search

postmanlabs / postman-app-support

Postman is an API platform for building and using APIs. Postman simplifies each step of the API lifecycle and streamlines collaboration so you can create better APIs—faster.
https://www.postman.com
5.78k stars 837 forks source link

OpenAPI 3.0 readOnly fields show up in request body #12255

Open jules27 opened 10 months ago

jules27 commented 10 months ago

Is there an existing issue for this?

Describe the Issue

I have a YAML file that contains definitions of schemas and endpoints for OpenAPI version 3.0.2. When I import the YAML file into Postman as a Collection, I see the request body contain parameters that are marked as readOnly (and thus should not be sent as part of the request).

Steps To Reproduce

  1. Create a YAML file for OpenAPI version 3.0.2.
  2. In the YAML file, define a POST endpoint that has its requestBody pointing to a schema.
  3. Define a schema containing properties, some marked as readOnly and some not.
  4. Import the YAML file into a Postman Collection.
  5. Navigate to the API endpoint within the Collection that was just imported.
  6. Click on the Body tab.
  7. Observe that the request body contains readOnly attributes.

Screenshots or Videos

This is the YAML file I created and imported into my Postman Collection:

openapi: "3.0.2"
info:
  version: '1'
  title: Minimal Test API
  description: Test API

components:
  schemas:
    CustomId:
      type: string
      minLength: 12
      maxLength: 12
      pattern: '[A-Z0-9]{12}'
      example: SOMEID
      readOnly: true

    OrderBase:
      type: object
      description: An order
      properties:
        some_text:
          type: string
          description: |
            Text
          example: 'Text-for-This-Order'

        amount:
          type: integer
          description: Amount
          example: 5

        campaign_id:
          allOf:
            - $ref: '#/components/schemas/CustomId'
            - description: |
                ID of the campaign
          example: CAMPAIGNID

        created_at:
          type: string
          format: date-time
          description: Date the order was created
          readOnly: true

      required:
        - created_at
        - amount

paths:
  /orders:
    post:
      summary: Create order
      description: Create an order
      requestBody:
        required: true
        description: Order to create
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/OrderBase'
      responses:
        '200':
          description: Created order

This is what I see in the request body tab on Postman:

image

Text version of the screenshot:

{
  "created_at": "<dateTime>",
  "amount": "<integer>",
  "some_text": "<string>",
  "campaign_id": "7N8L9F6MWMC1"
}

Note that in the request body, created_at and campaign_id are marked as readOnly in the YAML file and shouldn't be sent as part of the request.

Operating System

macOS

Postman Version

10.17.2

Postman Platform

Both

User Account Type

Signed In User

Additional Context?

I tested the YAML file in the Swagger Editor, which does exclude the readOnly fields in the request body:

image image

Text version of the screenshot above:

{
  "some_text": "Text-for-This-Order",
  "amount": 5
}
kurko commented 4 months ago

Any update on this one, @postman-staff? Is it on the roadmap? I also have this problem.

mironbalcerzak commented 4 months ago

bump @postman-staff

sergei-ft commented 4 months ago

Same problem with writeOnly properties.

denisebiscaro commented 3 months ago

up @postman-staff

Same issues here.

juhachmann commented 3 months ago

up @postman-staff I'm also facing the same issue. Swagger UI correctly interprets readOnly schema properties in OpenApi definitions, but Postman does not.