Hey!
Little magic today!
Generally we buld HTML forms that are “Embedded forms” with the Angular API. These are client side/tasklist forms, but do not provide any form of validation on the server side. This is a problem for two reasons:
- Does not provide good submission security checks
- System to System interactions can bypass the validations that are used in the Angular forms.
So how do we fix this problem?
Well in the past we have to write a java class that does a custom validation. This was generally done on a per field basis or you add extra logic.
This is a huge pain because the BPMN and the Form are built rapidly, but when we need to generate the sever validations, we are stuck with compile jars and redeployment… No good!
So I have implemented the Camunda Form Validator: JS Server.
This is a Generic Form Validation solution that accesses Camunda’s Nashorn Script Engine to execute the validation.
It lets you add a form-validation.js script to your deployment, and with a simple configuration in the modeler on the Start Event or User Task form(s) you get your submissions added to the JS Validator.
your form-validation.js could be as simple as:
load('classpath:validationResult.js')
// The submissionsValues variable comes from the engine binding
validateData(submissionValues)
function validateData(values){
if (values.containsKey('firstName') == false){
return validationResult(false, {
"detail": "FIELD_REQUIRED",
"message": "firstName is required"
})
}
if (values.containsKey('age') && values['age'] < 18 ){
return validationResult(false, {
"detail": "AGE_LIMIT",
"message": "age must be 18 or older"
})
}
// If no errors were found:
return validationResult(true)
}
Check out the Github repo for the Jar and further usage examples. I have also included a ready to build docker setup that will let you test it out. See the Readme of the Repo.
Would love feedback and usage examples that come to mind.
Also @camunda it would be great is the following issue could be resolved, as it is a QOL blocker from the actual thrown errors being returned in the REST API and thus Tasklist:
https://app.camunda.com/jira/browse/CAM-8276