It is generally wise to check your data several times with different intentions. I suggest these levels:
1) Previously, the front controller checks the received data for integrity . If you missed some token or got some timeout in the browser, etc., you immediately exit. You do not allow these requests to reach your MVC. Here you may want suoshin . The reason is that deeper levels can associate protected data with the browser even if an error occurs. Imagine someone skipped a security token (attack?), And your submission returns an error message and sets some cookies. With their help, an attacker can log into the system after any invalid form request.
2) The front controller checks if the entered can be entered in this form from this user, etc. (for example, if the US User can enter the Canadian Phonenumber number). He should give direct feedback in the form "enter the correct phone number", etc.
3) The model checks if the data is in a state that should be safely stored and returned, for example. if it has been shielded, has the desired length, etc.