search

cebe / php-openapi

Read and write OpenAPI yaml/json files and make the content accessible in PHP objects.
MIT License
464 stars 87 forks source link

References to incorrect components should be considered invalid #171

Open charjr opened 1 year ago

charjr commented 1 year ago

Expected

Referencing a component that does not meet the criteria an object requires should be considered invalid.

Example

A Response object referencing a component that does not contain a "description" should be considered invalid.

image

Reasoning

"description" is a REQUIRED property for a Response object.

Actual

Referencing a component that does not meet the criteria an object requires is considered valid.

Example

$api = Reader::readFromJson(<<<JSON
{
  "openapi": "3.0.0",
  "info": {
    "title": "Test API",
    "version": "1.0.0"
  },
  "paths": {
    "/path": {
      "get": {
        "responses": {
          "200": {
            "\$ref": "#/components/schemas/notAResponse"
          }
        }
      }
    }
  },
  "components": {
    "schemas": {
      "notAResponse": {
        "type": "integer"
      }
    }
  }
}
JSON);

var_dump($api->validate()); // bool(true)
SOHELAHMED7 commented 1 year ago

Concrete validation of entire OpenAPI spec doc is work in progress.

In above case validate of paths of OpenAPI is considered.

However if you want to validate schema you can see solution at https://github.com/thephpleague/openapi-psr7-validator#standalone-openapi-validator

You can get all schema as:

        $spec = \cebe\openapi\Reader::readFromYaml(...yaml...);

        // var_dump($spec->components->schemas); 

        foreach ($spec->components->schemas as ...) {