Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for multipart/form-data in the request body #2321

Merged
merged 24 commits into from
Jul 28, 2023
Merged

Support for multipart/form-data in the request body #2321

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
24 commits
Select commit Hold shift + click to select a range
f0f4fc0
add test for (currently failing) multipart form data POST requests --…
ilanashapiro Jun 30, 2023
a541db8
implement support for multipart/form-data requests with working test
ilanashapiro Jul 2, 2023
cbf87de
added tests to the test harness for multipart/form-data
ilanashapiro Jul 3, 2023
9baa519
delete commented out code
ilanashapiro Jul 3, 2023
84a6490
Parse multiform data passed with -F flag rather than --data flag
ilanashapiro Jul 11, 2023
55364bd
Parse multiform data passed with -F flag rather than --data flag
ilanashapiro Jul 11, 2023
51f6722
Merge branch 'stoplightio:master' into feature/multipart-form-data-va…
ilanashapiro Jul 11, 2023
c0410d0
resolve merge
ilanashapiro Jul 11, 2023
b954b44
add test files and cleanup whitespace
ilanashapiro Jul 11, 2023
57b53d9
delete tests not relevant to multipart form data
ilanashapiro Jul 11, 2023
fffddeb
resolve conflict in yarn.lock file
ilanashapiro Jul 11, 2023
b568f73
use npm package to parse boundary string and form data from multipart
ilanashapiro Jul 16, 2023
4a0a530
resolve yarn.lock conflict
ilanashapiro Jul 16, 2023
2c9f3a3
improve error message for missing boundary
ilanashapiro Jul 16, 2023
2466aff
add null checks for parsing boundary from content-type hea
ilanashapiro Jul 17, 2023
c81993f
handle whitespace in the other location media type and boundary strin…
ilanashapiro Jul 18, 2023
79dedc5
resolve merge conflict in yarn.lock
ilanashapiro Jul 23, 2023
53bfedd
parse MIME header with library, improve error handling/add tests for …
ilanashapiro Jul 24, 2023
e209c1b
attempt to resolve node install error on server by committing generat…
ilanashapiro Jul 24, 2023
fb50bc7
fix formatting
ilanashapiro Jul 25, 2023
8a6a229
condense verbose code block
ilanashapiro Jul 25, 2023
9818ba0
condense verbose code block
ilanashapiro Jul 25, 2023
362a79d
Merge branch 'feature/multipart-form-data-validation' of https://gith…
ilanashapiro Jul 25, 2023
b2df062
Merge branch 'master' into feature/multipart-form-data-validation
chohmann Jul 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
79 changes: 79 additions & 0 deletions packages/http-server/src/__tests__/body-params-validation.spec.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -718,6 +718,70 @@ describe('body params validation', () => {
tags: [],
security: [],
},
{
id: '?http-operation-id?',
method: 'post',
path: '/multipart-form-data-body-required',
responses: [
{
id: faker.random.word(),
code: '200',
headers: [],
contents: [
{
id: faker.random.word(),
mediaType: 'application/json',
schema: {
type: 'object',
properties: {
type: {
type: 'string',
},
},
},
examples: [
{
id: faker.random.word(),
key: 'test',
value: { type: 'foo' },
},
],
encodings: [],
},
],
},
],
servers: [],
request: {
body: {
id: faker.random.word(),
required: true,
contents: [
{
id: faker.random.word(),
mediaType: 'multipart/form-data',
schema: {
type: 'object',
properties: {
status: {
type: 'string'
},
},
$schema: 'http://json-schema.org/draft-07/schema#',
},
examples: [],
encodings: [],
},
],
},
headers: [],
query: [],
cookie: [],
path: [],
},
tags: [],
security: [],
},
]);
});

Expand Down Expand Up @@ -796,5 +860,20 @@ describe('body params validation', () => {
expect(response.status).toBe(200);
});
});

describe('valid multipart form data parameter provided', () => {
test('returns 422', async () => {
const response = await makeRequest('/multipart-form-data-body-required', {
method: 'POST',
body: new URLSearchParams({
status: 'new',
}).toString(),
headers: { 'content-type': 'multipart/form-data' },
});

expect(response.status).toBe(200);
chohmann marked this conversation as resolved.
Show resolved Hide resolved
await expect(response.json()).resolves.toMatchObject({ type: 'foo' });
});
});
});
});
3 changes: 1 addition & 2 deletions packages/http/src/mocker/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,8 +140,7 @@ function parseBodyIfUrlEncoded(request: IHttpRequest, resource: IHttpOperation)
const mediaType = caseless(request.headers || {}).get('content-type');
if (!mediaType) return request;

