"...ask the service for a User object, set the username and password, then ask the object to validate the input?"
FWIW, that's the way I do it. With the proviso that the User object is allowed to be fussy about its inputs in terms of typing. So the view and controller would handle the client and server side parts of ensuring that required fields are completed, strings aren't too long, dates are real dates etc. Then you instantiate a User object with those properties and ask it questions like "Do you exist in the user database?" and "Are you authenticated?" - which in the context of a login form could be thought of as validation and would be reported to the user in a similar way. The dividing line between these two kinds of validation is elastic (and permeable!) - and if you're not attached to strong typing and therefore can pass any old thing to your object, it's very elastic indeed. Jaime Metcher -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Paul Marcotte Sent: Thursday, 1 March 2007 5:24 AM To: [email protected] Subject: [CFCDEV] Where should I validate form submissions? Hi all, I've gone over this and re-wrote my Controller three times now. I'm looking for a best practice suggestion. My Coldsping managed, Service Layer pattern MVC app uses a Controller that listens for a login action. The login form uses username/password pair and I want to get into the habit of validating input prior to authenticating the login credentials. In the spirit of keeping a Controller primarily logic free, I originally requested a userId from my UserService passing in the form variables. If the return value was not 0, I hit the Service again for a User instance and then pass the instance on for the view to use. Using this method, I could provide a response that the login is bad (0), but not if the required form input is valid. After that, I tried having my UserService return either an object or an array of errors (yikes!). Now, I'm validating the form variables in the Controller prior to passing them to the UserService and it still feels fishy to me. What if I ask the service for a User object, set the username and password, then ask the object to validate the input? If the input is valid, I send the object back the Service for authentication. If authenticated, carry on. If not authenticated, prepare an error message and pass error to view for display. I'm modifying Illudium PU-36 generated CFCs for my model (stripping down the validate() method into validatelogin()). Also, I plan to roll js validation on the front end as well, but I want implement server side validation first. Paul Marcotte BCJobs.ca phone: (604) 684-5627 ext. 223 e-mail: [EMAIL PROTECTED] You are subscribed to cfcdev. To unsubscribe, please follow the instructions at http://www.cfczone.org/listserv.cfm CFCDev is supported by: Katapult Media, Inc. We are cool code geeks looking for fun projects to rock! www.katapultmedia.com An archive of the CFCDev list is available at www.mail-archive.com/[email protected] You are subscribed to cfcdev. To unsubscribe, please follow the instructions at http://www.cfczone.org/listserv.cfm CFCDev is supported by: Katapult Media, Inc. We are cool code geeks looking for fun projects to rock! www.katapultmedia.com An archive of the CFCDev list is available at www.mail-archive.com/[email protected]
