Comments (1)
Hello,
I have noticed that only the query parameters marked as required are validated.
For example let's say I have some optional parameter:
paths:
/things/{namespace}:
get:
parameters:
- $ref: '#/components/parameters/namespace'
- name: foo
required: false
in: query
schema:
$ref: '#/components/schemas/foo'
When I do GET /things/test_namespace?bla=something
validation passes, but changing required
to true
makes it fail with code 400 (expected behavior).
In parameters.js
file you can see the code:
function buildSchema(parameterObjects) {
const schema = { query: {}, headers: {}, params: {}, cookies: {} };
parameterObjects.forEach(parameterObject => {
const location = parameterObject.in;
const name = location === "header"
? parameterObject.name.toLowerCase()
: parameterObject.name;
const parameterSchema = {
type: "object",
properties: {
[name]: parameterObject.schema,
},
};
if (parameterObject.required) {
parameterSchema.required = [name];
}
lodash_1.default.mergeWith(schema[parameterLocationToRequestField(location)], parameterSchema, concatArraysCustomizer);
});
return schema;
}
As I checked the if statement is responsible for this behavior. I did a quick test and when you comment out the condition the optional parameter will also be validated. Of course I assume this condition is there for a reason and solution for the problem will be more sophisticated.
//if (parameterObject.required) {
parameterSchema.required = [name];
//}
In my opinion the optional parameters should also be validated, as we don't want to accept anything sent with GET request. At least the other framework for validation express-openapi-validator
I used before verified that.
from express-openapi-validate.
Related Issues (20)
- Response validation always passed when the schema has circular/recursive $ref
- Not validating security or securitySchema objects HOT 1
- Teamwork HOT 6
- Schema composition breaks with additionalProperties: false HOT 6
- RangeError: Maximum call stack size exceeded HOT 2
- Doesen't support readOnly combination with required HOT 1
- match() should throw if no matching validator is found
- Response validation does not work properly for nullable arrays
- Warning on nodeJs console "schema $id ignored..." HOT 2
- Invalid request validation HOT 1
- The 0.6.0 update breaks support for the example keyword
- ajvOptions.unknownFormats options generates an error in the 0.6.0/0.6.1 update HOT 1
- Validating form data uploads fails
- Error: unknown format "uuid" ignored in schema at path "#/properties/params/properties/entity_uuid" HOT 1
- Unable to validate integer parameter in path HOT 1
- OpenApiValidator's match middleware causes memory leak in release 0.60 onward due to Ajv v7 changes
- oas with circular reference
- OpenApiValidator's match middleware doesn't parse path params
- ValidationError: Error while validating request: request should have required property '.headers'
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from express-openapi-validate.