CODEWITHSUNDEEP
grailsconstraintsgrails-orm
Rafael
Rafael

Reputation: 2676

Domain constraints not working

I have a domain class under the domain folder on Grails.

I have a simple User entity with a String username attribute and i am having problems with some constraints.

class User {

    transient springSecurityService

    String username
    String password
    boolean enabled = true
    boolean accountExpired
    boolean accountLocked
    boolean passwordExpired

    static transients = ['springSecurityService']

    static constraints = {
        username blank: false, unique: true, email: true, size: 4..20
        password blank: false
    }

    static mapping = {
        password column: '`password`'
    }

    Set<Role> getAuthorities() {
        UserRole.findAllByUser(this).collect {
            it.role
        }
    }

    def beforeInsert() {
        encodePassword()
    }

    def beforeUpdate() {
        if (isDirty('password')) {
            encodePassword()
        }
    }

    protected void encodePassword() {
        password = springSecurityService?.passwordEncoder ? springSecurityService.encodePassword(password) : password
    }
}

Constraints like unique, email, and others seems to work correctly but some others like length, size, maxLength, max, min, and validator (custom) seems to be simply ignored (!!) so i am able to save on database objects that violate those constraints.

Any idea what could be the reason?

EDIT: These problems are on the username field ... no thing related password.

EDIT2: I realized the problem does not happens in production mode with MySQL database. It happens at integration test time (GroovyTestCase) using H2 (at least)

EDIT3: Add the full entity code BTW is only an example since I have tested not only with size but also with length, max, min, and others.

Upvotes: 3

Views: 682

Answers (1)

Chetan
Chetan

Reputation: 1707

I think you are trying to use length, size, maxLenght, max, min on the password field. But since you are using spring security so because of BCrypt hashing algorithm, each time, a different hash value of length 60 is generated.

Example-

$2a$10$EblZqNptyYvcLm/VwDCVAuBjzZOI7khzdyGPBr08PpIi0na624b8.
$2a$10$trT3.R/Nfey62eczbKEnueTcIbJXW.u1ffAo/XfyLpofwNDbEB86O
$2a$10$teJrCEnsxNT49ZpXU7n22O27aCGbVYYe/RG6/XxdWPJbOLZubLIi2
$2a$10$BHG59UT6p7bgT6U2fQ/9wOyTIdejh4Rk1vWilvl4b6ysNPdhnViUS
$2a$10$W9oRWeFmOT0bByL5fmAceucetmEYFg2yzq3e50mcu.CO7rUDb/poG

So if you want to validate your password field either validate the value received manually or use a Command Object to validate your values.

Command Objects are a more preferred way to validate the values before persisting them. Please refer to topic 11.3 on Grails documentation for validation

Upvotes: 2

Related Questions