search

stoplightio / prism

Turn any OpenAPI2/3 and Postman Collection file into an API server with mocking, transformations and validations.
https://stoplight.io/open-source/prism
Apache License 2.0
4.25k stars 345 forks source link

Missing response validation #2534

Closed JumpHoysteria closed 4 months ago

JumpHoysteria commented 4 months ago

This is my OAS2.0-YAML:

swagger: '2.0'
info:
  title: AD Common 
  version: '0.1'
  description: Description

host: 'test.domain.com:56683' 
schemes: 
  - http

paths: 
  /roles: 
    get:
      summary: Retrieves roles for authenticated user
      security:
        - BasicAuth: []
      responses:
        '200':
          description: Available roles for authenticated user
          schema:
            type: array
            items:
              type: integer

Then I start the proxy:

User> prism proxy "C:\path\to\proxyCheck.yaml" test.domain.com:56683/api/v2 --errors
$ [17:25:27] » [CLI] ...  awaiting  Starting Prism…
$ [17:25:27] » [CLI] i  info      GET        http://127.0.0.1:4010/roles
$ [17:25:27] » [CLI] ►  start     Prism is listening on http://127.0.0.1:4010

Then, in a separate shell I put:

User>curl -iL "http://127.0.0.1:4010/roles" -H "Authorization: Basic validToken"
$ HTTP/1.1 200 OK
$ Access-Control-Allow-Origin: *
$ Access-Control-Allow-Headers: *
$ Access-Control-Allow-Credentials: true
$ Access-Control-Expose-Headers: *
$ date: Mon, 27 May 2024 15:29:27 GMT
$ server: Apache
$ cache-control: no-cache
$ expires: Thu, 29 Oct 1998 17:04:19 GMT
$ pragma: no-cache
$ Content-Length: 39
$ content-type: application/json; charset=utf-8
$ Connection: keep-alive
$ Keep-Alive: timeout=5

$ ["%All","CommunityAdmin","SystemAdmin"]

The important thing here (at least my interpretation) there are headers returned along with an array of strings...

Current Behavior

According to the scheme, this should throw a validation error, since it expects an array of integers but receives one with strings ["%All","CommunityAdmin","SystemAdmin"]. However, nothing shows up in the proxy shell:

[17:29:26] »     [PROXY] i  info      > Forwarding "get" request to http://test.bint.ch:56683/api/v2/roles...
[17:29:26] »     [PROXY] i  info      The upstream call to /roles has returned 200
[17:29:26] »     [PROXY] i  info      < Received forward response

Expected Behavior

I would like something along the lines of [17:06:03] » [VALIDATOR] ‼ warning Violation: Message

Possible Workaround/Solution

I've looked into -v=trace, which made me realise that there aren't any headers as per prism, so it might be a parsing issue?

[17:43:15] » [HTTP SERVER] get /roles i  info      Request received
[17:43:15] »     [PROXY] i  info      > Forwarding "get" request to http://test.bint.ch:56683/api/v2/roles...
[17:43:15] »     [PROXY] ⬤  debug     > Headers:
[17:43:15] »     [PROXY] ⬤  debug     >         host: 127.0.0.1:4010
[17:43:15] »     [PROXY] ⬤  debug     >         user-agent: curl/8.4.0
[17:43:15] »     [PROXY] ⬤  debug     >         accept: */*
[17:43:15] »     [PROXY] ⬤  debug     >         authorization: Basic c2FkbTpwd2Q=
[17:43:15] »     [PROXY] i  info      The upstream call to /roles has returned 200
[17:43:15] »     [PROXY] i  info      < Received forward response
[17:43:15] »     [PROXY] ⬤  debug     < Status: 200
[17:43:15] »     [PROXY] ⬤  debug     < Headers:
[17:43:15] »     [PROXY] ⬤  debug     < Body: {"_readableState":{"objectMode":false,"highWaterMark":16384,"buffer":{"head":{"data":{"type":"Buffer","data":[91,34,37,65,108,108,34,44,34,67,111,109,109,117,110,105,116,121,65,100,109,105,110,34,44,34,83,121,115,116,101,109,65,100,109,105,110,34,93]},"next":null},"tail":{"data":{"type":"Buffer","data":[91,34,37,65,108,108,34,44,34,67,111,109,109,117,110,105,116,121,65,100,109,105,110,34,44,34,83,121,115,116,101,109,65,100,109,105,110,34,93]},"next":null},"length":1},"length":39,"pipes":[],"flowing":null,"ended":true,"endEmitted":false,"reading":false,"constructed":true,"sync":false,"needReadable":false,"emittedReadable":false,"readableListening":false,"resumeScheduled":false,"errorEmitted":false,"emitClose":true,"autoDestroy":true,"destroyed":false,"errored":null,"closed":false,"closeEmitted":false,"defaultEncoding":"utf8","awaitDrainWriters":null,"multiAwaitDrain":false,"readingMore":false,"dataEmitted":false,"decoder":null,"encoding":null},"_events":{},"_eventsCount":2,"_writableState":{"objectMode":false,"highWaterMark":16384,"finalCalled":true,"needDrain":false,"ending":true,"ended":true,"finished":true,"destroyed":false,"decodeStrings":true,"defaultEncoding":"utf8","length":0,"writing":false,"corked":0,"sync":false,"bufferProcessing":false,"writecb":null,"writelen":0,"afterWriteTickInfo":null,"buffered":[],"bufferedIndex":0,"allBuffers":true,"allNoop":true,"pendingcb":0,"constructed":true,"prefinished":true,"errorEmitted":false,"emitClose":true,"autoDestroy":true,"errored":null,"closed":false,"closeEmitted":false},"allowHalfOpen":true}

Environment

Please let me know if I can provide you with any further information. Thank you so very much!!

brendarearden commented 4 months ago

@JumpHoysteria could you try adding the produces property to your spec to see if that resolves your issue? Its not a required property, but Prism does use that to process responses.

JumpHoysteria commented 4 months ago

Thank you so very much! It works now! I had a similar case that a request with json-object in body wasn't validated, but with analogous reasoning the route-specific addition of "consumes" solved the issue! Cheers again and have a nice weekend!