LearnLightning

Understanding Server Side Errors In Lightning

Posted on Updated on

Hi All,

Every Salesforce developer might have faced server-side/apex errors or exceptions while running VF pages or Lightning Components. I have also faced errors while running VF pages and Lightning Components. It is easy to understand and handle errors on VF page but there is difference when you are working with Lightning Components.

If there is any error on VF page, it will show you user friendly or appropriate error message with line number, when you are not handling it. And if you are handling this exception, you can easily show them using or .

When you are running Lightning Components and if there is any server side error occur it will not show you error on browser. I don’t know why, maybe Lightning is still improving that’s why.

Run below code in your org.

//Apex Controller
public class DemoExceptionController{

    @AuraEnabled
    public static String getServerErrorMessage(){
		//DML Exception
        contact con = new contact();
        insert con;
		
		return 'anything';
	}
}
//ExceptionDemo.cmp
<aura:component controller="DemoExceptionController">
    
    <aura:attribute name="message" type="String"/>
	
    <ui:button label="Show Error" press="{!c.showError}"/>
    <br/>
	Error Message :<ui:outputText value="{!v.message}"/>
	
</aura:component>
//ExceptionDemoController.js
({
	showError : function(component, event, helper) {
		var action = component.get("c.getServerErrorMessage");
		
        action.setCallback(this, function(a) {
            component.set("v.message", a.getReturnValue());
		});
		$A.enqueueAction(action);
	}
})

When you click on “Show Error” button a DML exception will occur on server. This error should be shown on browser by system but it is not shown. I modified ExceptionDemoController.js to manually show server side errors.

({
	showError : function(component, event, helper) {
		var action = component.get("c.getServerErrorMessage");
		
        action.setCallback(this, function(a) {
            component.set("v.message", a.getReturnValue());
            
			if (a.getState() === "SUCCESS") {
				component.set("v.message", a.getReturnValue());
			} else if (a.getState() === "ERROR"){
                console.log(a.getError());
                var errors = a.getError();
				if(errors[0] && errors[0].pageErrors)
					component.set("v.message", errors[0].pageErrors[0].message);    
			}
			
        });
		$A.enqueueAction(action);
	}
})

Now when you click on “Show Error” button it will show you user friendly error message.

Now modify Apex Controller and ExceptionDemoController.js to show different type of error.

//Apex Controller
public class DemoExceptionController{

    @AuraEnabled
    public static String getServerErrorMessage(){
		//List Exception        
        List<Integer> li = new List<Integer>();
        li.add(15);
        Integer i2 = li[1]; // Causes a ListException
	}
}

//ExceptionDemoController.js
({
	showError : function(component, event, helper) {
		var action = component.get("c.getServerErrorMessage");
		
        action.setCallback(this, function(a) {
            component.set("v.message", a.getReturnValue());
            
			if (a.getState() === "SUCCESS") {
				component.set("v.message", a.getReturnValue());
			} else if (a.getState() === "ERROR"){
                console.log(a.getError());
                var errors = a.getError();
                if(errors[0] && errors[0].message)// To show other type of exceptions
                    component.set("v.message", errors[0].message);
                if(errors[0] && errors[0].pageErrors) // To show DML exceptions
            		component.set("v.message", errors[0].pageErrors[0].message);    
			}
        });
		$A.enqueueAction(action);
	}
})

Now when you click on “Show Error” button, this time it will not show you correct user friendly message instead of this “An internal server error has occurred” message will be shown. I tried with other type of exceptions to see the cases in which “An internal server error has occurred” message will be shown and in which correct user friendly message will be shown. In every case “An internal server error has occurred” message is shown except DML exception.

If you want to show appropriate error message you can handle exception to return appropriate error message.

//Apex Controller
public class DemoExceptionController{

    @AuraEnabled
    public static String getServerErrorMessage(){
		try{
            List<Integer> li = new List<Integer>();
            li.add(15);
            Integer i2 = li[1]; // Causes a ListException
        }catch(Exception e){
            return e.getMessage();
            
        }
	}
}

I know this is not a right way to show error message but I am just giving you an idea to show appropriate error message. You can write your own logic according to your requirement.

