OpenAPI 'oneOf' in parameter not validating correctly

[j-waters]

• JSON::Validator version: 4.21
• Perl version: 5.26.3
• Operating system: Centos 8

Steps to reproduce the behavior

My OpenAPIv3 has an endpoint with the following parameter:

"parameters": [
          {
            "in": "query",
            "name": "email",
            "required": true,
            "schema": {
              "oneOf": [
                {
                  "type": "string",
                  "format": "email"
                },
                {
                  "type": "array",
                  "items": {
                    "type": "string",
                    "format": "email"
                  }
                }
              ]
            },
            "description": "...",
            "example": "example@email.com"
          }
]

Expected behavior

This is a valid OpenAPIv3 spec, so it should be validated without any errors

Actual behavior

Upon validating an incoming request to http://localhost/PATH?&email=test@email.com, I get the following error:

/email: /oneOf Expected string/array - got object

It seems that _coerce_parameter_format is turning the property value into

{
  'name' => 'email',
  'in' => 'query',
  'exists' => 1,
  'value' => {
               'test@email.com' => undef
             }
}

Which explains why it complains that we're providing an object when instead we're providing a string.

Changing the spec so it's just

"oneOf": [
{
  "type": "string",
  "format": "email"
}
]

Doesn't help, it just changes the error to /email: /oneOf Expected string - got object

[jhthorsen]

I think you should use "style" and "explode" instead of oneOf.

https://github.com/jhthorsen/json-validator/blob/master/t/openapiv3-style-explode.t https://swagger.io/specification/#parameter-object

[jhthorsen]

Also if I am wrong, please check if you get any errors in the v5_oh branch: https://github.com/jhthorsen/json-validator/pull/251