Bug #70
Updated by Vivek Kumar 17 days ago
The API fails to enforce basic validation rules on multiple input fields.
All fields accept invalid data types, excessive lengths, and malformed values — yet the server responds with success.
**Steps To Reproduce:**
* Send a POST request to `POST https://api.akinderwellness.com:4001/api/schools/add`
* Provide invalid or malformed values in all fields
* Observe that the API accepts the request without validation errors
**ACTUAL RESULT**
The fields don't have proper validation in API. Below are the validation issues:
* name: Accepts excessively long input without any maximum length restriction
* address: Accepts excessively long input without validation or length limits
* city: Accepts arbitrary long strings and invalid city names without format validation
* state: Accepts arbitrary long strings without validation or constraints
* zip: Accepts non-numeric and invalid formats instead of enforcing proper postal code format
* AdditionalInfo: No validation or length restriction, allows arbitrary input
* contactPerson: Accepts excessively long input without any length constraint
* contactNumber: Accepts non-numeric string values instead of enforcing numeric format
* website: Does not enforce strict URL validation, accepts loosely formatted or invalid URLs
* status: Does not enforce predefined values (enum), accepts arbitrary input
**DUPLICATE RECORDS CAN BE CREATED FOR SAME SCHOOL on firing the records multiple times.**
**Expected Result**
The API must validate all the fields and their format.