if (!is(mediaType, ['application/x-www-form-urlencoded'])) return request;

if (!is(mediaType, ['application/x-www-form-urlencoded', 'multipart/form-data'])) return request;
const specs = pipe(
O.fromNullable(resource.request),
O.chainNullableK(request => request.body),
Expand Down
2 changes: 1 addition & 1 deletion packages/http/src/validator/validators/body.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -150,7 +150,7 @@ export const validate: validateFn<unknown, IMediaTypeContent> = (target, specs,
({ contentResult: { content, mediaType: mt }, schema }) =>
pipe(
mt,
O.fromPredicate(mediaType => !!typeIs(mediaType, ['application/x-www-form-urlencoded'])),
O.fromPredicate(mediaType => !!typeIs(mediaType, ['application/x-www-form-urlencoded', 'multipart/form-data'])),
O.fold(
() => pipe(
validateAgainstSchema(target, schema, false, prefix, bundle),
Expand Down
28 changes: 28 additions & 0 deletions test-harness/specs/validate-body-params/multipart-allow-empty-value-2.oas2.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
====test====
If I have an operation with a parameter with the allowEmptyValue set to false to false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
If I have an operation with a parameter with the allowEmptyValue set to false to false
If I have an operation with a parameter with the allowEmptyValue set to false

and I send a request with a correcly encoded parameter but with an empty key
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
and I send a request with a correcly encoded parameter but with an empty key
and I send a request with a correctly encoded parameter but with an empty key

I should get a 422 error
====spec====
swagger: '2.0'
paths:
/path:
post:
consumes:
- multipart/form-data
responses:
200:
schema:
type: string
parameters:
- in: formData
type: string
name: id
allowEmptyValue: false
====server====
mock -p 4010 ${document}
====command====
curl -i -X POST http://localhost:4010/path -H "Content-Type: multipart/form-data" --data "id"
====expect====
HTTP/1.1 422 Unprocessable Entity

{"type":"https://stoplight.io/prism/errors#UNPROCESSABLE_ENTITY","title":"Invalid request","status":422,"detail":"Your request is not valid and no HTTP validation response was found in the spec, so Prism is generating this error for you.","validation":[{"location":["body","id"],"severity":"Error","code":"minLength","message":"Request body property id must NOT have fewer than 1 characters"}]}
30 changes: 30 additions & 0 deletions test-harness/specs/validate-body-params/multipart-allow-empty-value.oas2.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
====test====
If I have an operation with a parameter with the allowEmptyValue set to false to false
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
If I have an operation with a parameter with the allowEmptyValue set to false to false
If I have an operation with a parameter with the allowEmptyValue set to true

and I send a request with a correcly encoded parameter and with the parameter empty
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
and I send a request with a correcly encoded parameter and with the parameter empty
and I send a request with a correctly encoded parameter and with the parameter empty

I should get a 200 response
====spec====
swagger: '2.0'
paths:
/path:
post:
produces:
- text/plain
consumes:
- multipart/form-data
responses:
200:
schema:
type: string
parameters:
- in: formData
type: string
name: id
allowEmptyValue: true
====server====
mock -p 4010 ${document}
====command====
curl -i -X POST http://localhost:4010/path -H "Content-Type: multipart/form-data" --data "id"
====expect====
HTTP/1.1 200 OK

string
27 changes: 27 additions & 0 deletions test-harness/specs/validate-body-params/multipart-form-byte-format-fail.oas2.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
====test====
Set expected format of request body parameter to base64.
Test if it fails when not base64.
====spec====
swagger: '2.0'
paths:
/path:
post:
consumes:
- multipart/form-data
responses:
200:
schema:
type: string
parameters:
- in: formData
type: string
format: byte
name: id
====server====
mock -p 4010 ${document}
====command====
curl -i -X POST http://localhost:4010/path -H "Content-Type: multipart/form-data" --data-urlencode "id=%"
====expect====
HTTP/1.1 422 Unprocessable Entity

{"type":"https://stoplight.io/prism/errors#UNPROCESSABLE_ENTITY","title":"Invalid request","status":422,"detail":"Your request is not valid and no HTTP validation response was found in the spec, so Prism is generating this error for you.","validation":[{"location":["body","id"],"severity":"Error","code":"pattern","message":"Request body property id must match pattern \"^[\\w\\d+\\/=]*$\""},{"location":["body","id"],"severity":"Error","code":"format","message":"Request body property id must match format \"byte\""}]}
31 changes: 31 additions & 0 deletions test-harness/specs/validate-body-params/multipart-form-byte-format-ok.oas2.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
====test====
Set expected format of request body parameter to base64.
Test if it's OK when passed base64.
====spec====
swagger: '2.0'
paths:
/path:
post:
produces:
- text/plain
consumes:
- multipart/form-data
responses:
200:
schema:
type: string
example: abc
parameters:
- in: formData
type: string
format: byte
name: id
====server====
mock -p 4010 ${document}
====command====
curl -i -X POST http://localhost:4010/path -H "Content-Type: multipart/form-data" --data-urlencode "id=cmFuZG9tc3R1ZmY="
====expect====
HTTP/1.1 200 OK
content-type: text/plain

