Is your feature request related to a problem? Please describe.
We should make sure its clear what is supported in MapAction instead of it failing with hard to grok errors. For example, #31658 (comment)
Describe the solution you'd like
I think we should have both runtime and compile time validation (an analyzer where possible).
Scenarios for MapActions
1. Forgetting to register a service with the DI container generates an incorrect error as the parameter is viewed as second [FromBody] attribute. Although from the user standpoint the second [FromBody] attribute is not explicit - #35086
app.MapPost("/createUser", ([FromBody] UserDTO userDTO, UserRepository userRepo) => {
return $"user created - {userDTO.LastName} - {userRepo.CreateUser(userDTO).LastName}";
});The user's intention was to inject the UserRepository as service to use.
Error message:
System.InvalidOperationException: 'Action cannot have more than one FromBody attribute.'
2. Allowing query strings on Post is not semantically correct and might be viewed as a security issue. The user would have expected the [FromQuery] attribute to be ignored/should not bind or should throw an exception at the startup time. Nothing to do.
app.MapPost("/createUser", ([FromQuery] string userName, [FromBody] User user,) => $"user created- {userName} - {user.LastName} ");3. FromBody attribute on MapGet does not throw an exception. (User could have copied the method and forget to remove the frombody). Postman allows you to add a body to a get method. However, without a body added to the request, we get 400 which is the correct behavior. If the body is present, binding happens. - Nothing to do - this is by design
builder.Services.AddSingleton<IUserRepository, UserRepository>()
app.MapGet("/findUser/{id}", (int id, [FromBody] UserDTO userDTO, IUserRepository userRepo) => {
return $"user found - {userDTO.LastName} - {userRepo.FindUserById(id).LastName}";
})4. In MapGet an implicit injection of any service returns a 400 if the user forgot to register the service in the DI container. However, an explicit use of [FromServices] returns the correct error. This is inconsistent - #35086
app.MapGet("/findUser/{id}", (int id, UserRepository userRepo) => {
return $"user found - {id} - {userRepo.FindUserById(id).LastName}";
});Error for explicit use of [FromServices]
app.MapGet("/findUser/{id}", (int id, [FromServices] IUserRepository userRepo) => {
return $"user found - {id} - {userRepo.FindUserById(id).LastName}";
}); System.InvalidOperationException: No service for type 'IUserRepository' has been registered.
at Microsoft.Extensions.DependencyInjection.ServiceProviderServiceExtensions.GetRequiredService(IServiceProvider provider,
Type serviceType)
....
5. Improve the error message when routes parameters do match or just ignore casing(lower/upper) - This is a common mistake that users may make - #35087
app.MapGet("/user/{FirstName}/{lastName}", ([FromRoute()]string? firstName, [FromRoute()]string lastName) =>
UserService.GetUser(firstName, lastName, "aa"));Error message (Notice FirstName != firstName):
System.InvalidOperationException: 'firstName is not a route paramter.'
6. What should we do when someone uses attributes that should not be allowed on certain methods ? see example below: -#35088
app.MapGet("/user", ([Bind("FirstName,LastName")] User user) => $"username {user.FirstName}");7. Adding an optional/nullability (?) in the route pattern, messes up the Swagger UI and the json file still recognizes as required field. - #35081
app.MapGet("/user/{id?}", (int? id) => $"userId {id}");Notice the missing closing bracket
Is your feature request related to a problem? Please describe.
We should make sure its clear what is supported in MapAction instead of it failing with hard to grok errors. For example, #31658 (comment)
Describe the solution you'd like
I think we should have both runtime and compile time validation (an analyzer where possible).
Scenarios for MapActions
1. Forgetting to register a service with the DI container generates an incorrect error as the parameter is viewed as second [FromBody] attribute. Although from the user standpoint the second [FromBody] attribute is not explicit - #35086
The user's intention was to inject the UserRepository as service to use.
Error message:
2. Allowing query strings on Post is not semantically correct and might be viewed as a security issue. The user would have expected the [FromQuery] attribute to be ignored/should not bind or should throw an exception at the startup time. Nothing to do.
3. FromBody attribute on MapGet does not throw an exception. (User could have copied the method and forget to remove the frombody). Postman allows you to add a body to a get method. However, without a body added to the request, we get 400 which is the correct behavior. If the body is present, binding happens. - Nothing to do - this is by design
4. In MapGet an implicit injection of any service returns a 400 if the user forgot to register the service in the DI container. However, an explicit use of [FromServices] returns the correct error. This is inconsistent - #35086
Error for explicit use of [FromServices]
5. Improve the error message when routes parameters do match or just ignore casing(lower/upper) - This is a common mistake that users may make - #35087
Error message (Notice FirstName != firstName):
6. What should we do when someone uses attributes that should not be allowed on certain methods ? see example below: -#35088
7. Adding an optional/nullability (?) in the route pattern, messes up the Swagger UI and the json file still recognizes as required field. - #35081
Notice the missing closing bracket
