JsonSerializer does not require that value of an enum is defined

[jasonycw]

Consider the following:

var dayOfWeek = JsonSerializer.Deserialize<DayOfWeek>("9");
Console.WriteLine(dayOfWeek);

The serializer does not complain when an out-of-range enum value is presented.

---

Original text

Let's say we have the following as our request model

public enum Currency
{
   Dollar, Yen
}

public class Request
{
    public Currency Currency {get; set; }
}

In the controller, if we have

[HttpPost("test")]
public async Task<ActionResult> Post([FromQuery]Request request)

and we POST /test?currency=3, we will have an invalid model state.

If we have

[HttpPost("test/{currency}")]
public async Task<ActionResult> Post([FromRoute]Currency currency)

and we POST /test/3, we will also have an invalid model state.

However, if we have

[HttpPost("test")]
public async Task<ActionResult> Post([FromBody]Request request)

and we POST /test with a JSON body

{
   "currency": "3"
}

The model state will be valid and the controller will get request.Currency = 3 which does not make sence.

If we add and attribute to the enum property like the following
(thanks to this very old StackOverflow answer)

public class Request
{
    [EnumDataType(typeof(Currency ))]
    public Currency Currency {get; set; }
}

And POST /test with the same JSON body again, we can get invalid model state, which is expected behavior.

Further technical details

• ASP.NET Core version: 3.1
• Include the output of dotnet --info:

.NET Core SDK (reflecting any global.json):
 Version:   3.1.201
 Commit:    b1768b4ae7

Runtime Environment:
 OS Name:     Windows
 OS Version:  10.0.18363
 OS Platform: Windows
 RID:         win10-x64
 Base Path:   C:\Program Files\dotnet\sdk\3.1.201\

Host (useful for support):
  Version: 3.1.3
  Commit:  4a9f85e9f8

• The IDE (VS / VS Code/ VS4Mac) you're running on, and it's version: VS 16.5.4

[ghost]

Tagging subscribers to this area: @safern, @ViktorHofer
Notify danmosemsft if you want to be subscribed.

[ghost]

Tagging subscribers to this area: @jozkee
Notify danmosemsft if you want to be subscribed.

[pranavkm]

@jasonycw neither of the two serializers (S.T.Json \ Newtonsoft.Json) that MVC supports enforce that an enum value is defined. MVC's model binding does which is why you see a validation error appear for model bound values. The EnumDataTypeAttribute validates that enum values are within range for an enum. I'd use that to enforce this behavior consistently.

Moving the issue to the runtime repo in the event they want to consider enforcing this using a converter.

[layomia]

Enum.(Try)Parse does not enforce this, so I'm not sure that the serializer should (at least by default). A custom converter can be added to enforce that the input is within range.

As mentioned, there's a pattern for validating enum values in MVC using EnumDataTypeAttribute, so there's a workaround for the motivating scenario here.

[layomia]

Although this issue is older, I'll close it as a dup of #42093 which has more discussion.