RubyGems - apipie-rails - Versions diffs - 0.7.0 → 0.7.1 - Mend

apipie-rails 0.7.0 → 0.7.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +12 -0
data/README.rst +20 -0
data/lib/apipie/configuration.rb +8 -3
data/lib/apipie/dsl_definition.rb +12 -1
data/lib/apipie/param_description.rb +8 -4
data/lib/apipie/swagger_generator.rb +2 -0
data/lib/apipie/version.rb +1 -1
data/spec/controllers/users_controller_spec.rb +23 -0
data/spec/lib/param_description_spec.rb +68 -0
metadata +3 -4
data/Gemfile +0 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 29292cefe596185a3becf01f657a1c8826ea2aa5601e5549926672d1ebaf9309
-  data.tar.gz: 8c1419363f237e7cb8beb61940af1303bdef53a8830e0347f9afbca29d99e32f
+  metadata.gz: ca6da3e428a5c61d9015882992836106ba91778cda6a833fca9ddced24378ebc
+  data.tar.gz: 6268486cd2419034400e32020ed6869cb361ee997ec60f22170b97758b941c00
 SHA512:
-  metadata.gz: 87f52d7d548463ec69639b85c7cb9b322b29f711fdd38800365f13bc8963a8a461f840ac8f36300e18236212b088298d90d482a0537d58b857eecbd2b479bdc5
-  data.tar.gz: 895cb9c91976d485ab1442f42895114e15c102cccc8d3b853ea6242de360f7756c5337faa086e4df7b5536079285ab83d259ce21b292c0da7fe766decdaddb32
+  metadata.gz: 84ff46aa072d18ae94a7ceb5710c27ee085cfc2662d6da76dcd06457ea966be2b57a23e0d314922dc092ba1ffc786a6c861faaf71411088e3623ad34aa3c080b
+  data.tar.gz: 4bf22cb4b69ce75fbe795f21843baf25d4c2c7d545c36923cf884372fae2a0db80b01c52eecb1b9d3a838c137948f5bcb4eea1bf61941d6dc605e97c17bc8057

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,18 @@
  Changelog
 ===========
+## [v0.7.1](https://github.com/Apipie/apipie-rails/tree/v0.7.1) (2022-04-06)
+[Full Changelog](https://github.com/Apipie/apipie-rails/compare/v0.7.0...v0.7.1)
+* Skip extra parameters while validating the keys. [#690](https://github.com/Apipie/apipie-rails/pull/690) (Omkar Joshi)
+* Support defining security mechanisms for Swagger [#711](https://github.com/Apipie/apipie-rails/pull/711) (Dan Leyden)
+* Update boolean handling of false [#749](https://github.com/Apipie/apipie-rails/pull/749) (Colin Bruce)
+Note: Up until and including v0.6.x, apipie-rails was silently ignoring allow_blank == false on String validation.
+when allow_blank is not specified, it default to false. to allow blank strings, you must specify it as a parameter.
+Alternatively, if you want to revert to the previous behavior, you can set this configuration option:
+`Apipie.configuration.ignore_allow_blank_false = true`.
 ## [v0.7.0](https://github.com/Apipie/apipie-rails/tree/v0.7.0) (2022-03-30)
 [Full Changelog](https://github.com/Apipie/apipie-rails/compare/v0.6.0...v0.7.0)
 * ArgumentError (invalid byte sequence in UTF-8) [#746](https://github.com/Apipie/apipie-rails/pull/746) (David Milanese)

data/README.rst CHANGED Viewed

@@ -966,6 +966,9 @@ validate_presence
 validate_key
   Check the received params to ensure they are defined in the API. (false by default)
+action_on_non_validated_keys
+  Either `:raise` or `:skip`. If `validate_key` fails, raise error or delete the non-validated key from the params and log the key (`:raise` by default)
 process_params
   Process and extract the parameter defined from the params of the request
   to the api_params variable
@@ -1021,6 +1024,10 @@ authorize
 show_all_examples
   Set this to true to set show_in_doc=1 in all recorded examples
+ignore_allow_blank_false
+  `allow_blank: false` was incorrectly ignored up until version 0.6.0, this bug was fixed in 0.7.0
+  if you need the old behavior, set this to true
 link_extension
   The extension to use for API pages ('.html' by default). Link extensions
   in static API docs cannot be changed from '.html'.
@@ -1654,6 +1661,18 @@ There are several configuration parameters that determine the structure of the g
     If ``true``:  the ``additional-properties: false`` field will not be included in response object descriptions
+``config:swagger_security_definitions``
+    If the API requires authentication, you can specify details of the authentication mechanisms supported as a (Hash) value here.
+    See [https://swagger.io/docs/specification/2-0/authentication/] for details of what values can be specified
+    By default, no security is defined.
+``config.swagger_global_security``
+    If the API requires authentication, you can specify which of the authentication mechanisms are supported by all API operations as an Array of hashes here.
+    This should be used in conjunction with the mechanisms defined by ``swagger_security_definitions``.
+    See [https://swagger.io/docs/specification/2-0/authentication/] for details of what values can be specified
+    By default, no security is defined.
 Known limitations of the current implementation
 -------------------------------------------------
 * There is currently no way to document the structure and content-type of the data returned from a method
@@ -1663,6 +1682,7 @@ Known limitations of the current implementation
 * It is not possible to leverage all of the parameter type/format capabilities of swagger
 * Only OpenAPI 2.0 is supported
 * Responses are defined inline and not as a $ref
+* It is not possible to specify per-operation security requirements (only global)
 ====================================
  Dynamic Swagger generation

