search

Yelp / swagger_spec_validator

Other
104 stars 71 forks source link

validation failed on "in: cookie" parameter type #141

Closed phoebey01 closed 4 years ago

phoebey01 commented 4 years ago

I got a validation error when validating my spec:

/metrics/page-view:
post:
  tags:
  - "Metrics API"
  operationId: "recordPageViewMetric"
  consumes:
  - "application/json"
  parameters:
  - in: "body"
    name: "body"
    required: false
    schema:
      $ref: "#/definitions/PageViewMetric"
  - name: "session"
    in: "cookie"
    required: false
    type: "string"
  responses:
    default:
      description: "successful operation"

The error complains that the parameter "session" is invalid. swagger_spec_validator.common.SwaggerValidationError: ("{'name': 'session', 'in': 'cookie', 'required': False, 'type': 'string'} is not valid under any of the given schemas\n\nFailed validating 'oneOf' in schema['properties']['paths']['patternProperties']['^/']['properties']['post']['properties']['parameters']['items']:\n {'oneOf': [{'$ref': '#/definitions/parameter'},\n {'$ref': '#/definitions/jsonReference'}]}\n\nOn instance['paths']['/metrics/page-view']['post']['parameters'][1]:\n {'in': 'cookie', 'name': 'session', 'required': False, 'type': 'string'}", <ValidationError: "{'name': 'session', 'in': 'cookie', 'required': False, 'type': 'string'} is not valid under any of the given schemas">)

Can someone help with this? Thanks.

macisamuele commented 4 years ago

@yyang08 according to the Swagger 2.0 specifications do define "query", "header", "path", "formData" or "body" as valid values for the in attribue. As cookie is not in them then validation error is correct.

By definition a cookie is an header, named Cookie, of the http request. So something like

name: Cookie
in: header
required: false
type: string

but it still would not provide your objective (the cookie contains a field named session and it's value is a string)

As the cookie is an header, it as whole will be a string, but you'll need to be looking for something like (^|; )session=.* and you can do it via regex.

name: Cookie
in: header
required: false
schema:
    type: string
    pattern: (^|; )session=.*

Something worth noticing here is that this is more on the side of manual parsing and it might be error prone (as you need to ensure that the cookie has not expired, that can be used in the specific request context, etc.). Said so I would rather delegate to the web-framework to deal with the actual cookie validation and mention on the specs that we might expect the Cookie header.

I hope that this helps you. I'm going to close this, but feel free to reopen it if you think that this has not addressed your issue.

phoebey01 commented 4 years ago

thanks for explaining!