search

Redocly / redoc

📘 OpenAPI/Swagger-generated API Reference Documentation
https://redocly.github.io/redoc/
MIT License
23.63k stars 2.3k forks source link

Schema properties declared with `oneOf` ignore the `readonly` flag on request samples #2574

Open renke0 opened 2 months ago

renke0 commented 2 months ago

Describe the bug

I have a component schema (Body) with a property (prop2) that should be readonly and its value can be either a number or an enum key. I declared it with oneOf to accomplish the desired result, and the property is correctly hidden when I check the Request Body Schema in the preview doc. Unfortunately, the same is not true for the generated sample request in the sidebar.

To Reproduce Steps to reproduce the behavior:

  1. Given this redocly.yaml file None

  2. And this OpenAPI file(s)

    openapi: 3.1.0
info:
title: Test
version: 1.0.0
paths:
/test:
post:
  requestBody:
    content:
      application/json:
        schema:
          $ref: '#/components/schemas/Body'
  responses:
    '200':
      description: OK
components:
schemas:
Body:
  type: object
  properties:
    prop1:
      type: string
    prop2:
      readOnly: true
      oneOf:
        - $ref: '#/components/schemas/Enum'
        - type: number
Enum:
  type: string
  enum:
    - value1
    - value2

  3. Run this command with these arguments... redocly ...

    redocly preview-docs openapi.yaml

  4. See error The generated request sample payload contains the field that should be readonly

    {
"prop1": "string",
"prop2": "value1"
}

Expected behavior The prop2 field should be omitted, in the same fashion it is in the Request Body Schema definition.

{
  "prop1": "string"
}

Logs -

OpenAPI description -

Redocly Version(s)

1.19.0

Node.js Version(s)

v20.13.1

Additional context -

AlexVarchuk commented 2 months ago

hi @renke0, thank you for the issue. According to OpenAPI 3.1 specification, you should avoid using requestBody inside the get operation. Otherwise, if you put in inside parameters, or response it works well. Is it necessary to use requestBody inside the GET request in your case?

renke0 commented 2 months ago

Hi @AlexVarchuk. You are correct, and the spec has a GET operation only because it was generated by default by the IDE and I forgot to change it while writing the example. Changing it to POST (or any other verb that should support request bodies) has the same effect.

Edit: I updated the issue description to use POST instead.

handrews commented 1 month ago

@renke0 Hi- I'm dropping in from the OpenAPI project and do not speak on behalf of Redocly :-)

In 3.1, readOnly fields are not intended to be stripped, in part because JSON Schema draft 2020-12 makes it clear that servers can decide to ignore readOnly fields (for example if the value hasn't been changed, or its a server-generated field like a timestamp), and also in part because locating readOnly: true fields an in instance when the schema is complex is not trivial. This was mentioned in the 3.1-rc0 blog post but wasn't really highlighted otherwise. We've fixed that in OAS 3.1.1, which is entering the final review/approval period for publication (clarifications only, no changes, although some clarifications like this one may seem surprising).