Skip to content

West Midlands | 26 March SDC | Iswat Bello | Sprint 1 | Purple Forest/bug report/Extra long blooms#210

Open
Iswanna wants to merge 2 commits into
CodeYourFuture:mainfrom
Iswanna:Purple-Forest/bug-report/Extra-long-blooms
Open

West Midlands | 26 March SDC | Iswat Bello | Sprint 1 | Purple Forest/bug report/Extra long blooms#210
Iswanna wants to merge 2 commits into
CodeYourFuture:mainfrom
Iswanna:Purple-Forest/bug-report/Extra-long-blooms

Conversation

@Iswanna

@Iswanna Iswanna commented Jun 11, 2026

Copy link
Copy Markdown

Learners, PR Template

Self checklist

  • I have titled my PR with Region | Cohort | FirstName LastName | Sprint | Assignment Title
  • My changes meet the requirements of the task
  • I have tested my changes
  • My changes follow the style guide

Changelist

This PR fixes a bug whereby the application allowed blooms (posts) longer than 280 characters to be saved to the database. While the frontend had validation, the backend lacked a "security guard" to prevent direct API requests or scripts from bypassing the limit.

The Problem: The application was only validating bloom length on the frontend. This allowed scripts (like populate.py) or direct API requests to save blooms longer than 280 characters, breaking the business rules.

The Fix:

  • Added a MAX_BLOOM_LENGTH constant (280) to the backend.
  • Updated the send_bloom function in endpoints.py to check the length of the incoming content.
  • The backend now returns a 400 Bad Request if the bloom exceeds the limit.

Verification:

  • I performed a factory reset of the database and ran populate.py.
  • Confirmed that the backend successfully rejected the oversized bloom from the script with a 400 error.
  • Verified via DBeaver that the invalid bloom was not saved to the database.

@Iswanna Iswanna added 📅 Sprint 1 Assigned during Sprint 1 of this module Needs Review Trainee to add when requesting review. PRs without this label will not be reviewed. Module-Legacy-Code The name of the module. labels Jun 11, 2026
@nedssoft nedssoft added Review in progress This review is currently being reviewed. This label will be replaced by "Reviewed" soon. and removed Needs Review Trainee to add when requesting review. PRs without this label will not be reviewed. labels Jun 24, 2026
nedssoft
nedssoft reviewed Jun 24, 2026
View reviewed changes

@nedssoft nedssoft left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Excellent thinking, Iswat — spotting that the 280-char limit was only enforced on the frontend and could be bypassed by a script or direct API call is exactly the "never trust the client" instinct that makes a good backend dev. 👏 Pulling the limit into a named MAX_BLOOM_LENGTH and returning a clean 400 is spot on, with thorough DB verification.

One small thing to mull (not blocking): your message says a bloom must be "less than 280 characters", but your check > MAX_BLOOM_LENGTH actually lets exactly 280 through. Is 280 meant to be allowed or rejected — and does the wording match what the code does?

@nedssoft nedssoft added Complete Volunteer to add when work is complete and all review comments have been addressed. and removed Review in progress This review is currently being reviewed. This label will be replaced by "Reviewed" soon. labels Jun 24, 2026
@Iswanna
fix: clarify bloom length error message wording
0847df9 
Updated the validation error message from "less than" to "not exceed".
This ensures the text accurately reflects the backend logic, which
allows blooms of exactly 280 characters while rejecting 281+.
@Iswanna

Iswanna commented Jun 25, 2026
edited
Loading

Copy link
Copy Markdown
Author

Excellent thinking, Iswat — spotting that the 280-char limit was only enforced on the frontend and could be bypassed by a script or direct API call is exactly the "never trust the client" instinct that makes a good backend dev. 👏 Pulling the limit into a named MAX_BLOOM_LENGTH and returning a clean 400 is spot on, with thorough DB verification.

One small thing to mull (not blocking): your message says a bloom must be "less than 280 characters", but your check > MAX_BLOOM_LENGTH actually lets exactly 280 through. Is 280 meant to be allowed or rejected — and does the wording match what the code does?

Thank you so much @nedssoft, for the feedback.
You are completely right about the boundary logic. My intention was to allow exactly 280 characters (to match the frontend), which is why I used the > operator in the code. However, I see now that my previous message was technically incorrect compared to the logic.
I have just pushed a commit to update the message to: Bloom must not exceed {MAX_BLOOM_LENGTH} characters. This now accurately describes the behaviour of the code.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer
@nedssoft nedssoft nedssoft left review comments
Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

Complete Volunteer to add when work is complete and all review comments have been addressed. Module-Legacy-Code The name of the module. 📅 Sprint 1 Assigned during Sprint 1 of this module

Projects

Purple Forest Kanban
Status: Backlog

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Iswanna @nedssoft