External refs not captured in parameters for request validation

[sazazi]

For openapi-request-validator, if you pass parameters to the OpenAPIRequestValidator with external refs, and do not include that parameter in the request you're validating, there will be no errors which is not as expected.

e.g.

const validator = new OpenAPIRequestValidator({
    parameters: [
      {
        $ref: 'http://example.com/parameters/headers.yml#/parameters/xToken',
      }
  ]

where http://example.com/parameters/headers.yml#/parameters/xToken is:

 xToken:
    name: X-Token
    in: header
    description: Authentication token.
    schema:
      type: string
    required: true

Validating the request as:

validator.validateRequest({
  headers: {},
  body: {},
  params: {},
})

will still pass, despite the required header not being present. However, when you add the xToken header parameter directly as an argument, and then validate the request, it will fail as expected.

Is this something that has been missed?

[sazazi]

I have managed to by-pass this issue by fetching that external ref YAML file, parsing it as an object using js-yaml and finding the corresponding object by targeting the path after # in that URL. I then replace the ref parameter with the evaluated object that was targeted and pass that to the OpenAPIRequestValidator instead. This resolves the issue. I'm assuming this issue is because the external ref is pointing to a YAML file (even though this is in fact valid)?

However, it would still be best to throw an error when initialising the OpenAPIRequestValidator with an 'invalid' parameter, as in the above example, so as not to give the illusion that all parameters passed to the validator are valid and so that tests that you would expect to fail (but end up incorrectly passing) cannot even be executed in the first place until the parameter issue has been resolved.