You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since schema instance is assigned to the view, the same instance is reused for every request to the view. flask-api-framework uses marshmallow.Schema.load method to deserialize passed data to a schema instance. It means that missing non-required fields, dynamically assigned attributes and other instance attributes (eg schema context) will not be re-loaded. It may lead to the situation when a view can access schema data from the previous requests.
Here is an example:
import base64
from marshmallow import Schema, fields, validates
class MySchema(Schema):
event = fields.String()
b64_message = fields.String()
@validates("b64_message")
def validates_message(self, value):
self.context["decoded_message"] = base64.b64decode(value).decode()
# assign schema instance to the view class
s = MySchema()
# handling first request
request_data = {"event": "first_event", "b64_message": base64.b64encode("hey".encode()).decode()}
loaded_data = s.load(data=request_data)
print(s.context["decoded_message"]) # prints "hey" which is correct
# handling second request
request_data = {"event": "second_event"}
loaded_data = s.load(data=request_data)
print(s.context["decoded_message"]) # prints "hey" but a KeyError is expected
A possible solution is to assign schema class to the view and create a new schema instance every time before calling marshmallow.Schema.load.
As an alternative, marshmallow.Schema class can be extended with a custom load_new method that returns a new schema instance.
The text was updated successfully, but these errors were encountered:
notvad
added a commit
to notvad/flask-api-framework
that referenced
this issue
Apr 15, 2022
Since schema instance is assigned to the view, the same instance is reused for every request to the view.
flask-api-frameworkusesmarshmallow.Schema.loadmethod to deserialize passed data to a schema instance. It means that missing non-required fields, dynamically assigned attributes and other instance attributes (eg schemacontext) will not be re-loaded. It may lead to the situation when a view can access schema data from the previous requests.Here is an example:
A possible solution is to assign schema class to the view and create a new schema instance every time before calling
marshmallow.Schema.load.As an alternative,
marshmallow.Schemaclass can be extended with a customload_newmethod that returns a new schema instance.The text was updated successfully, but these errors were encountered: