feat(forms): Server side validation for mandatory questions

Author: ccailly

css/includes/components/form/_form-renderer.scss

@@ -111,4 +111,27 @@
             }
         }
     }
+
+    // Handle invalid states for specific inputs (select2 and tinymce)
+    [data-glpi-form-renderer-question] {
+        &:has(select.is-invalid) {
+            .select2-container--default .select2-selection {
+                border-color: var(--tblr-form-invalid-border-color) !important;
+            }
+        }
+
+        &:has(textarea.is-invalid) {
+            .tox.tox-tinymce {
+                border-color: var(--tblr-form-invalid-border-color) !important;
+            }
+        }
+
+        .invalid-tooltip {
+            position: relative;
+            background-color: unset;
+            color: var(--tblr-form-invalid-color);
+            padding: unset;
+            margin-top: .25rem;
+        }
+    }
 }

js/modules/Forms/RendererController.js

@@ -134,39 +134,67 @@ export class GlpiFormRendererController
         $(this.#target).removeClass('pointer-events-none');
     }
 
-    #checkCurrentSectionValidity() {
-        // Find all required inputs that are hidden and not already disabled.
-        // They must be removed from the check as they are inputs from others
-        // sections or input hidden by condition (thus they should not be
-        // evaluated).
-        // The easiest way to not evaluate these inputs is to disable them.
-        const inputs = $(this.#target).find('[required]:hidden:not(:disabled)');
-        for (const input of inputs) {
-            input.disabled = true;
-        }
+    async #checkCurrentSectionValidity() {
+        // Get the UUID of the current section
+        const currentSectionElement = $(this.#target).find(`[data-glpi-form-renderer-section="${this.#section_index}"]`);
+        const currentSectionUuid = currentSectionElement.data('glpi-form-renderer-uuid');
+
+        const response = await $.ajax({
+            url: `${CFG_GLPI.root_doc}/Form/ValidateAnswers`,
+            type: 'POST',
+            data: `${$(this.#target).serialize()  }&section_uuid=${currentSectionUuid}`,
+            dataType: 'json',
+        });
 
-        // Check validity and display browser feedback if needed.
-        const is_valid = this.#target.checkValidity();
-        if (!is_valid) {
-            this.#target.reportValidity();
-        }
+        // Remove previous error messages and aria attributes
+        $(this.#target)
+            .find(".invalid-tooltip")
+            .remove();
+        $(this.#target)
+            .find(".is-invalid")
+            .removeClass("is-invalid")
+            .removeAttr("aria-invalid")
+            .removeAttr("aria-errormessage");
+
+        if (response.success === false) {
+            Object.values(response.errors).forEach(error => {
+                // Highlight the field with error
+                const question = $(`[data-glpi-form-renderer-id="${error.question_id}"][data-glpi-form-renderer-question]`);
+                if (!question.length) {
+                    return;
+                }
+
+                // Find the input field within the question
+                const inputField = question.find('input:not([type=hidden]):not([data-uploader-name]):not(.select2-search__field), select, textarea');
+                if (!inputField.length) {
+                    return;
+                }
+
+                // Generate a unique ID for the error message
+                const errorId = `error-${error.question_id}`;
+
+                // Add validation classes and accessibility attributes
+                inputField
+                    .addClass('is-invalid')
+                    .attr('aria-invalid', 'true')
+                    .attr('aria-errormessage', errorId);
+
+                // Add a tooltip with the error message
+                inputField.parent().append(
+                    `<span id="${errorId}" class="invalid-tooltip">${error.message}</span>`
+                );
+            });
 
-        // Revert disabled inputs
-        for (const input of inputs) {
-            input.disabled = false;
+            return false;
         }
 
-        return is_valid;
+        return true;
     }
 
     /**
      * Submit the target form using an AJAX request.
      */
     async #submitForm() {
-        if (!this.#checkCurrentSectionValidity()) {
-            return;
-        }
-
         // Form will be sumitted using an AJAX request instead
         try {
             // Update tinymce values
@@ -176,6 +204,10 @@ export class GlpiFormRendererController
                 });
             }
 
+            if (!await this.#checkCurrentSectionValidity()) {
+                return;
+            }
+
             // Submit form using AJAX
             const response = await $.post({
                 url: $(this.#target).prop("action"),
@@ -217,8 +249,8 @@ export class GlpiFormRendererController
     /**
      * Go to the next section of the form.
      */
-    #goToNextSection() {
-        if (!this.#checkCurrentSectionValidity()) {
+    async #goToNextSection() {
+        if (!await this.#checkCurrentSectionValidity()) {
             return;
         }
 

phpunit/functional/Glpi/Form/AnswersHandler/AnswersHandlerTest.php

@@ -42,6 +42,7 @@
 use Glpi\Form\Condition\LogicOperator;
 use Glpi\Form\Condition\Type;
 use Glpi\Form\Condition\ValueOperator;
+use Glpi\Form\Condition\VisibilityStrategy;
 use Glpi\Form\Destination\FormDestinationChange;
 use Glpi\Form\Destination\FormDestinationProblem;
 use Glpi\Form\Destination\FormDestinationTicket;
@@ -164,6 +165,117 @@ public function testSaveAnswers(): void
         );
     }
 
