Fixes #1020, OAS3 false positive for extra form param (#1124)

When using an OAS3 spec with formdata, the validation logic looks
for the key 'formData' in the spec parameters list. This keys is
specific to OAS2, and will never be present, causing any form data to
throw an ExtraParameterProblem.

Author: dtkav

connexion/decorators/validation.py

@@ -302,7 +302,11 @@ def validate_query_parameter_list(self, request):
 
     def validate_formdata_parameter_list(self, request):
         request_params = request.form.keys()
-        spec_params = [x['name'] for x in self.parameters.get('formData', [])]
+        try:
+            spec_params = [x['name'] for x in self.parameters['formData']]
+        except KeyError:
+            # OAS 3
+            return set()
         return validate_parameter_list(request_params, spec_params)
 
     def validate_query_parameter(self, param, request):

tests/api/test_parameters.py

@@ -117,6 +117,16 @@ def test_strict_extra_query_param(strict_app):
     assert response['detail'] == "Extra query parameter(s) extra_parameter not in spec"
 
 
+def test_strict_formdata_param(strict_app):
+    app_client = strict_app.app.test_client()
+    headers = {'Content-type': 'application/x-www-form-urlencoded'}
+    url = '/v1.0/test_array_csv_form_param'
+    resp = app_client.post(url, headers=headers, data={"items":"mango"})
+    response = json.loads(resp.data.decode('utf-8', 'replace'))
+    assert response == ['mango']
+    assert resp.status_code == 200
+
+
 def test_path_parameter_someint(simple_app):
     app_client = simple_app.app.test_client()
     resp = app_client.get('/v1.0/test-int-path/123')  # type: flask.Response