RubyGems - apipie-rails - Versions diffs - 0.7.0 → 0.7.1 - Mend

apipie-rails 0.7.0 → 0.7.1

Files changed (12) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +12 -0
data/README.rst +20 -0
data/lib/apipie/configuration.rb +8 -3
data/lib/apipie/dsl_definition.rb +12 -1
data/lib/apipie/param_description.rb +8 -4
data/lib/apipie/swagger_generator.rb +2 -0
data/lib/apipie/version.rb +1 -1
data/spec/controllers/users_controller_spec.rb +23 -0
data/spec/lib/param_description_spec.rb +68 -0
metadata +3 -4
data/Gemfile +0 -1

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 29292cefe596185a3becf01f657a1c8826ea2aa5601e5549926672d1ebaf9309
-  data.tar.gz: 8c1419363f237e7cb8beb61940af1303bdef53a8830e0347f9afbca29d99e32f
+  metadata.gz: ca6da3e428a5c61d9015882992836106ba91778cda6a833fca9ddced24378ebc
+  data.tar.gz: 6268486cd2419034400e32020ed6869cb361ee997ec60f22170b97758b941c00
 SHA512:
-  metadata.gz: 87f52d7d548463ec69639b85c7cb9b322b29f711fdd38800365f13bc8963a8a461f840ac8f36300e18236212b088298d90d482a0537d58b857eecbd2b479bdc5
-  data.tar.gz: 895cb9c91976d485ab1442f42895114e15c102cccc8d3b853ea6242de360f7756c5337faa086e4df7b5536079285ab83d259ce21b292c0da7fe766decdaddb32
+  metadata.gz: 84ff46aa072d18ae94a7ceb5710c27ee085cfc2662d6da76dcd06457ea966be2b57a23e0d314922dc092ba1ffc786a6c861faaf71411088e3623ad34aa3c080b
+  data.tar.gz: 4bf22cb4b69ce75fbe795f21843baf25d4c2c7d545c36923cf884372fae2a0db80b01c52eecb1b9d3a838c137948f5bcb4eea1bf61941d6dc605e97c17bc8057

data/CHANGELOG.md CHANGED Viewed

@@ -1,6 +1,18 @@
  Changelog
 ===========
+## [v0.7.1](https://github.com/Apipie/apipie-rails/tree/v0.7.1) (2022-04-06)
+[Full Changelog](https://github.com/Apipie/apipie-rails/compare/v0.7.0...v0.7.1)
+* Skip extra parameters while validating the keys. [#690](https://github.com/Apipie/apipie-rails/pull/690) (Omkar Joshi)
+* Support defining security mechanisms for Swagger [#711](https://github.com/Apipie/apipie-rails/pull/711) (Dan Leyden)
+* Update boolean handling of false [#749](https://github.com/Apipie/apipie-rails/pull/749) (Colin Bruce)
+Note: Up until and including v0.6.x, apipie-rails was silently ignoring allow_blank == false on String validation.
+when allow_blank is not specified, it default to false. to allow blank strings, you must specify it as a parameter.
+Alternatively, if you want to revert to the previous behavior, you can set this configuration option:
+`Apipie.configuration.ignore_allow_blank_false = true`.
 ## [v0.7.0](https://github.com/Apipie/apipie-rails/tree/v0.7.0) (2022-03-30)
 [Full Changelog](https://github.com/Apipie/apipie-rails/compare/v0.6.0...v0.7.0)
 * ArgumentError (invalid byte sequence in UTF-8) [#746](https://github.com/Apipie/apipie-rails/pull/746) (David Milanese)