abc
34 changes: 34 additions & 0 deletions test-harness/specs/validate-body-params/multipart-form-data-allow-reserved-fail.oas3.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
====test====
Send reserved characters in body and expect to fail validation.
====spec====
openapi: '3.0.1'
paths:
/path:
post:
responses:
200:
content:
text/plain:
example: ok
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
reserved:
type: string
encoding:
reserved:
contentType: text/plain
allowReserved: false
style: form
====server====
mock -p 4010 ${document}
====command====
curl -i -X POST http://localhost:4010/path -H "Content-Type: multipart/form-data" --data "reserved=:/?#[]@!$&'()*+,;"
====expect====
HTTP/1.1 422 Unprocessable Entity
content-type: application/problem+json

{"type":"https://stoplight.io/prism/errors#UNPROCESSABLE_ENTITY","title":"Invalid request","status":422,"detail":"Your request is not valid and no HTTP validation response was found in the spec, so Prism is generating this error for you.","validation":[{"location":["body","reserved"],"severity":"Error","message":"Reserved characters used in request body"}]}
34 changes: 34 additions & 0 deletions test-harness/specs/validate-body-params/multipart-form-data-allow-reserved-ok.oas3.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
====test====
Send reserved characters in body and expect to pass validation.
====spec====
openapi: '3.0.1'
paths:
/path:
post:
responses:
200:
content:
text/plain:
example: ok
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
reserved:
type: string
encoding:
reserved:
contentType: text/plain
allowReserved: true
style: form
====server====
mock -p 4010 ${document}
====command====
curl -i -X POST http://localhost:4010/path -H "Content-Type: multipart/form-data" --data "reserved=:/?#[]@!$&'()*+,;"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For all of these curl requests you need to use -F instead of --data as that will actually pass form data as multipart.

====expect====
HTTP/1.1 200 OK
content-type: text/plain

ok
37 changes: 37 additions & 0 deletions test-harness/specs/validate-body-params/multipart-form-data-invalid-request.oas2.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
====test====
Given form data expected in request body
but invalid data sent then return 422
====spec====
swagger: '2.0'
paths:
/path:
post:
consumes:
- multipart/form-data
responses:
200:
schema:
type: string
parameters:
- in: formData
type: integer
name: id
required: true
minimum: 100
exclusiveMinimum: true
- in: formData
type: string
name: status
required: true
enum:
- open
- close
====server====
mock -p 4010 ${document}
====command====
curl -i -X POST http://localhost:4010/path -H "Content-Type: multipart/form-data" --data "id=100&status=open"
====expect====
HTTP/1.1 422 Unprocessable Entity
content-type: application/problem+json

{"type":"https://stoplight.io/prism/errors#UNPROCESSABLE_ENTITY","title":"Invalid request","status":422,"detail":"Your request is not valid and no HTTP validation response was found in the spec, so Prism is generating this error for you.","validation":[{"location":["body","id"],"severity":"Error","code":"exclusiveMinimum","message":"Request body property id must be > 100"}]}
40 changes: 40 additions & 0 deletions test-harness/specs/validate-body-params/multipart-form-data-invalid-request.oas3.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
====test====
Test sending form data with a missing property and invalid string.
Expect to get validation errors in return.
====spec====
openapi: '3.0.1'
paths:
/path:
post:
responses:
200:
content:
text/plain:
example: ok
requestBody:
content:
multipart/form-data:
schema:
type: object
properties:
id:
type: integer
minimum: 100
exclusiveMinimum: true
status:
type: string
enum:
- open
- close
required:
- id
- status
====server====
mock -p 4010 ${document}
====command====
curl -i -X POST http://localhost:4010/path -H "Content-Type: multipart/form-data" --data "id=100&status=open"
====expect====
HTTP/1.1 422 Unprocessable Entity
content-type: application/problem+json

{"type":"https://stoplight.io/prism/errors#UNPROCESSABLE_ENTITY","title":"Invalid request","status":422,"detail":"Your request is not valid and no HTTP validation response was found in the spec, so Prism is generating this error for you.","validation":[{"location":["body","id"],"severity":"Error","code":"exclusiveMinimum","message":"Request body property id must be > 100"}]}
Loading