committee 1.15.0 → 5.0.0

data/test/request_unpacker_test.rb

@@ -1,6 +1,6 @@
-require_relative "test_helper"
+# frozen_string_literal: true
 
-require "stringio"
+require "test_helper"
 
 describe Committee::RequestUnpacker do
   it "unpacks JSON on Content-Type: application/json" do
@@ -9,47 +9,73 @@ describe Committee::RequestUnpacker do
       "rack.input"   => StringIO.new('{"x":"y"}'),
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request).call
-    assert_equal({ "x" => "y" }, params)
+    unpacker = Committee::RequestUnpacker.new
+    assert_equal([{ "x" => "y" }, false], unpacker.unpack_request_params(request))
   end
 
-  it "unpacks JSON on no Content-Type" do
+  it "unpacks JSON on Content-Type: application/vnd.api+json" do
     env = {
+      "CONTENT_TYPE" => "application/vnd.api+json",
       "rack.input"   => StringIO.new('{"x":"y"}'),
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request).call
-    assert_equal({ "x" => "y" }, params)
+    unpacker = Committee::RequestUnpacker.new
+    assert_equal([{ "x" => "y" }, false], unpacker.unpack_request_params(request))
   end
 
-  it "doesn't unpack JSON under other Content-Types" do
+  it "unpacks JSON on no Content-Type" do
     env = {
-      "CONTENT_TYPE" => "application/x-www-form-urlencoded",
       "rack.input"   => StringIO.new('{"x":"y"}'),
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request).call
-    assert_equal({}, params)
+    unpacker = Committee::RequestUnpacker.new
+    assert_equal([{ "x" => "y" }, false], unpacker.unpack_request_params(request))
   end
 
-  it "unpacks JSON under other Content-Types with optimistic_json" do
+  it "doesn't unpack JSON on application/x-ndjson" do
     env = {
-      "CONTENT_TYPE" => "application/x-www-form-urlencoded",
-      "rack.input"   => StringIO.new('{"x":"y"}'),
+      "CONTENT_TYPE" => "application/x-ndjson",
+      "rack.input"   => StringIO.new('{"x":"y"}\n{"a":"b"}'),
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request, optimistic_json: true).call
-    assert_equal({ "x" => "y" }, params)
+    unpacker = Committee::RequestUnpacker.new
+    assert_equal([{}, false], unpacker.unpack_request_params(request))
+  end
+
+  it "doesn't unpack JSON under other Content-Types" do
+    %w[application/x-www-form-urlencoded multipart/form-data].each do |content_type|
+      env = {
+        "CONTENT_TYPE" => content_type,
+        "rack.input"   => StringIO.new('{"x":"y"}'),
+      }
+      request = Rack::Request.new(env)
+      unpacker = Committee::RequestUnpacker.new
+      assert_equal([{}, false], unpacker.unpack_request_params(request))
+    end
+  end
+
+  it "unpacks JSON under other Content-Types with optimistic_json" do
+    %w[application/x-www-form-urlencoded multipart/form-data].each do |content_type|
+      env = {
+        "CONTENT_TYPE" => content_type,
+        "rack.input"   => StringIO.new('{"x":"y"}'),
+      }
+      request = Rack::Request.new(env)
+      unpacker = Committee::RequestUnpacker.new(optimistic_json: true)
+      assert_equal([{ "x" => "y" }, false], unpacker.unpack_request_params(request))
+    end
   end
 
   it "returns {} when unpacking non-JSON with optimistic_json" do
-    env = {
-      "CONTENT_TYPE" => "application/x-www-form-urlencoded",
-      "rack.input"   => StringIO.new('x=y&foo=42'),
-    }
-    request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request, optimistic_json: true).call
-    assert_equal({}, params)
+    %w[application/x-www-form-urlencoded multipart/form-data].each do |content_type|
+      env = {
+        "CONTENT_TYPE" => content_type,
+        "rack.input"   => StringIO.new('x=y&foo=42'),
+      }
+      request = Rack::Request.new(env)
+      unpacker = Committee::RequestUnpacker.new(optimistic_json: true)
+      assert_equal([{}, false], unpacker.unpack_request_params(request))
+    end
   end
 
   it "unpacks an empty hash on an empty request body" do
@@ -58,39 +84,45 @@ describe Committee::RequestUnpacker do
       "rack.input"   => StringIO.new(""),
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request).call
-    assert_equal({}, params)
+    unpacker = Committee::RequestUnpacker.new
+    assert_equal([{}, false], unpacker.unpack_request_params(request))
   end
 
   it "doesn't unpack form params" do
-    env = {
-      "CONTENT_TYPE" => "application/x-www-form-urlencoded",
-      "rack.input"   => StringIO.new("x=y"),
-    }
-    request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request).call
-    assert_equal({}, params)
+    %w[application/x-www-form-urlencoded multipart/form-data].each do |content_type|
+      env = {
+        "CONTENT_TYPE" => content_type,
+        "rack.input"   => StringIO.new("x=y"),
+      }
+      request = Rack::Request.new(env)
+      unpacker = Committee::RequestUnpacker.new
+      assert_equal([{}, false], unpacker.unpack_request_params(request))
+    end
   end
 
   it "unpacks form params with allow_form_params" do
-    env = {
-      "CONTENT_TYPE" => "application/x-www-form-urlencoded",
-      "rack.input"   => StringIO.new("x=y"),
-    }
-    request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request, allow_form_params: true).call
-    assert_equal({ "x" => "y" }, params)
+    %w[application/x-www-form-urlencoded multipart/form-data].each do |content_type|
+      env = {
+        "CONTENT_TYPE" => content_type,
+        "rack.input"   => StringIO.new("x=y"),
+      }
+      request = Rack::Request.new(env)
+      unpacker = Committee::RequestUnpacker.new(allow_form_params: true)
+      assert_equal([{ "x" => "y" }, true], unpacker.unpack_request_params(request))
+    end
   end
 
