search

danielgtaylor / apisprout

Lightweight, blazing fast, cross-platform OpenAPI 3 mock server with validation
MIT License
697 stars 74 forks source link

Use defined 400 response object when request validation fails #59

Open quartin opened 4 years ago

quartin commented 4 years ago

Hi,

When setting up the requestBody validation, is there any way to return the defined 400 response object instead of the text/plain with the json validation info? In the following example:

---
openapi: 3.0.0
info:
  version: 1.0.0
  title: Mock API
servers:
  - url: http://localhost:19999
paths:
  "/api/3.1/login/":
    post:
      description: Request access token
      operationId: login using client id & secret
      produces:
        - "application/json"
      requestBody:
        description: Client id and secret
        required: true
        content:
          application/json:
            schema:
              type: object
              properties:
                client_id:
                  description: The ID of the client
                  type: string
                  enum:
                    - my_client_id
                client_secret:
                  description: Client secret
                  type: string
                  enum:
                    - very_secret_secret
              required:
                - client_id
                - client_secret
              additionalProperties: false
      responses:
        200:
          description: "/login response"
          content:
            application/json:
              example:
                access_token: '1234567890'
                token_type: doggie
                expires_in: 1000
        400:
          description: "Bad Request. Invalid client ID/secret"
          content:
            application/json:
              example:
                message: "Blablabla, bad request"
                documentation_url: "http://blabla.com"

I get the expected 200 OK with: 

curl -X POST -H 'Content-Type:application/json' -H 'Accept-Type:application/json' -i http://localhost:19999/api/3.1/login/ \
-d '{"client_id":"my_client_id", "client_secret": "very_secret_secret"}'

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Type: application/json
Date: Sun, 22 Dec 2019 21:58:25 GMT
Content-Length: 82

{
  "access_token": "1234567890",
  "expires_in": 1000,
  "token_type": "doggie"
}%

But with a different client_secret other than the one defined in the schema enum I get: 

curl -X POST -H 'Content-Type:application/json' -H 'Accept-Type:application/json' -i http://localhost:19999/api/3.1/login/ \ 
-d '{"client_id":"my_client_id", "client_secret": "invalid_secret"}'

HTTP/1.1 400 Bad Request
Access-Control-Allow-Origin: *
Date: Sun, 22 Dec 2019 21:58:47 GMT
Content-Length: 271
Content-Type: text/plain; charset=utf-8

Request body has an error: doesn't input the schema: Error at "/client_secret":JSON value is not one of the allowed values
Schema:
  {
    "description": "Client secret",
    "enum": [
      "very_secret_secret"
    ],
    "type": "string"
  }

Value:
  "invalid_secret"

while what I would really like was the object I defined, i.e.:

{
  "message": "Blablabla, bad request",
  "documentation_url": "http://blabla.com"
}

Do you have any idea how I could achieve this? Thank you.