data/lib/apipie/configuration.rb CHANGED Viewed

@@ -5,13 +5,14 @@ module Apipie
       :markup, :disqus_shortname,
       :api_base_url, :doc_base_url, :required_by_default, :layout,
       :default_version, :debug, :version_in_url, :namespaced_resources,
-      :validate, :validate_value, :validate_presence, :validate_key, :authenticate, :doc_path,
+      :validate, :validate_value, :validate_presence, :validate_key, :action_on_non_validated_keys, :authenticate, :doc_path,
       :show_all_examples, :process_params, :update_checksum, :checksum_path,
       :link_extension, :record, :languages, :translate, :locale, :default_locale,
-      :persist_show_in_doc, :authorize,
+      :persist_show_in_doc, :authorize, :ignore_allow_blank_false,
       :swagger_include_warning_tags, :swagger_content_type_input, :swagger_json_input_uses_refs,
       :swagger_suppress_warnings, :swagger_api_host, :swagger_generate_x_computed_id_field,
-      :swagger_allow_additional_properties_in_response, :swagger_responses_use_refs
+      :swagger_allow_additional_properties_in_response, :swagger_responses_use_refs,
+      :swagger_security_definitions, :swagger_global_security
     alias_method :validate?, :validate
     alias_method :required_by_default?, :required_by_default
@@ -152,6 +153,7 @@ module Apipie
       @validate_value = true
       @validate_presence = true
       @validate_key = false
+      @action_on_non_validated_keys = :raise
       @required_by_default = false
       @api_base_url = HashWithIndifferentAccess.new
       @doc_base_url = "/apipie"
@@ -159,6 +161,7 @@ module Apipie
       @disqus_shortname = nil
       @default_version = "1.0"
       @debug = false
+      @ignore_allow_blank_false = false
       @version_in_url = true
       @namespaced_resources = false
       @doc_path = "doc"
@@ -181,6 +184,8 @@ module Apipie
       @swagger_generate_x_computed_id_field = false
       @swagger_allow_additional_properties_in_response = false
       @swagger_responses_use_refs = true
+      @swagger_security_definitions = {}
+      @swagger_global_security = []
     end
   end
 end

data/lib/apipie/dsl_definition.rb CHANGED Viewed

@@ -262,7 +262,9 @@ module Apipie
               if Apipie.configuration.validate_key?
                 params.reject{|k,_| %w[format controller action].include?(k.to_s) }.each_pair do |param, _|
                   # params allowed
-                  raise UnknownParam.new(param) if method_params.select {|_,p| p.name.to_s == param.to_s}.empty?
+                  if method_params.select {|_,p| p.name.to_s == param.to_s}.empty?
+                    self.class._apipie_handle_validate_key_error params, param
+                  end
                 end
               end
@@ -290,6 +292,15 @@ module Apipie
         end
       end
+      def _apipie_handle_validate_key_error params, param
+        if Apipie.configuration.action_on_non_validated_keys == :raise
+          raise UnknownParam, param
+        elsif Apipie.configuration.action_on_non_validated_keys == :skip
+          params.delete(param)
+          Rails.logger.warn(UnknownParam.new(param).to_s)
+        end
+      end
       def _apipie_save_method_params(method, params)
         @method_params ||= {}
         @method_params[method] = params

data/lib/apipie/param_description.rb CHANGED Viewed

@@ -114,16 +114,20 @@ module Apipie
     end
     def validate(value)
-      return true if @allow_nil && value.nil?
-      return true if @allow_blank && value.blank?
+      return true if allow_nil && value.nil?
+      return true if allow_blank && value.blank?
       value = normalized_value(value)
-      if (!@allow_nil && value.nil?) || (!@allow_blank && value.blank?) || !@validator.valid?(value)
-        error = @validator.error
+      if (!allow_nil && value.nil?) || (blank_forbidden? && value.blank?) || !validator.valid?(value)
+        error = validator.error
         error = ParamError.new(error) unless error.is_a? StandardError
         raise error
       end
     end
+    def blank_forbidden?
+      !Apipie.configuration.ignore_allow_blank_false && !allow_blank && !validator.is_a?(Validator::BooleanValidator)
+    end
     def process_value(value)
       value = normalized_value(value)
       if @validator.respond_to?(:process_value)

data/lib/apipie/swagger_generator.rb CHANGED Viewed

@@ -74,6 +74,8 @@ module Apipie
           paths: {},
           definitions: {},
           tags: [],
+          securityDefinitions: Apipie.configuration.swagger_security_definitions,
+          security: Apipie.configuration.swagger_global_security
       }
       if Apipie.configuration.swagger_api_host

