feat: Refactored ValidateArgumentAttribute to consume new AbstractValidator instead of Regex

Author: WolfyUK

web/src/Web.App/Attributes/ValidateArgumentAttribute.cs

@@ -1,47 +1,94 @@
-using System.Net;
-using System.Text.RegularExpressions;
+using FluentValidation;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
+using Web.App.Validators;
 
 namespace Web.App.Attributes;
 
 [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method)]
-public class ValidateArgumentAttribute(string argumentName, Regex regex) : ActionFilterAttribute
+public abstract class ValidateArgumentAttribute : TypeFilterAttribute
+{
+    protected ValidateArgumentAttribute(string argumentName, string type) : this(argumentName, type, string.Empty)
+    {
+    }
+
+    protected ValidateArgumentAttribute(string argumentName, string type, string typeName) : base(typeof(ValidateArgumentFilter))
+    {
+        ArgumentName = argumentName;
+        Type = type;
+        TypeName = typeName;
+
+        // arguments list must match the `ValidateArgument` constructor arguments
+        Arguments =
+        [
+            ArgumentName,
+            Type,
+            TypeName
+        ];
+    }
+
+    internal string ArgumentName { get; }
+    internal string Type { get; }
+    internal string TypeName { get; }
+}
+
+internal class ValidateArgumentFilter(
+    ILogger<ValidateArgumentFilter> logger,
+    IValidator<OrganisationIdentifier> validator,
+    string argumentName,
+    string type,
+    string typeName) : ActionFilterAttribute
 {
     public override void OnActionExecuting(ActionExecutingContext context)
     {
-        if (context.ActionArguments.TryGetValue(argumentName, out var value))
+        if (context.ActionArguments.TryGetValue(argumentName, out var identifierValue))
         {
-            var parsed = value?.ToString();
+            var parsed = identifierValue?.ToString();
 
             // Only attempt to validate if non-null or empty value. This _should_ always be the case,
             // otherwise ASP.NET action binding would fail and a `404` would be served by ASP.NET anyway.
-            if (!string.IsNullOrWhiteSpace(parsed) && !regex.IsMatch(parsed))
+            if (!string.IsNullOrWhiteSpace(parsed))
             {
-                context.Result = new ViewResult
+                var parsedType = type;
+                if (string.IsNullOrWhiteSpace(parsedType) && !string.IsNullOrWhiteSpace(typeName))
+                {
+                    if (context.ActionArguments.TryGetValue(typeName, out var typeValue))
+                    {
+                        parsedType = typeValue?.ToString();
+                    }
+                }
+
+                // no type provided, so unable to validate identifier
+                if (string.IsNullOrWhiteSpace(parsedType))
                 {
-                    ViewName = "../Error/NotFound",
-                    StatusCode = (int)HttpStatusCode.BadRequest
-                };
+                    logger.LogDebug("Unable to validate identifier {Identifier} because organisation type could not be resolved", parsed);
+                    context.Result = new NotFoundResult();
+                }
+                else
+                {
+                    var identifier = new OrganisationIdentifier
+                    {
+                        Value = parsed,
+                        Type = parsedType
+                    };
+
+                    var result = validator.Validate(identifier);
+
+                    logger.LogDebug("Validation of identifier {Identifier} of type {Type} returned {ErrorCount} error(s)", identifier.Value, identifier.Type, result.Errors.Count);
+                    if (!result.IsValid)
+                    {
+                        context.Result = new NotFoundResult();
+                    }
+                }
             }
         }
 
         base.OnActionExecuting(context);
     }
 }
 
-public static partial class ValidateArgumentAttributeRegex
-{
-    [GeneratedRegex(@"^\d{6}$")]
-    public static partial Regex UrnRegex();
-
-    [GeneratedRegex(@"^\d{8}$")]
-    public static partial Regex CompanyNumberRegex();
+public class ValidateUrnAttribute() : ValidateArgumentAttribute("urn", OrganisationTypes.School);
 
-    [GeneratedRegex(@"^\d{3}$")]
-    public static partial Regex LaCodeRegex();
-}
+public class ValidateCompanyNumberAttribute() : ValidateArgumentAttribute("companyNumber", OrganisationTypes.Trust);
 