data/README.rst CHANGED Viewed

@@ -966,6 +966,9 @@ validate_presence
 validate_key
   Check the received params to ensure they are defined in the API. (false by default)
+action_on_non_validated_keys
+  Either `:raise` or `:skip`. If `validate_key` fails, raise error or delete the non-validated key from the params and log the key (`:raise` by default)
 process_params
   Process and extract the parameter defined from the params of the request
   to the api_params variable
@@ -1021,6 +1024,10 @@ authorize
 show_all_examples
   Set this to true to set show_in_doc=1 in all recorded examples
+ignore_allow_blank_false
+  `allow_blank: false` was incorrectly ignored up until version 0.6.0, this bug was fixed in 0.7.0
+  if you need the old behavior, set this to true
 link_extension
   The extension to use for API pages ('.html' by default). Link extensions
   in static API docs cannot be changed from '.html'.
@@ -1654,6 +1661,18 @@ There are several configuration parameters that determine the structure of the g
     If ``true``:  the ``additional-properties: false`` field will not be included in response object descriptions
+``config:swagger_security_definitions``
+    If the API requires authentication, you can specify details of the authentication mechanisms supported as a (Hash) value here.
+    See [https://swagger.io/docs/specification/2-0/authentication/] for details of what values can be specified
+    By default, no security is defined.
+``config.swagger_global_security``
+    If the API requires authentication, you can specify which of the authentication mechanisms are supported by all API operations as an Array of hashes here.
+    This should be used in conjunction with the mechanisms defined by ``swagger_security_definitions``.
+    See [https://swagger.io/docs/specification/2-0/authentication/] for details of what values can be specified
+    By default, no security is defined.
 Known limitations of the current implementation
 -------------------------------------------------
 * There is currently no way to document the structure and content-type of the data returned from a method
@@ -1663,6 +1682,7 @@ Known limitations of the current implementation
 * It is not possible to leverage all of the parameter type/format capabilities of swagger
 * Only OpenAPI 2.0 is supported
 * Responses are defined inline and not as a $ref
+* It is not possible to specify per-operation security requirements (only global)
 ====================================
  Dynamic Swagger generation

data/lib/apipie/configuration.rb CHANGED Viewed

@@ -5,13 +5,14 @@ module Apipie
       :markup, :disqus_shortname,
       :api_base_url, :doc_base_url, :required_by_default, :layout,
       :default_version, :debug, :version_in_url, :namespaced_resources,
-      :validate, :validate_value, :validate_presence, :validate_key, :authenticate, :doc_path,
+      :validate, :validate_value, :validate_presence, :validate_key, :action_on_non_validated_keys, :authenticate, :doc_path,
       :show_all_examples, :process_params, :update_checksum, :checksum_path,
       :link_extension, :record, :languages, :translate, :locale, :default_locale,
-      :persist_show_in_doc, :authorize,
+      :persist_show_in_doc, :authorize, :ignore_allow_blank_false,
       :swagger_include_warning_tags, :swagger_content_type_input, :swagger_json_input_uses_refs,
       :swagger_suppress_warnings, :swagger_api_host, :swagger_generate_x_computed_id_field,
-      :swagger_allow_additional_properties_in_response, :swagger_responses_use_refs
+      :swagger_allow_additional_properties_in_response, :swagger_responses_use_refs,
+      :swagger_security_definitions, :swagger_global_security
     alias_method :validate?, :validate
     alias_method :required_by_default?, :required_by_default
@@ -152,6 +153,7 @@ module Apipie
       @validate_value = true
       @validate_presence = true
       @validate_key = false
+      @action_on_non_validated_keys = :raise
       @required_by_default = false
       @api_base_url = HashWithIndifferentAccess.new
       @doc_base_url = "/apipie"
@@ -159,6 +161,7 @@ module Apipie
       @disqus_shortname = nil
       @default_version = "1.0"
       @debug = false
+      @ignore_allow_blank_false = false
       @version_in_url = true
       @namespaced_resources = false
       @doc_path = "doc"
@@ -181,6 +184,8 @@ module Apipie
       @swagger_generate_x_computed_id_field = false
       @swagger_allow_additional_properties_in_response = false
       @swagger_responses_use_refs = true
+      @swagger_security_definitions = {}
+      @swagger_global_security = []
     end
   end
 end

