ResponseValidator: No failure in case of not specified reponse body

eclipse-vertx / vertx-openapi

OpenAPI repository

Other

10 stars 7 forks source link

ResponseValidator: No failure in case of not specified reponse body #17

Open dprincethg opened 1 year ago

dprincethg commented 1 year ago

When the openAPI contract does not define a Operation Reponse body:

"responses": { "200": { "description": "Successful hello message" },

But the ValidatableResponse contains a response body, the validation passes successfully instead of Failing.

A Test Sample:

    OpenAPIContract contract = getContract();
   ResponseValidator validator = ResponseValidator.create(vertx, contract);

    JsonObject cat = new JsonObject().put("name", "foo");
    ValidatableResponse response =
            ValidatableResponse.create(200, cat.toBuffer(), "application/json");
    validator.validate(response, "operationWithResponseNoBody")
             .onSuccess(vr -> logger.info("Validation Success"))
             .onFailure(t -> logger.error("Validation Failure: ", t));

Output: "Validation Success"

pk-work commented 1 year ago

Please have a look into the outcome of the validate step. Your ValidatedResponse does not contain a body.

dprincethg commented 1 year ago

Please have a look into the outcome of the validate step. Your ValidatedResponse does not contain a body.

OK, thanks for this "workaround". But I would prefer that the validation failed directly.

pk-work commented 1 year ago

In my opinion this is not a workaround this is the expected behavior. Because it is possible to create a valid response (ValidatedResponse) from the given input (ValidatableResponse). In case a body would be required and the ValidatableResponse don't have a body, then a ValidatorException is thrown, because the Validator can't validate the body. But if the body is not required, the validator don't validate the body at all. The validator simply ignores the body.

At least this is my understanding of the OpenAPI spec. Maybe I'm wrong, so if you can give me a link which describes your desired behavior, we can fix it.

If you want to enforce an empty body, please have a look here https://community.smartbear.com/t5/Swagger-Open-Source-Tools/OAS-3-0-3-request-schema-for-an-empty-JSON-body/td-p/212245

dprincethg commented 1 year ago

I understand your point: the response content cannot be validated against a schema that does not exist.

However, If the schema is not provided (no content in Response Object, I think it means that there shall have no content. And then , when the ValidatableResponse contains a content, the validation shall failed.

responses: '204': description: Successful operation '400':

The "nullable" solution you propose is an optional behavior, but it is not mandating never content. (like for http status code: 204 case).

This Swagger page explains: Some responses, such as 204 No Content, have no body. To indicate the response body is empty, do not specify a schema for the response. Swagger treats no schema as a response without a body.

responses: 204: description: The resource was deleted successfully.

pk-work commented 1 year ago

Thanks for your link, this is very interesting. But it is from Swagger 2.0 so I don't know if this is also valid for OpenAPI 3.x. I will ask some colleagues who are working on the OpenAPI Specification, whats the intended behavior and then come back.