Thanks 🙂

Understanding Expressions in Lightning

Posted on Updated on

Hi All,

Yesterday I stuck with Expressions in Lightning. While solving this I came to know about different ways of using Expressions and different types of these.

An expression is any set of literal values, variables, sub-expressions, or operators that can be resolved to a single value. You can use expressions for dynamic output or passing values into components by assigning them to attributes. Expressions are also used to provide action methods for user interface events(i.e. OnClick,OnHover).

Bound Expressions

Bound expression syntax is: {!expression}. Curly braces with “!” bang operator is used for Bound expressions.

If you are making any change using Bound expression it will immediately reflected on your component. Bound expressions are used to reflect changes on your Lightning Component. Below are examples of Bound expressions in component.

<aura:component>
	
	<!-- Accessing Fields and Related Objects -->
	<p>{!v.accounts.Name}</p>
	
	<!-- Concatinate value with String -->
	<p>{!'Hello ' + v.msg}</p>
	
	<!-- Ternary Operator -->
	<ui:button aura:id="likeBtn" label="{!(v.likeId == null) ? 'Like It' : 'Unlike It'}" />
	
	<!-- Conditional Markup -->
	<aura:attribute name="edit" type="Boolean" default="true"/>
	<aura:if isTrue="{!v.edit}">
		<ui:button label="Edit"/>
	<aura:set attribute="else">
		You can’t edit this.
	</aura:set>
	</aura:if>
	
	<!-- Adding two items -->
	{!(v.item1) + (v.item2)}
	
	<!-- Using Global Variables -->
	{!$Browser.isPhone}
	{!$Locale.timezone}
	
	<!-- Action Method -->
	<ui:button aura:id="likeBtn" label="Press Me" press="{!c.update}"/>
	
	<!-- Array Length -->
	{!v.myArray && v.myArray.length > 0}
	
</component>

Unbound Expressions

Unbound expression syntax is: {#expression}. Curly braces with “#” hash operator is used for Unbound expressions.

If you are making any change using unbound expression, it will not immediately reflect on your component. If you don’t want to reflect changes, you can use unbound expressions.

Note : Unbound expression changes are not reflected on component but they can be seen by javascript.

Below example show use of unbound expression in component.

//Component1.cmp
<aura:component>
    <aura:attribute name="truthy" type="Boolean"></aura:attribute>
     
    <aura:if isTrue="{#v.truthy}">
        True
    <aura:set attribute="else">
        False
    </aura:set>
    </aura:if>
    <ui:button aura:id="button" label="Check" press="{!c.update}"/>
</aura:component>
 
//Component1Controller.js
({
    update : function(component, event, helper) {
        component.set("v.truthy","false");
		console.log('----> '+component.get("v.truthy"));
    }
})
 
//Component1Renderer.js
({
    rerender: function(cmp, helper) {
        console.log('rerender'); 
        return this.superRerender()
    },
})

In above code when you click on “Check” button it will udpate unbound expression {!#v.truthy} in javascript controller. You will be able to see changes in console but they are not reflected on component.

Hope this will be helpful. Happy coding 🙂

Lightning Component Best Practices PART 2

Posted on

Hi All,

Few days before I wrote an article on best practices of Lightning Components. In that article I told you about best practices of Lightning Component Bundle(Controller, Helper, Renderer) and Events. Today I will tell you about best practices to create secure Lightning Components.

In Winter 16 release Salesforce introduced an important change to Lightning Component, In order to run Lightning Components in your org, you will be required to use the My Domain feature.

Why My Domain? At Salesforce, Trust is their number one value. The security team that reviews all changes to the Force.com platform have determined that requiring of My Domain will allow Salesforce to enact even better security around Lightning Components. And better security is good for everyone.

Because of this new feature insecurity is not neccessorily coming from Lightning Components but can come from JavaScript(Client Side) or Apex(Server Side). All the insecurities may come from JavaScript rather than from Lightning Component. Reason for this is the JavaScript from same domain can actually access,modify and read everything. You should follow below best practices to avoid insecurities from Client Side and Server Side. I tried to explore them.