data/lib/apipie/dsl_definition.rb CHANGED Viewed

@@ -262,7 +262,9 @@ module Apipie
               if Apipie.configuration.validate_key?
                 params.reject{|k,_| %w[format controller action].include?(k.to_s) }.each_pair do |param, _|
                   # params allowed
-                  raise UnknownParam.new(param) if method_params.select {|_,p| p.name.to_s == param.to_s}.empty?
+                  if method_params.select {|_,p| p.name.to_s == param.to_s}.empty?
+                    self.class._apipie_handle_validate_key_error params, param
+                  end
                 end
               end
@@ -290,6 +292,15 @@ module Apipie
         end
       end
+      def _apipie_handle_validate_key_error params, param
+        if Apipie.configuration.action_on_non_validated_keys == :raise
+          raise UnknownParam, param
+        elsif Apipie.configuration.action_on_non_validated_keys == :skip
+          params.delete(param)
+          Rails.logger.warn(UnknownParam.new(param).to_s)
+        end
+      end
       def _apipie_save_method_params(method, params)
         @method_params ||= {}
         @method_params[method] = params

data/lib/apipie/param_description.rb CHANGED Viewed

@@ -114,16 +114,20 @@ module Apipie
     end
     def validate(value)
-      return true if @allow_nil && value.nil?
-      return true if @allow_blank && value.blank?
+      return true if allow_nil && value.nil?
+      return true if allow_blank && value.blank?
       value = normalized_value(value)
-      if (!@allow_nil && value.nil?) || (!@allow_blank && value.blank?) || !@validator.valid?(value)
-        error = @validator.error
+      if (!allow_nil && value.nil?) || (blank_forbidden? && value.blank?) || !validator.valid?(value)
+        error = validator.error
         error = ParamError.new(error) unless error.is_a? StandardError
         raise error
       end
     end
+    def blank_forbidden?
+      !Apipie.configuration.ignore_allow_blank_false && !allow_blank && !validator.is_a?(Validator::BooleanValidator)
+    end
     def process_value(value)
       value = normalized_value(value)
       if @validator.respond_to?(:process_value)

data/lib/apipie/swagger_generator.rb CHANGED Viewed

@@ -74,6 +74,8 @@ module Apipie
           paths: {},
           definitions: {},
           tags: [],
+          securityDefinitions: Apipie.configuration.swagger_security_definitions,
+          security: Apipie.configuration.swagger_global_security
       }
       if Apipie.configuration.swagger_api_host

data/lib/apipie/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module Apipie
-  VERSION = "0.7.0"
+  VERSION = "0.7.1"
 end

data/spec/controllers/users_controller_spec.rb CHANGED Viewed

@@ -124,6 +124,29 @@ describe UsersController do
           end
         end
+        context "key validations are enabled and skip on non-validated keys" do
+          before do
+            Apipie.configuration.validate_value = false
+            Apipie.configuration.validate_presence = true
+            Apipie.configuration.validate_key = true
+            Apipie.configuration.action_on_non_validated_keys = :skip
+          end
+          it "should reply to valid request" do
+            expect { get :show, :params => { :id => 5, :session => 'secret_hash' }}.not_to raise_error
+            assert_response :success
+          end
+          it "should delete the param and not fail if an extra parameter is passed." do
+            expect { get :show, :params => { :id => 5 , :badparam => 'badfoo', :session => "secret_hash" }}.not_to raise_error
+            expect(controller.params.as_json).to eq({"session"=>"secret_hash", "id"=>"5", "controller"=>"users", "action"=>"show"})
+          end
+          after do
+            Apipie.configuration.action_on_non_validated_keys = :raise
+          end
+        end
         context "presence and value validations are enabled" do
           before do
             Apipie.configuration.validate_value = true