+    public function testValidateAnswers(): void
+    {
+        self::login();
+
+        // Create a form with both mandatory and optional questions
+        $builder = new FormBuilder("Validation Test Form");
+        $builder
+            ->addQuestion("Mandatory Name", QuestionTypeShortText::class, is_mandatory: true)
+            ->addQuestion("Mandatory Email", QuestionTypeEmail::class, is_mandatory: true)
+            ->addQuestion("Optional Comment", QuestionTypeLongText::class, is_mandatory: false)
+        ;
+        $form = self::createForm($builder);
+
+        // Get handler instance
+        $handler = AnswersHandler::getInstance();
+
+        // Test 1: All mandatory fields are filled - should be valid
+        $complete_answers = [
+            self::getQuestionId($form, "Mandatory Name") => "John Doe",
+            self::getQuestionId($form, "Mandatory Email") => "john.doe@example.com",
+            self::getQuestionId($form, "Optional Comment") => "This is an optional comment",
+        ];
+        $result = $handler->validateAnswers($form, $complete_answers);
+        $this->assertTrue($result->isValid(), "Validation should pass when all mandatory fields are filled");
+        $this->assertCount(0, $result->getErrors(), "There should be no errors when all mandatory fields are filled");
+
+        // Test 2: Missing one mandatory field - should be invalid
+        $missing_name_answers = [
+            self::getQuestionId($form, "Mandatory Email") => "john.doe@example.com",
+            self::getQuestionId($form, "Optional Comment") => "This is an optional comment",
+        ];
+        $result = $handler->validateAnswers($form, $missing_name_answers);
+        $this->assertFalse($result->isValid(), "Validation should fail when a mandatory field is missing");
+        $this->assertCount(1, $result->getErrors(), "There should be one error when one mandatory field is missing");
+
+        // Test 3: Missing all mandatory fields - should be invalid with multiple errors
+        $only_optional_answers = [
+            self::getQuestionId($form, "Optional Comment") => "This is an optional comment",
+        ];
+        $result = $handler->validateAnswers($form, $only_optional_answers);
+        $this->assertFalse($result->isValid(), "Validation should fail when all mandatory fields are missing");
+        $this->assertCount(2, $result->getErrors(), "There should be two errors when both mandatory fields are missing");
+
+        // Test 4: Empty answers - should be invalid with multiple errors
+        $empty_answers = [];
+        $result = $handler->validateAnswers($form, $empty_answers);
+        $this->assertFalse($result->isValid(), "Validation should fail when answers are empty");
+        $this->assertCount(2, $result->getErrors(), "There should be two errors when answers are empty");
+
+        // Test 5: Empty string in mandatory field - should be invalid
+        $empty_string_answers = [
+            self::getQuestionId($form, "Mandatory Name") => "",
+            self::getQuestionId($form, "Mandatory Email") => "john.doe@example.com",
+        ];
+        $result = $handler->validateAnswers($form, $empty_string_answers);
+        $this->assertFalse($result->isValid(), "Validation should fail when a mandatory field contains an empty string");
+        $this->assertCount(1, $result->getErrors(), "There should be one error when a mandatory field contains an empty string");
+    }
+
+    public function testValidateAnswersWithConditions(): void
+    {
+        self::login();
+
+        // Create a form with conditional questions
+        $builder = new FormBuilder("Conditional Validation Test Form");
+        $builder
+            ->addQuestion("Main Question", QuestionTypeShortText::class, is_mandatory: true)
+            ->addQuestion("Conditional Question", QuestionTypeShortText::class, is_mandatory: true)
+            ->setQuestionVisibility(
+                "Conditional Question",
+                VisibilityStrategy::VISIBLE_IF,
+                [
+                    [
+                        'logic_operator' => LogicOperator::AND,
+                        'item_name'      => "Main Question",
+                        'item_type'      => Type::QUESTION,
+                        'value_operator' => ValueOperator::EQUALS,
+                        'value'          => "Show Conditional",
+                    ],
+                ]
+            )
+        ;
+        $form = self::createForm($builder);
+
+        // Get handler instance
+        $handler = AnswersHandler::getInstance();
+
+        // Test 1: Conditional question is shown - should be valid
+        $conditional_answers = [
+            self::getQuestionId($form, "Main Question") => "Show Conditional",
+            self::getQuestionId($form, "Conditional Question") => "This is a conditional answer",
+        ];
+        $result = $handler->validateAnswers($form, $conditional_answers);
+        $this->assertTrue($result->isValid(), "Validation should pass when the conditional question is shown and filled");
+
+        // Test 2: Conditional question is not shown - should be valid
+        $non_conditional_answers = [
+            self::getQuestionId($form, "Main Question") => "Do not show",
+        ];
+        $result = $handler->validateAnswers($form, $non_conditional_answers);
+        $this->assertTrue($result->isValid(), "Validation should pass when the conditional question is not shown");
+
+        // Test 3: Conditional question is shown but not filled - should be invalid
+        $missing_conditional_answers = [
+            self::getQuestionId($form, "Main Question") => "Show Conditional",
+            self::getQuestionId($form, "Conditional Question") => "",
+        ];
+        $result = $handler->validateAnswers($form, $missing_conditional_answers);
+        $this->assertFalse($result->isValid(), "Validation should fail when the conditional question is shown but not filled");
+    }
+
     private function validateAnswers(
         Form $form,
         array $answers,

src/Glpi/Controller/Form/SubmitAnswerController.php

@@ -109,6 +109,12 @@ private function saveSubmittedAnswers(
         }
 
         $handler = AnswersHandler::getInstance();
+
+        // Check if answers are valid
+        if (!$handler->validateAnswers($form, $answers)->isValid()) {
+            throw new BadRequestHttpException();
+        }
+
         $answers = $handler->saveAnswers(
             $form,
             $answers,