search

kogosoftwarellc / open-api

A Monorepo of various packages to power OpenAPI in node
MIT License
892 stars 235 forks source link

Bug with readOnly and required fields #717

Closed artclark42 closed 3 years ago

artclark42 commented 3 years ago

Hello, I noticed a bug where if you have a required field and a read only field, the required field will not be validated against.

As a sample 

 schemas: {
      Test1: {
        type: 'object',
        properties: {
          foo: {
            type: 'string',
            readOnly: true,
          },
          bar: {
            type: 'string',
          },
        },
        required: ['bar'],
      },
    },

In this example, if I make a request without bar, the validation will pass without throwing an error. After doing some digging into the validator, it looks like in order to find the readOnly field in "required", the indexOf function is used with the read only property key. When this fails, it returns a -1. Since the readOnly field is not in the required list, the splice index gets set to -1. It looks like it doesn't check if this passes and just splices out whatever required field is at the -1th position, which is the last (and first in this case) property.

I can issue a PR for this fix if that's okay.

Thanks!

chadxz commented 3 years ago

Hi @artclark42, welcome to GitHub! If you've already done all this work to determine the cause of the problem you are experiencing, it does make sense to submit a PR to fix it.