Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validate path, query and request parameters separately #349

Merged
merged 2 commits into from
Jan 22, 2023
Merged

Validate path, query and request parameters separately #349

merged 2 commits into from
Jan 22, 2023

Conversation

quentindemetz
Copy link
Contributor

fixes #339
fixes #328

@quentindemetz
Don't merge all params before validating
3b77a83 
OpenAPI specifies 3 different types of parameters, let's validate them separately.
@quentindemetz
Copy link
Contributor Author

👋🏻

ota42y
ota42y reviewed Feb 21, 2022
View reviewed changes
Copy link
Member

@ota42y ota42y left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is very good code!!!!
But there was one point that needed to be investigated, so I'll merge after it's done.

test/middleware/request_validation_test.rb Outdated
@@ -435,7 +435,7 @@ def app
assert_equal 200, last_response.status
end

it "corce form params" do
it "coerce form params" do
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!!! 🙇

test/middleware/request_validation_open_api_3_test.rb
@@ -412,12 +412,12 @@ def app
get "/coerce_path_params/1"
end

it "corce string and save path hash" do
it "coerce string and save path hash" do
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!!!

lib/committee/schema_validator/open_api_3/operation_wrapper.rb
rescue => e
raise Committee::InvalidRequest.new(e.message, original_error: e)
end

def validate_path_and_query_params(path_params, query_params, headers, validator_option)
# it's currently impossible to validate path params and query params separately
# so we have to resort to this workaround
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

openapi_parser have validate_path_params method.
https://github.com/ota42y/openapi_parser/blob/f6a975791fc58b19d40498daeb88b80e01c70c16/lib/openapi_parser/request_operation.rb#L42
That should have made it compatible with separate validation... I'll do check that code 🙋

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

openapi_parser have validate_path_params but operation_wrapper doesn't delegate it so we can't use it.
Ok, this code is no problem 🙆‍♀️

lib/committee/schema_validator/open_api_3.rb
request.env[validator_option.params_key].merge!(Committee::Utils.deep_copy(request.env[validator_option.request_body_hash_key]))
request.env[validator_option.params_key].merge!(Committee::Utils.deep_copy(request.env[validator_option.query_hash_key]))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's very good to prioritize path, query, and body in that order, just like Rails.
But this is breaking changes so I add backward compatibility code for the users which want to old priority.
(This is memo. You do not need to fix it :) )

@JohannesLamberts
Copy link

@ota42y we are currently impacted by #328 as well and would be interested in a fix. Is it possible to support solving the issue / MR?

@Flixt Flixt mentioned this pull request Mar 31, 2022
Merged
@krutovgerman
Copy link

Hey people, would you accept this PR? We are waiting for it too. Pleaaaaseeeee!

@klefix
Copy link

klefix commented Nov 23, 2022

Hey, we are still affected by this issue and would not like to fork this repo just to get this merged.
Is there anything missing in this PR?

@gjtorikian gjtorikian mentioned this pull request Dec 6, 2022
Closed
@ota42y
Copy link
Member

ota42y commented Jan 22, 2023

Sorry for the very delay, thanks for the changes!

@ota42y ota42y merged commit 8b55b37 into interagent:master Jan 22, 2023
@ota42y
Copy link
Member

ota42y commented Jan 28, 2023

I released 5.0.0 with this changes!
https://rubygems.org/gems/committee/versions/5.0.0

@ota42y ota42y mentioned this pull request Jan 28, 2023
Closed
2 tasks
@ydah ydah mentioned this pull request Feb 13, 2024
Open
@geemus geemus mentioned this pull request Nov 8, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ota42y ota42y ota42y approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

support individual key for validation Support POST request with JSON body and query parameters
5 participants
@quentindemetz @JohannesLamberts @krutovgerman @klefix @ota42y