search

stoplightio / prism

Turn any OpenAPI2/3 and Postman Collection file into an API server with mocking, transformations and validations.
https://stoplight.io/open-source/prism
Apache License 2.0
4.22k stars 344 forks source link

Request body validation is not working for allOf object referencing #2575

Open darkoandreev opened 1 month ago

darkoandreev commented 1 month ago

Context

When using the Stoplight mock server, I encountered an issue where the validation does not work as expected when an object uses allOf and includes constraints such as required, minLength, maxLength, etc. This issue affects users who rely on accurate validation responses for API testing and mocking.

Current Behavior

Instead of throwing an error for invalid data, the mock server returns a 200 OK status, incorrectly indicating that the validation passed. For instance, sending an empty string for a required field does not trigger any validation errors.

Expected Behavior

The mock server should return a validation error when the input does not meet the defined schema constraints, such as missing required fields or failing to meet minLength requirements.

Possible Workaround/Solution

After investigating, I found that downgrading the @stoplight/json package to version 3.21.3 resolves the issue. It seems that newer versions might have introduced a regression or incompatibility with the current Prism setup.

Steps to Reproduce

  1. Define a new path with request body (object) in the Stoplight project using allOf with validation constraints.
  2. Send a request with data that does not meet the validation criteria (e.g., missing required fields or invalid field lengths).
  3. Observe that the server incorrectly returns a 200 OK status.

Part of the YAML API specification:

  /test:
    post:
      summary: ''
      operationId: post-test
      responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                type: object
                properties:
                  status:
                    type: string
      requestBody:
        content:
          application/json:
            schema:
              allOf:
                - $ref: '#/components/schemas/MyTestRequest'

  MyTestRequest:
    title: MyTestRequest
    type: object
    properties:
      currencyCode:
        $ref: '#/components/schemas/TestCurrency'
    required:
      - currencyCode

  TestCurrency:
    type: string
    title: TestCurrency
    minLength: 3
    maxLength: 3

Example request body:

{
  "currencyCode": ""
}
TowhidKashem commented 2 weeks ago

Thanks, downgrading to 3.2.3 did the trick! (there was a typo, it's not 3.21.3 for anyone else reading this)