Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Connexion incompatible with openapi-spec-validator==0.3.0 #1343

Closed
guneemwelloeux opened this issue Mar 1, 2021 · 2 comments · Fixed by #1374
Closed

Connexion incompatible with openapi-spec-validator==0.3.0 #1343

guneemwelloeux opened this issue Mar 1, 2021 · 2 comments · Fixed by #1374

Comments

@guneemwelloeux
Copy link

Description

Connexion is incompatible with the latest version of the openapi-spec-validator (0.3.0 minimum).
This line: https://github.com/zalando/connexion/blob/1ed14fbde5be3d144760fec4982e90064f151e88/connexion/decorators/validation.py#L169
forces users to define a formData type parameters for each one of the attributes in the form data body (multipart/form-data content type).
This is not allowed by the spec, and as a result, an error is raised by 'openapi-spec-validator==0.3.0' upon starting the flask app.
Removal of the incorrect parameters lead to validation errors on request in Connexion (in strict mode), because connexion requires the parameters to be specified incorrectly in the spec file.

Expected behaviour

With no formData parameters present in the spec, no error should be raised upon validating an incoming request with form data payload.

Actual behaviour

With no formData parameters in the spec, an error is received upon validating incoming requests in strict mode:
Extra formData parameter(s) user_id not in spec, with status code 400

Steps to reproduce

Install connexion==2.4.0
Using the following spec:

---                                                     
openapi: 3.0.0                                          
info:                                                   
  title: Premium API                                    
  version: 1.0.0                                        
paths:                                                  
  /{profile_id}/attachments:                            
    post:                                               
      description: Upload attachment to profile         
      operationId: some operation                       
      parameters:                                       
       - $ref: '#/components/parameters/ProfileIDParam' 
       - $ref: '#/components/parameters/UserIDParam'    
      requestBody:                                      
        required: true                                  
        content:                                        
          multipart/form-data:                          
            schema:                                     
              type: object                              
              properties:                               
                user_id:                                
                  type: string                          
                file:                                   
                  type: string                          
                  format: binary                        
      responses:                                        
        200:                                            
          description: OK                               
schemas:                                                
  UserIDParam:                                          
    name: user_id                                       
    in: formData                                        
    required: false                                     
    description: userid                                 
    schema:                                             
      type: string                                      
                                                        
  ProfileIDParam:                                       
    name: profile_id                                    
    in: path                                            
    description: ID                                     
    required: true                                      
    schema:                                             
      type: string

Start the server, and observe the error (from openapi-spec-validator) that states that UserIdParam does not validate (1in: formData1 is incorrect in the standard.
Then remove the UserIDParam parameter, start the server again, and try calling the api endpoint. With strict validation, you will get a 400 error saying that the formData parameter is missing.

Additional info:

Output of the commands:

  • python --version 3.7.9
  • pip show connexion | grep "^Version\:" 2.4.0
@briankinney
Copy link

Other users of openapi-spec-validator have had issues with its 0.3.0 release.

python-openapi/openapi-spec-validator#113

I recommend simply limiting the dependency to the latest compatible release until there is a new compatible openapi-spec-validator release.

@briankinney briankinney mentioned this issue Mar 6, 2021
Closed
@tuomastik
Copy link

This issue should be of high priority because it is now silently breaking many APIs without developers making any changes to their Connexion-specific code.

This was referenced Apr 27, 2021
Merged
Merged
@RobbeSneyders RobbeSneyders mentioned this issue Jun 28, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@guneemwelloeux @tuomastik @briankinney