Client Side

  • When modifying the DOM, avoid the use of HTML rendering functions such as innerHTML or $().append(). Rather use component getters and setters whenever possible.
  • //Component1.cmp
    <aura:component>
    	<aura:attribute name="msg" type="String"></aura:attribute>
    	<div><b>{!v.msg}</b></div>
    </aura:component>
    
    //Component1Helper.js
    ({
    	changeValue : function(component) {
    		component.set("v.msg","Changed value before Render"); // Modifying DOM using setter
    	},
    })
    
    //Component1Renderer.js
    ({
    	render: function(cmp, helper) {
    	   console.log('render');
    	   helper.changeValue(cmp); // Modifying DOM in renderer
    	   return this.superRender()
    	},
    })
    

    In above code I am modifying DOM using setter.

    The DOM may only be modified in a renderer. Outside a renderer, the DOM is read-only. Suppose if you are trying to modify DOM in a controller than you are playing out side of the cycle of aura. If you do modification in controller the renderer will wipe all the DOM modification and you will end up with no result.

    In above code I am modifying DOM in renderer.

    Note : JS code within a component can only modify DOM elements belonging to the component. For example, it cannot modify document head or directly access the DOM element belonging to another component. In order to modify a parent or sibling component, an event should be passed to the target component. Child components should only be accessed via their attributes, and not by accessing the DOM of the child component directly.

  • To change styles dynamically, use $A.util.toggleClass() or $A.util.addClass(),$A.util.removeClass().
    Use $A.util.toggleClass() for component instead of a DOM element.
  • //toggleCss.cmp
    <aura:component>
    	<div aura:id="changeIt">Change Me!</div><br />
    	<ui:button press="{!c.applyCSS}" label="Add Style" />
    	<ui:button press="{!c.removeCSS}" label="Remove Style" />
    </aura:component>
    //toggleCssController.js
    ({
    	applyCSS: function(cmp, event) {
    		var cmpTarget = cmp.find('changeIt');
    		$A.util.addClass(cmpTarget, 'changeMe');
    	},
    	removeCSS: function(cmp, event) {
    		var cmpTarget = cmp.find('changeIt');
    		$A.util.removeClass(cmpTarget, 'changeMe');
    	}
    })
    //toggleCss.css
    .THIS.changeMe {
    	background-color:yellow;
    	width:200px;
    }
    
  • Use $A.getCallback() to wrap any code that accesses a component outside the normal rerendering lifecycle, such as in a setTimeout() or setInterval() call or in an ES6 Promise. $A.getCallback() preserves the current execution context and grants the correct access level to the asynchronous code. Otherwise, the framework loses context and only allows access to global resources.
  • window.setTimeout(
    	$A.getCallback(function() {
    		if (cmp.isValid()) {
    			cmp.set("v.visible", true);
    		}
    	}), 5000
    )
    

    This sample sets the visible attribute on a component to true after a five-second delay.

  • Avoid the use of inline javascript except when referencing JS controller methods.
  • <div onmouseover="myfunction" >foo</div> //bad
    <div onmouseover="c.myControllerFunction" >foo</div> //OK
    
  • Do not overwrite window or document functions.
  • window.onload = function () {
       //some code
    }
    document.write = function() {
       //some code
    }
    
  • Don’t use Script or Link tag to include JavaScript or CSS file. Instead of this use use the [ltng:require] aura component.
  • <link type='text/css' rel='stylesheet' href='YOUR_CSS_FILE.css' /> //bad
    <script src="YOUR_JS_FILE.js"></script> //bad
    
    <ltng:require styles="CSS FILE 1,CSS FILE 2,..." scripts="JS FILE 1,JS FILE 2,.."></ltng:require> //OK
    
  • Avoid using absolute URL use relative URL with ‘/’ and encodeURL.
  • Events may only be fired within a controller or component file, but not in a renderer. If you fire an event in renderer the event will go and call the controller again and controller will instantiate again,setup data again and call renderer again and cycle will repeat. This will end up with an infinite loop.
  • Avoid using component. This component outputs value as unescaped HTML, which introduces the possibility of security vulnerabilities in your code. You must sanitize user input before rendering it unescaped, or you will create a cross-site scripting (XSS) vulnerability. Only use with trusted or sanitized sources of data.