data/lib/apipie/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Apipie
-  VERSION = "0.7.0"
+  VERSION = "0.7.1"
 end

data/spec/controllers/users_controller_spec.rb CHANGED Viewed

@@ -124,6 +124,29 @@ describe UsersController do
           end
         end
+        context "key validations are enabled and skip on non-validated keys" do
+          before do
+            Apipie.configuration.validate_value = false
+            Apipie.configuration.validate_presence = true
+            Apipie.configuration.validate_key = true
+            Apipie.configuration.action_on_non_validated_keys = :skip
+          end
+          it "should reply to valid request" do
+            expect { get :show, :params => { :id => 5, :session => 'secret_hash' }}.not_to raise_error
+            assert_response :success
+          end
+          it "should delete the param and not fail if an extra parameter is passed." do
+            expect { get :show, :params => { :id => 5 , :badparam => 'badfoo', :session => "secret_hash" }}.not_to raise_error
+            expect(controller.params.as_json).to eq({"session"=>"secret_hash", "id"=>"5", "controller"=>"users", "action"=>"show"})
+          end
+          after do
+            Apipie.configuration.action_on_non_validated_keys = :raise
+          end
+        end
         context "presence and value validations are enabled" do
           before do
             Apipie.configuration.validate_value = true

data/spec/lib/param_description_spec.rb CHANGED Viewed

@@ -113,6 +113,74 @@ describe Apipie::ParamDescription do
   end
+  describe 'validate' do
+    context 'when allow_blank is ignored, as it was before 0.7.0' do
+      before do
+        Apipie.configuration.ignore_allow_blank_false = true
+      end
+      context 'when the parameter is a boolean' do
+        it "should not throw an exception when passed false" do
+          expect { Apipie::ParamDescription.new(method_desc, :param, :boolean).validate(false) }.to_not raise_error
+        end
+        it "should throw an exception when passed an empty value" do
+          expect { Apipie::ParamDescription.new(method_desc, :param, :boolean).validate('') }.to raise_error(Apipie::ParamInvalid)
+        end
+      end
+      context 'when the parameter is a string' do
+        context 'when allow_blank is specified as true' do
+          it "should throw an exception when passed an empty value" do
+            expect { Apipie::ParamDescription.new(method_desc, :param, String, allow_blank: true).validate('') }.to_not raise_error
+          end
+        end
+        context 'when allow_blank is specified as false' do
+          it "should throw an exception when passed an empty value" do
+            expect { Apipie::ParamDescription.new(method_desc, :param, String, allow_blank: false).validate('') }.to_not raise_error
+          end
+        end
+        context 'when allow_blank is not specified' do
+          it "should throw an exception when passed an empty value" do
+            expect { Apipie::ParamDescription.new(method_desc, :param, String).validate('') }.to_not raise_error
+          end
+        end
+      end
+      after do
+        Apipie.configuration.ignore_allow_blank_false = false
+      end
+    end
+    context 'when the parameter is a boolean' do
+      it "should not throw an exception when passed false" do
+        expect { Apipie::ParamDescription.new(method_desc, :param, :boolean).validate(false) }.to_not raise_error
+      end
+      it "should throw an exception when passed an empty value" do
+        expect { Apipie::ParamDescription.new(method_desc, :param, :boolean).validate('') }.to raise_error(Apipie::ParamInvalid)
+      end
+    end
+    context 'when the parameter is a string' do
+      context 'when allow_blank is specified as true' do
+        it "should throw an exception when passed an empty value" do
+          expect { Apipie::ParamDescription.new(method_desc, :param, String, allow_blank: true).validate('') }.to_not raise_error
+        end
+      end
+      context 'when allow_blank is specified as false' do
+        it "should throw an exception when passed an empty value" do
+          expect { Apipie::ParamDescription.new(method_desc, :param, String, allow_blank: false).validate('') }.to raise_error(Apipie::ParamInvalid)
+        end
+      end
+      context 'when allow_blank is not specified' do
+        it "should throw an exception when passed an empty value" do
+          expect { Apipie::ParamDescription.new(method_desc, :param, String).validate('') }.to raise_error(Apipie::ParamInvalid)
+        end
+      end
+    end
+  end
   describe "concern substitution" do
     let(:concern_dsl_data) { dsl_data.merge(:from_concern => true) }

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: apipie-rails
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.7.1
 platform: ruby
 authors:
 - Pavel Pokorny
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-29 00:00:00.000000000 Z
+date: 2022-04-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -164,7 +164,6 @@ files:
 - ".rspec"
 - APACHE-LICENSE-2.0
 - CHANGELOG.md
-- Gemfile
 - MIT-LICENSE
 - NOTICE
 - PROPOSAL_FOR_RESPONSE_DESCRIPTIONS.md
@@ -357,7 +356,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.9
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Rails REST API documentation tool

data/Gemfile DELETED Viewed

	@@ -1 +0,0 @@
1	- ./Gemfile.rails61