-public class ValidateUrnAttribute() : ValidateArgumentAttribute("urn", ValidateArgumentAttributeRegex.UrnRegex());
-public class ValidateCompanyNumberAttribute() : ValidateArgumentAttribute("companyNumber", ValidateArgumentAttributeRegex.CompanyNumberRegex());
-public class ValidateLaCodeAttribute() : ValidateArgumentAttribute("code", ValidateArgumentAttributeRegex.LaCodeRegex());
+public class ValidateLaCodeAttribute() : ValidateArgumentAttribute("code", OrganisationTypes.LocalAuthority);

web/src/Web.App/Extensions/ServiceCollectionExtensions.cs

@@ -1,4 +1,5 @@
 using System.Security.Claims;
+using FluentValidation;
 using IdentityModel.Client;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
@@ -17,6 +18,7 @@
 using Web.App.Infrastructure.Apis.NonFinancial;
 using Web.App.Infrastructure.Storage;
 using Web.App.Services;
+using Web.App.Validators;
 
 namespace Web.App.Extensions;
 
@@ -291,8 +293,18 @@ private static AuthenticationBuilder AddDfeSignInOpenIdConnect(this Authenticati
             });
     }
 
-    public static IServiceCollection AddActionResults(this IServiceCollection services) => services
-        .AddSingleton<IActionResultExecutor<CsvResult>, CsvResultActionResultExecutor>()
-        .AddSingleton<IActionResultExecutor<CsvResults>, CsvResultsActionResultExecutor>()
-        .AddSingleton<ICsvService, CsvService>();
+    public static IServiceCollection AddActionResults(this IServiceCollection services)
+    {
+        return services
+            .AddSingleton<IActionResultExecutor<CsvResult>, CsvResultActionResultExecutor>()
+            .AddSingleton<IActionResultExecutor<CsvResults>, CsvResultsActionResultExecutor>()
+            .AddSingleton<ICsvService, CsvService>();
+    }
+
+    public static IServiceCollection AddValidation(this IServiceCollection services)
+    {
+        return services
+            .AddScoped<IFinancialPlanStageValidator, FinancialPlanStageValidator>()
+            .AddScoped<IValidator<OrganisationIdentifier>, OrganisationIdentifierValidator>();
+    }
 }

web/src/Web.App/Program.cs

@@ -16,7 +16,6 @@
 using Web.App.Middleware;
 using Web.App.Services;
 using Web.App.Telemetry;
-using Web.App.Validators;
 
 [assembly: InternalsVisibleTo("Web.Tests")]
 
@@ -40,12 +39,12 @@
     .AddScoped<ISchoolComparatorSetService, SchoolComparatorSetService>()
     .AddScoped<ITrustComparatorSetService, TrustComparatorSetService>()
     .AddScoped<ISuggestService, SuggestService>()
-    .AddScoped<IFinancialPlanStageValidator, FinancialPlanStageValidator>()
     .AddScoped<ICustomDataService, CustomDataService>()
     .AddScoped<IUserDataService, UserDataService>()
     .AddScoped<IClaimsIdentifierService, ClaimsIdentifierService>()
     .AddScoped<ILocalAuthorityComparatorSetService, LocalAuthorityComparatorSetService>()
     .AddScoped<ISearchService, SearchService>()
+    .AddValidation()
     .AddActionResults();
 
 builder.Services.AddHealthChecks()