Server Side

  • All controller classes must have the with sharing keyword. There are no exceptions. In some cases, your code will need to elevate privileges beyond those of the logged in user.
  • public class DemoController() {  //Unsafe
        
        @AuraEnabled
        public static String getSummary() {
            //code
        }
    }
    
    public with sharing class DemoController() {  //safe
        
        @AuraEnabled
        public static String getSummary() {
            //code
        }
    }
    
  • CRUD/FLS permissions are not automatically enforced in lightning components or controllers, nor can you rely on lightning components to enforce security (as the client is under the control of the attacker, so all security checks must always be performed server-side). You must explicitly check for for isAccessible(), isUpdateable(), isCreateable(), isDeletable() prior to performing these operations on sObjects.
public with sharing class DemoController() {
    
    @AuraEnabled
    public static Contact getContact(String fieldName) { //safe
        if(Schema.SObjectType.Contact.fields.getMap().get('Name').getDescribe().isAccessible()){
			//code
		}
    }
}

Above best practices will help your Lightning Components in passing through security review of AppExchange.

Hope this will be helpful cheers!! 🙂

Different Rendering Behavior Of Lightning Component

Posted on Updated on

Hi All,

In this article I will tell you how and when you can use/customize different Renderer.js functions of a Lightning Component. There are different types of renderer functions which are called automatically when a Component is Render, Rerender or Unrender. You can customize these functions to change default rendering behaviour of Component.

Let’s explore these functions.

Render

The framework calls render() function when component is being initialized/rendered. The render() function typically returns a DOM node, an array of DOM nodes, or nothing. The base HTML component expects DOM nodes when it renders a component. Use render function to modify DOM or to modify component markup.

//Component1.cmp
<aura:component>
	<aura:attribute name="msg" type="String"></aura:attribute>
	<div><b>{!v.msg}</b></div>
</aura:component>

//Component1Helper.js
({
	changeValue : function(component) {
		component.set("v.msg","Changed value before Render");
	},
})

//Component1Renderer.js
({
	render: function(cmp, helper) {
	   console.log('render');
	   helper.changeValue(cmp);
	   return this.superRender()
	},
})

In render() function I am calling helper method to modify DOM when component renders.

AfterRender

The afterRender function will be called by framework after render() function.AfterRender function allows us to further change an already rendered component. The afterRender() function enables you to interact with the DOM tree after the framework’s rendering service has inserted DOM elements.

Note :

  1. Both the functions will be called only once, you can keep your business logic that needs to run only once in these functions.
  2. Both functions can be used to modify DOM or markup.
  3. Don’t perform DML in render function. You can do in afterRender.

Rerender

Rerender function will be called when a component’s value changes due to user action like a button click or some other event like component/application event. Rerender function updates component upon rerendering of the component.

//Component1.cmp
<aura:component>
	<aura:attribute name="truthy" type="Boolean"></aura:attribute>
	
	<aura:if isTrue="{!v.truthy}">
		True
	<aura:set attribute="else">
		False
	</aura:set>
	</aura:if>
	<ui:button aura:id="button" label="Check" press="{!c.update}"/>
</aura:component>

//Component1Controller.js
({
	update : function(component, event, helper) {
		component.set("v.truthy","false")
	}
})

//Component1Renderer.js
({
	rerender: function(cmp, helper) {
		console.log('rerender'); 
		return this.superRerender()
	},
})

In above component when you click on “Check” button,update method will update component which in turn call rerender.

Unrender

Framework fires an unrender event when a component is deleted.The base unrender() function deletes all the DOM nodes rendered by a component’s render() function. It is called by the framework when a component is being destroyed. Customize this behavior by overriding unrender() in your component’s renderer. This can be useful when you are working with third-party libraries that are not native to the framework.