data/spec/lib/param_description_spec.rb CHANGED Viewed

@@ -113,6 +113,74 @@ describe Apipie::ParamDescription do
   end
+  describe 'validate' do
+    context 'when allow_blank is ignored, as it was before 0.7.0' do
+      before do
+        Apipie.configuration.ignore_allow_blank_false = true
+      end
+      context 'when the parameter is a boolean' do
+        it "should not throw an exception when passed false" do
+          expect { Apipie::ParamDescription.new(method_desc, :param, :boolean).validate(false) }.to_not raise_error
+        end
+        it "should throw an exception when passed an empty value" do
+          expect { Apipie::ParamDescription.new(method_desc, :param, :boolean).validate('') }.to raise_error(Apipie::ParamInvalid)
+        end
+      end
+      context 'when the parameter is a string' do
+        context 'when allow_blank is specified as true' do
+          it "should throw an exception when passed an empty value" do
+            expect { Apipie::ParamDescription.new(method_desc, :param, String, allow_blank: true).validate('') }.to_not raise_error
+          end
+        end
+        context 'when allow_blank is specified as false' do
+          it "should throw an exception when passed an empty value" do
+            expect { Apipie::ParamDescription.new(method_desc, :param, String, allow_blank: false).validate('') }.to_not raise_error
+          end
+        end
+        context 'when allow_blank is not specified' do
+          it "should throw an exception when passed an empty value" do
+            expect { Apipie::ParamDescription.new(method_desc, :param, String).validate('') }.to_not raise_error
+          end
+        end
+      end
+      after do
+        Apipie.configuration.ignore_allow_blank_false = false
+      end
+    end
+    context 'when the parameter is a boolean' do
+      it "should not throw an exception when passed false" do
+        expect { Apipie::ParamDescription.new(method_desc, :param, :boolean).validate(false) }.to_not raise_error
+      end
+      it "should throw an exception when passed an empty value" do
+        expect { Apipie::ParamDescription.new(method_desc, :param, :boolean).validate('') }.to raise_error(Apipie::ParamInvalid)
+      end
+    end
+    context 'when the parameter is a string' do
+      context 'when allow_blank is specified as true' do
+        it "should throw an exception when passed an empty value" do
+          expect { Apipie::ParamDescription.new(method_desc, :param, String, allow_blank: true).validate('') }.to_not raise_error
+        end
+      end
+      context 'when allow_blank is specified as false' do
+        it "should throw an exception when passed an empty value" do
+          expect { Apipie::ParamDescription.new(method_desc, :param, String, allow_blank: false).validate('') }.to raise_error(Apipie::ParamInvalid)
+        end
+      end
+      context 'when allow_blank is not specified' do
+        it "should throw an exception when passed an empty value" do
+          expect { Apipie::ParamDescription.new(method_desc, :param, String).validate('') }.to raise_error(Apipie::ParamInvalid)
+        end
+      end
+    end
+  end
   describe "concern substitution" do
     let(:concern_dsl_data) { dsl_data.merge(:from_concern => true) }

metadata CHANGED Viewed

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: apipie-rails
 version: !ruby/object:Gem::Version
-  version: 0.7.0
+  version: 0.7.1
 platform: ruby
 authors:
 - Pavel Pokorny
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-03-29 00:00:00.000000000 Z
+date: 2022-04-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -164,7 +164,6 @@ files:
 - ".rspec"
 - APACHE-LICENSE-2.0
 - CHANGELOG.md
-- Gemfile
 - MIT-LICENSE
 - NOTICE
 - PROPOSAL_FOR_RESPONSE_DESCRIPTIONS.md
@@ -357,7 +356,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.9
+rubygems_version: 3.1.6
 signing_key:
 specification_version: 4
 summary: Rails REST API documentation tool

data/Gemfile DELETED Viewed

	@@ -1 +0,0 @@
1	- ./Gemfile.rails61