web/src/Web.App/Validators/OrganisationIdentifierValidator.cs

@@ -0,0 +1,65 @@
+using FluentValidation;
+
+namespace Web.App.Validators;
+
+public class OrganisationIdentifierValidator : AbstractValidator<OrganisationIdentifier>
+{
+    private readonly string[] _organisationTypes = [OrganisationTypes.School, OrganisationTypes.Trust, OrganisationTypes.LocalAuthority];
+
+    public OrganisationIdentifierValidator()
+    {
+        RuleFor(p => p.Value)
+            .NotEmpty()
+            .WithMessage("Organisation identifier must be provided");
+
+        RuleFor(p => p.Type)
+            .NotEmpty()
+            .WithMessage("Organisation type must be provided");
+
+        RuleFor(p => p.Type)
+            .Must(type => _organisationTypes.Contains(type))
+            .When(p => p.Type != null)
+            .WithMessage("Organisation type must be valid");
+
+        RuleFor(p => p.Value)
+            .Length(6)
+            .When(p => p.Type == OrganisationTypes.School)
+            .When(p => p.ValueAsInt != null)
+            .WithMessage("School URN must be 6 characters");
+
+        RuleFor(p => p.Value)
+            .Length(8)
+            .When(p => p.Type == OrganisationTypes.Trust)
+            .When(p => p.ValueAsInt != null)
+            .WithMessage("Trust company number must be 8 characters");
+
+        RuleFor(p => p.Value)
+            .Length(3)
+            .When(p => p.Type == OrganisationTypes.LocalAuthority)
+            .When(p => p.ValueAsInt != null)
+            .WithMessage("Local authority code must be 3 characters");
+
+        RuleFor(p => p.ValueAsInt)
+            .NotEmpty()
+            .When(p => p.Value != null)
+            .WithMessage("Organisation identifier must be a number");
+    }
+}
+
+public class OrganisationIdentifier
+{
+    public string? Value { get; init; }
+    public string? Type { get; init; }
+    internal int? ValueAsInt
+    {
+        get
+        {
+            if (int.TryParse(Value!, out var value))
+            {
+                return value;
+            }
+
+            return null;
+        }
+    }
+}

web/tests/Web.Integration.Tests/Pages/LocalAuthorities/WhenViewingHome.cs

@@ -117,14 +117,14 @@ public async Task CanDisplayNotFound()
     }
 
     [Fact]
-    public async Task CanDisplayBadRequest()
+    public async Task CanDisplayNotFoundForBadIdentifier()
     {
         const string code = "1234";
         var page = await Client
             .Navigate(Paths.LocalAuthorityHome(code));
 
         PageAssert.IsNotFoundPage(page);
-        DocumentAssert.AssertPageUrl(page, Paths.LocalAuthorityHome(code).ToAbsolute(), HttpStatusCode.BadRequest);
+        DocumentAssert.AssertPageUrl(page, Paths.LocalAuthorityHome(code).ToAbsolute(), HttpStatusCode.NotFound);
     }
 
     [Fact]

web/tests/Web.Integration.Tests/Pages/Schools/WhenViewingDetails.cs

@@ -42,14 +42,14 @@ public async Task CanDisplayNotFound()
     }
 
     [Fact]
-    public async Task CanDisplayBadRequest()
+    public async Task CanDisplayNotFoundForBadIdentifier()
     {
         const string urn = nameof(urn);
         var page = await Client
             .Navigate(Paths.SchoolDetails(urn));
 
         PageAssert.IsNotFoundPage(page);
-        DocumentAssert.AssertPageUrl(page, Paths.SchoolDetails(urn).ToAbsolute(), HttpStatusCode.BadRequest);
+        DocumentAssert.AssertPageUrl(page, Paths.SchoolDetails(urn).ToAbsolute(), HttpStatusCode.NotFound);
     }
 
     [Fact]

web/tests/Web.Integration.Tests/Pages/Trusts/WhenViewingDetails.cs

@@ -40,14 +40,14 @@ public async Task CanDisplayNotFound()
     }
 
     [Fact]
-    public async Task CanDisplayBadRequest()
+    public async Task CanDisplayNotFoundForBadIdentifier()
     {
         const string companyName = nameof(companyName);
         var page = await Client
             .Navigate(Paths.TrustDetails(companyName));
 
         PageAssert.IsNotFoundPage(page);
-        DocumentAssert.AssertPageUrl(page, Paths.TrustDetails(companyName).ToAbsolute(), HttpStatusCode.BadRequest);
+        DocumentAssert.AssertPageUrl(page, Paths.TrustDetails(companyName).ToAbsolute(), HttpStatusCode.NotFound);
     }
 
     [Fact]