Open renke0 opened 10 months ago
Describe the bug The request validator mistakenly makes a requestBody property required, even if it is marked as readonly. This is achievable by using inheritance with allOf.
readonly
allOf
To Reproduce Given the spec:
openapi: 3.0.1 info: version: 1.0.0 title: test paths: /cars: post: requestBody: content: "application/json": schema: $ref: "#/components/schemas/Car" responses: 200: description: OK components: schemas: Car: type: object required: - id - name allOf: - $ref: "#/components/schemas/CarPartial" CarPartial: type: object properties: id: type: string readOnly: true name: type: string
With validateRequests: true in the middleware configuration, and by posting a request to the path with this request body:
validateRequests: true
{ "name": "Opel Corsa" }
Will result in a validation error with the following message: request/body must have required property 'id'
request/body must have required property 'id'
Actual behavior A validation error will be thrown, indicating the id field marked as readonly is required in the request body.
Expected behavior The request should be considered valid and no errors should be thrown.
Examples and context Refer to the snippet above.
Describe the bug The request validator mistakenly makes a requestBody property required, even if it is marked as
readonly. This is achievable by using inheritance withallOf.To Reproduce Given the spec:
With
validateRequests: truein the middleware configuration, and by posting a request to the path with this request body:Will result in a validation error with the following message:
request/body must have required property 'id'Actual behavior A validation error will be thrown, indicating the id field marked as
readonlyis required in the request body.Expected behavior The request should be considered valid and no errors should be thrown.
Examples and context Refer to the snippet above.