search

swagger-api / swagger-parser

Swagger Spec to Java POJOs
http://swagger.io
Apache License 2.0
786 stars 531 forks source link

Parser does not validate GET request with request body #1601

Open aneeshafedo opened 3 years ago

aneeshafedo commented 3 years ago

According to OpenAPI specification v3 GET, DELETE and HEAD are no longer allowed to have request body because it does not have defined semantics as per RFC 7231.

When validating a definition file with below path in which GET request has request body, using https://editor.swagger.io/, it gives a semantic error saying GET operations cannot have a requestBody. which is compatible with OpenAPI specification.

However when using the swagger-parser in my java project it does not return any parser error. I have tried the both 2.0.27 and 2.0.24 versions which are listed in the Maven central repository.

Sample OpenAPI definition

paths:
  /pets/{petId}:
    get:
      summary: Info for a specific pet
      operationId: showPetById
      tags:
        - pets
      parameters:
        - name: petId
          in: path
          required: true
          description: The id of the pet to retrieve
          schema:
            type: string
      requestBody:
        content:
          application/json:
            schema:
              properties:
                name:
                  type: string
              type: object
        required: false
      responses:
        '200':
          description: Expected response to a valid request
          content:
            application/json:
              schema:
                $ref: "#/components/schemas/Pet"
gracekarina commented 3 years ago

Hey @aneeshafedo, Thanks for sending us this: I was checking the OpenAPI Specification 3.0.3 and this is what it says about requestBodies The request body applicable for this operation. The requestBody is only supported in HTTP methods where the HTTP 1.1 specification RFC7231 has explicitly defined semantics for request bodies. In other cases where the HTTP spec is vague, requestBody SHALL be ignored by consumers.

aneeshafedo commented 3 years ago

@gracekarina Thanl you for the reply. Then are u suggesting that the syntax error giving at https://editor.swagger.io/ is a bug in the editor? In my opinion errors giving at https://editor.swagger.io/ and the latest swagger parser (2.0.27) should be compatible.

gracekarina commented 3 years ago

Hi! @aneeshafedo, we have to also warn in parser that in certain HTTP methods is not recommended to use a requestBody.