//Component1.cmp
<aura:component >

	<aura:attribute name="truthy" type="Boolean"></aura:attribute>
	
	<aura:if isTrue="{!v.truthy}">
		<c:Component2 />
	<aura:set attribute="else">
		Second Component is deleted
	</aura:set>
	</aura:if>
	
	<ui:button aura:id="button" label="Check" press="{!c.update}"/>
</aura:component>

//Component1Controller.js
({
	update : function(component, event, helper) {
		component.set("v.truthy","false")
	}
})

//Component1Renderer.js
({
	rerender: function(cmp, helper) {
		console.log('rerender'); 
		return this.superRerender()
	},
})

//Component2.cmp
<aura:component >
	I am in second component
</aura:component>

//Component2Renderer.js
({
	unrender : function (cmp, helper) {
		console.log('Component 2 unrender '); 
		return this.superUnrender();
	},
})

In above code Component2.cmp is deleted when you click on “Check” button on Component1.cmp. When Component2.cmp is deleted framework calls unrender method.

To know more about Best Practices of Lightning Component Rendering click here
Hope this will be helpful 🙂

Lightning Component Best Practices

Posted on Updated on

Hi All,

In this article, I will tell you the best practices for Lightning Components, Lightning component bundle and Events.

Lightning Component

Lightning is all about components. You can build applications by assembling components created by you and other developers. A component can contain other components, as well as HTML, CSS, JavaScript, or any other Web-enabled code. This enables you to build apps with sophisticated UIs. We should always keep in mind Lightning Component’s modular approach while creating a Lightning App. It is always a best practice to use component based developement approach. Following are the benifits of component based approach.

  1. Increases
    a. Developer Productivity
    b. Feature availablity
    c. Application Scaliblity
  2. Decreases
    a. Application Complexity
    b. Time to Delivery
    c. Overall Cost

Lightning Component Bundle

Each Lightning Component is made up of a markup, JavaScript controller, a Helper, a Renderer and more(Component Bundle).

final00001

Controller

  1. Use Controllers to listen to user events and other events like Component Event, Appliction Event.
  2. Delegate your business logic to helper methods.
  3. Do not trigger DML operation on component initializaton. If you are doing DML in init(), you are creating a CSRF(Cross-Site Request Forgery).
  4. Do not modify DOM in Controller. If you modify DOM in Controller it will call renderer method which will end in no result.

Helper

Always write your business logic in helper functions because

  1. Helper functions may be called from any other javascript in the component bundle.
  2. Whenever a component runs Lightning Framework creates an instance of the Controller, an instance of the Renderer for each component but creates only one copy of the Helper and passes the reference of the Helper into every Controller instance and every Renderer instance. Below picture will make you understand this well.

final00002

Since Helper is shared across everything, it allows us to share and keep logic across of Controllers and Renderers in one place. It also helps us keep logic within Controllers and Renderers lean. Anytime you need to call one controller function from another controller function, move that logic to Helper.

Renderer

  1. Use Renderer whenever you want to customize default rendering, rerendering, afterrendering and unrendering behaviour for a component.
  2. Do not fire an event in renderer, firing an event in a renderer can cause an infinite rendering loop.
  3. If you need to directly manipulate DOM elements in your component, you should do it in the component’s renderer.

Events

  1. Always use events to implement communication between components.
  2. Always try to use a component event instead of an application event, if possible. Component events can only be handled by components above them in the containment hierarchy so their usage is more localized to the components that need to know about them. Below picture will make you understand better about component event.final00003
  3. Application events are best used for something that should be handled at the application level, such as          navigating to a specific record.appevent
  4. It’s a good practice to handle low-level events, such as a click, in your event handler and refire them as higher-level events, such as an approvalChange event or whatever is appropriate for your business logic.
  5. If you have a large number of handler component instances listening for an event, it may be better to identify a dispatcher component to listen for the event. The dispatcher component can perform some logic to decide which component instances should receive further information and fire another component or application event targeted at those component instances.
  6. Do not use onclick and ontouchend events in a component. The framework translates touch-tap events into clicks and activates any onclick handlers that are present.

That’s it for now I will come with more details in upcoming posts. 🙂