource in storage.
 *
 * @param \Illuminate\Http\MyOwnRequest $request
 *
 * @return \Illuminate\Http\Response
 */
public function store(MyOwnRequest $request)
{
 
  // ... next part of code after validation
}


MyOwnRequest class will be looking:
Remember to turn return value of authorize() method to TRUE!

namespace App\Http\Requests\Auth;

use Illuminate\Foundation\Http\FormRequest;

class MyOwnRequest extends FormRequest
{
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {
        return true;
    }

    /**
     * Get the validation rules that apply to the request.
     *
     * @return array
     */
    public function rules()
    {
        return [
           'title'  => 'required|min:5|max:200',
           'body_content'=> 'required|min:10',
           'blog_tag_id' => 'nullable',
        ];
    }
}

Looks much better, right? But what if you want to specify custom validate messages?
It's easy to implement with messages() method of your validator class. You simple have to define an array, where the key is a field name and the value is the custom message you want to show.
Let's see how to do this:


namespace App\Http\Requests\Auth;

use Illuminate\Foundation\Http\FormRequest;

class MyOwnRequest extends FormRequest
{
    /**
     * Determine if the user is authorized to make this request.
     *
     * @return bool
     */
    public function authorize()
    {
        return true;
    }

    /**
     * Get the validation rules that apply to the request.
     *
     * @return array
     */
    public function rules()
    {
        return [
           'title'  => 'required|min:5|max:200',
           'body_content'=> 'required|min:10',
           'blog_tag_id' => 'nullable',
        ];
    }

    /**
     * Custom message for validation
     *
     * @return array
     */
    public function messages()
    {
        return [
         'title.required' => trans('blog::alert.danger.reason.title_required'),
         'title.min'     => trans('blog::alert.danger.reason.title_min'),
         'title.max'      => trans('blog::alert.danger.reason.title_max'),
         'body_content.required' => trans('blog::alert.danger.reason.content_required'),
         'body_content.min' => trans('blog::alert.danger.reason.content_min'),
        ];
    }
}

Ok, good. But what to do if you need to validate a set of fields, lets say: few checkboxes or few file fields? In this case you may use asterisk * to prepare validation rules. Check below how we define validation rules for set of fields. I hope it's clear and understandably enough.
public function rules(): array
{
   return [
      'files.*' => 'required|image|mimes:jpg,jpeg,png',
      'attrs.*.from' => 'nullable|numeric',
      'attrs.*.to' => 'nullable|numeric',
   ];
}

Laravel creates validation messages automatically, so sometimes you will need to provide a special names to your fields. You may use the following language lines are used to swap attribute place-holders with something more reader friendly such as E-Mail Address instead of "email" or indexes in array. This simply helps us make messages a little cleaner.
public function attributes(): array
{
   return [
      'receivers' => 'Nice name',
      'subject' => 'Like name',
      'body' => 'Another Name',
      'notify.blog.*' => 'Blog Notification value',
   ];
}

If you want to perform your own validation, you may use withValidator() method. It's useful when you need to perform additional or very complicated validation, after the main validation was passed (or not). In example below we check if an email presents in a list of pre-approved emails. Take in account, that there are some methods you may use:
$validator->after()
$validator->fails()
etc.

public function withValidator(Validator $validator)
{
   $email = $validator->getData()['email'] ?? '';
   $validator->after(
      function ($validator) use ($email) {
         if (is_null(\DB::table('pre_approved')->where('email',$email)->first())) {
            $validator->errors()->add(
               'email', 
               'This email does not exist on our pre-approved email list'
            );
         }
      }
   );       
}

As mentioned before, the form request class also contains an authorize method. You may check if the authenticated user actually has the authority to change a given resource. Lets see an example when user actually owns a blog comment and attempt to update it:

public function authorize()
{
   $comment = Comment::find($this->route('comment'));
   return $comment && $this->user()->can('update', $comment);
}
And the last thing, if you want to redefine a route  if validation fails, you may do this by redefining $redirectRoute property:
// The named route to redirect to if validation fails.
protected $redirectRoute = 'home';

1 comment:

Sinelogix said...

Thank you, for providing this informative and comprehensive blog. This is very interesting Blog.

Php Web Development Company Bangalore | Website Developer Bangalore | Magento Website Developer Bangalore | Magento Service Provider India