i had assumed that #2130811: Use config schema in saving and validating configuration form to ensure data is consistent and correct validated config data against schema, if it existed.

instead, that patch silently munges data to match schema.

can we fix that please?

a) use config schema as a validation step (i.e., before we end up in ->save()) - if the data doesn't match the schema, validation error. make this easy for forms and config entities (we should be able to make this a default, so that where such a schema exists, the config entity code will use it before ->save()).

b) use config schema to enforce correct input post-validation. code that uses the config system directly without forms may pass us data that doesn't match the schema, and won't go through form validation. in that case, use the schema to reject invalid data, rather than silently munge data

Comments

beejeebus’s picture

Issue tags: +Configuration system
vijaycs85’s picture

Status: Active » Closed (duplicate)

@beejeebus, This has been fixed a while ago by various issues. Please let me know, if you still feel anything missing.

beejeebus’s picture

reopening, because we still silently alter your data. you still cannot rely on the config system to leave your data as is.

  /**
   * {@inheritdoc}
   */
  public function save() {
    // Validate the configuration object name before saving.
    static::validateName($this->name);

    // If there is a schema for this configuration object, cast all values to
    // conform to the schema.
    if ($this->typedConfigManager->hasConfigSchema($this->name)) {
      // Ensure that the schema wrapper has the latest data.
      $this->schemaWrapper = NULL;
      foreach ($this->data as $key => $value) {
        $this->data[$key] = $this->castValue($key, $value);
      }
    }
    else {
      foreach ($this->data as $key => $value) {
        $this->validateValue($key, $value);
      }
    }

    $this->storage->write($this->name, $this->data);
    $this->isNew = FALSE;
    $this->eventDispatcher->dispatch(ConfigEvents::SAVE, new ConfigCrudEvent($this));
    $this->originalData = $this->data;
    return $this;
  }
beejeebus’s picture

Priority: Major » Minor
Status: Closed (duplicate) » Active

woops, actually reopening. marking as minor, i have zero hope this will actually change.

vijaycs85’s picture

@beejeebus, the problem is as below:

a) use config schema as a validation step (i.e., before we end up in ->save()) - if the data doesn't match the schema, validation error. make this easy for forms and config entities (we should be able to make this a default, so that where such a schema exists, the config entity code will use it before ->save()).

config schema is not mandatory because it is not a strict rule that we can enforce to all contrib and custom module to write config schema for the config. which is why the validation happens only when the schema presents.

b) use config schema to enforce correct input post-validation. code that uses the config system directly without forms may pass us data that doesn't match the schema, and won't go through form validation. in that case, use the schema to reject invalid data, rather than silently munge data

The caseValue() is mainly because the (config)form data always return the values as string. We have to convert them to correct type before save.

beejeebus’s picture

Status: Active » Closed (won't fix)

discussed this with alexpott.

closing as wont-fix - we're explicitly ok with silently munging your data, and never guaranteeing that what you put in is what you get back out.