stoplightio / prism

Turn any OpenAPI2/3 and Postman Collection file into an API server with mocking, transformations and validations.
https://stoplight.io/open-source/prism
Apache License 2.0
4.3k stars 344 forks source link

exclusiveMinimum and exclusiveMaximum JSON spec not respected in mocked response #2082

Open micaelmalta opened 2 years ago

micaelmalta commented 2 years ago

Context

JSON spec not respected for exclusiveMinimum and exclusiveMaximum

On Json API spec (https://json-schema.org/draft/2020-12/json-schema-validation.html#name-validation-keywords-for-num) , it says

The value of "exclusiveMaximum" MUST be a number, representing an exclusive upper limit for a numeric instance.
If the instance is a number, then the instance is valid only if it has a value strictly less than (not equal to) "exclusiveMaximum".

The value of "exclusiveMinimum" MUST be a number, representing an exclusive lower limit for a numeric instance.
If the instance is a number, then the instance is valid only if it has a value strictly greater than (not equal to) "exclusiveMinimum".

How to reproduce

**openapi.json**

openapi: 3.0.0
paths:
  '/pet/{petId}':
    get:
      summary: Find pet by ID
      description: Returns a single pet
      operationId: getPetById
      parameters:
        - name: petId
          in: path
          description: ID of pet to return
          required: true
          schema:
            type: integer
            format: int64
      responses:
        '200':
          description: successful operation
          content:
            application/json:
              schema:
                type: object
                properties:
                  age:
                    type: integer
                    exclusiveMinimum: 1
                    exclusiveMaximum: 100
                required:
                  - age
> prism mock -m -d openapi.json

Current Response

Age is either negative or not in the range

{
    "age": -40273077
}

Expected Response

Only positive values in the range 1 < value < 100

{
    "age": 10
}

Environment

prism == 4.10.1 node == v17.7.2

vanam commented 2 years ago

The problem is that BC change regarding exclusiveMinimum/exclusiveMaximum was introduced in OpenAPI 3.1

https://github.com/OAI/OpenAPI-Specification/releases/tag/3.1.0-rc0

exclusiveMaximum and exclusiveMinimum cannot accept boolean values (following JSON Schema).

https://www.openapis.org/blog/2021/02/16/migrating-from-openapi-3-0-to-3-1-0

# OpenAPI v3.0
minimum: 7
exclusiveMinimum: true

# OpenAPI v3.1
exclusiveMinimum: 7
ryotrellim commented 1 year ago

While the original example lacked the necessary (for OAS3.0) minimum and maximum values, I can confirm that the problem persists even with these values.

prism_mock_-m_-d_prism2082_yaml troy_Troys-MacBook-Pro__

prism2082.yaml.txt