Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

$this->withoutRequestValidation(); does not validate Response #10

Open
Marre-86 opened this issue May 5, 2023 · 3 comments
Open

$this->withoutRequestValidation(); does not validate Response #10

Marre-86 opened this issue May 5, 2023 · 3 comments

Comments

@Marre-86
Copy link

Marre-86 commented May 5, 2023

Tried it many times, and very much sure that indeed it doesn't.

Don't really know, which proofs to attach.

Just please take another look and check it out.
@luisdalmolin
Copy link
Member

@Marre-86 Can you post some example into how you are using this? Some code blocks, which versions you are running, etc.

@joelclermont
Copy link

I've been trying out this library and I've run into the same issue. I have a test that asserts a 400 response when an unsupported language is provided in the header. Because it's an invalid request, I need to add withoutRequestValidation but I'd like it to still validate the response conforms to the spec.

Here's a very simple test case:

    public function testIndexRequiresLanguage(): void
    {
        $user = User::factory()->create();
        $hub = Hub::factory()->for($user->tenant)->create();

        $response = $this
            ->withoutRequestValidation()
            ->prepareRequestFor($user, $hub)
            ->withHeader('accept-language', 'invalid-language')
            ->getJson(route('tenant-configs.index'));

        $response->assertBadRequest();
    }

If I remove 400 from the list of possible responses in the spec, I still have a passing test. I would expect this to fail.

I believe the issue is found here: https://github.com/kirschbaum-development/laravel-openapi-validator/blob/main/src/ValidatesOpenApiSpec.php#L98

When request validation is skipped, $address will be set to null, which then makes it skip response validation.

@joelclermont
Copy link

If it's helpful, here's a workaround we're using for now. We basically create our own extension of the trait which adds some custom behavior if request validation is being skipped. With this approach, we're still getting response validation.

<?php

 declare(strict_types=1);



 namespace Tests\Concerns;

 use League\OpenAPIValidation\PSR7\OperationAddress;
 use League\OpenAPIValidation\PSR7\PathFinder;
 use Symfony\Component\HttpFoundation\Request as SymfonyRequest;
 use Tests\Exceptions\OpenAPIRequestValidationFailure;

 trait ValidatesOpenApiSpec
 {
     use \Kirschbaum\OpenApiValidator\ValidatesOpenApiSpec { validateRequest as parentValidateRequest; }

     protected function validateRequest(SymfonyRequest $request): OperationAddress
     {
         if (!$this->skipRequestValidation) {
             return $this->parentValidateRequest($request);
         }

         $schema = $this->getOpenApiValidatorBuilder()->getRequestValidator()->getSchema();
         $authenticatedRequest = $this->getAuthenticatedRequest($request);
         $request = $this->getPsr7Factory()->createRequest($authenticatedRequest);

         $pathFinder = new PathFinder($schema, (string) $request->getUri(), $request->getMethod());
         $found = $pathFinder->search();
         if (empty($found) || count($found) > 1) {
             OpenAPIRequestValidationFailure::fromRequest($request);
         }

         return $found[0];
     }
 }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@joelclermont @luisdalmolin @Marre-86