   it "unpacks form & query params with allow_form_params and allow_query_params" do
-    env = {
-      "CONTENT_TYPE" => "application/x-www-form-urlencoded",
-      "rack.input"   => StringIO.new("x=y"),
-      "QUERY_STRING" => "a=b"
-    }
-    request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request, allow_form_params: true, allow_query_params: true).call
-    assert_equal({ "x" => "y", "a" => "b" }, params)
+    %w[application/x-www-form-urlencoded multipart/form-data].each do |content_type|
+      env = {
+        "CONTENT_TYPE" => content_type,
+        "rack.input"   => StringIO.new("x=y"),
+        "QUERY_STRING" => "a=b"
+      }
+      request = Rack::Request.new(env)
+      unpacker = Committee::RequestUnpacker.new(allow_form_params: true, allow_query_params: true)
+      assert_equal([ { "x" => "y"}, true], unpacker.unpack_request_params(request))
+    end
   end
 
   it "unpacks query params with allow_query_params" do
@@ -99,8 +131,8 @@ describe Committee::RequestUnpacker do
       "QUERY_STRING" => "a=b"
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request, allow_query_params: true).call
-    assert_equal({ "a" => "b" }, params)
+    unpacker = Committee::RequestUnpacker.new(allow_query_params: true)
+    assert_equal({ "a" => "b" }, unpacker.unpack_query_params(request))
   end
 
   it "errors if JSON is not an object" do
@@ -110,7 +142,7 @@ describe Committee::RequestUnpacker do
     }
     request = Rack::Request.new(env)
     assert_raises(Committee::BadRequest) do
-      Committee::RequestUnpacker.new(request).call
+      Committee::RequestUnpacker.new.unpack_request_params(request)
     end
   end
 
@@ -120,7 +152,49 @@ describe Committee::RequestUnpacker do
       "rack.input"   => StringIO.new('{"x":"y"}'),
     }
     request = Rack::Request.new(env)
-    params = Committee::RequestUnpacker.new(request).call
-    assert_equal({}, params)
+    unpacker = Committee::RequestUnpacker.new
+    assert_equal([{}, false], unpacker.unpack_request_params(request))
+  end
+
+  # this is mostly here for line coverage
+  it "unpacks JSON containing an array" do
+    env = {
+      "rack.input" => StringIO.new('{"x":[]}'),
+    }
+    request = Rack::Request.new(env)
+    unpacker = Committee::RequestUnpacker.new
+    assert_equal([{ "x" => [] }, false], unpacker.unpack_request_params(request))
+  end
+
+  it "unpacks http header" do
+    env = {
+      "HTTP_FOO_BAR" => "some header value",
+      "rack.input"   => StringIO.new(""),
+    }
+    request = Rack::Request.new(env)
+    unpacker = Committee::RequestUnpacker.new({ allow_header_params: true })
+    assert_equal({ "FOO-BAR" => "some header value" }, unpacker.unpack_headers(request))
+  end
+
+  it "includes request body when`use_get_body` is true" do
+    env = {
+        "rack.input" => StringIO.new('{"x":1, "y":2}'),
+        "REQUEST_METHOD" => "GET",
+        "QUERY_STRING"=>"data=value&x=aaa",
+    }
+    request = Rack::Request.new(env)
+    unpacker = Committee::RequestUnpacker.new({ allow_query_params: true, allow_get_body: true })
+    assert_equal([{ 'x' => 1, 'y' => 2 }, false], unpacker.unpack_request_params(request))
+  end
+
+  it "doesn't include request body when `use_get_body` is false" do
+    env = {
+        "rack.input" => StringIO.new('{"x":1, "y":2}'),
+        "REQUEST_METHOD" => "GET",
+        "QUERY_STRING"=>"data=value&x=aaa",
+    }
+    request = Rack::Request.new(env)
+    unpacker = Committee::RequestUnpacker.new({ allow_query_params: true, use_get_body: false })
+    assert_equal({ 'data' => 'value', 'x' => 'aaa' }, unpacker.unpack_query_params(request))
   end
 end

data/test/schema_validator/hyper_schema/parameter_coercer_test.rb

@@ -0,0 +1,111 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+describe Committee::SchemaValidator::HyperSchema::ParameterCoercer do
+  before do
+    @schema = JsonSchema.parse!(hyper_schema_data)
+    @schema.expand_references!
+    # POST /apps/:id
+    @link = @schema.properties["app"].links[0]
+  end
+
+  it "pass datetime string" do
+    params = { "update_time" => "2016-04-01T16:00:00.000+09:00"}
+    call(params, coerce_date_times: true)
+
+    assert_kind_of DateTime, params["update_time"]
+  end
+
+  it "don't change object type" do
+    params = HashLikeObject.new
+    params["update_time"] = "2016-04-01T16:00:00.000+09:00"
+    call(params, coerce_date_times: true)
+
+    assert_kind_of DateTime, params["update_time"]
+    assert_kind_of HashLikeObject, params
+  end
+
+  it "pass invalid datetime string, not convert" do
+    invalid_datetime = "llmfllmf"
+    params = { "update_time" => invalid_datetime}
+    call(params, coerce_date_times: true)
+
+    assert_equal invalid_datetime, params["update_time"]
+  end
+
+  it "pass array property" do
+    params = {
+        "array_property" => [
+            {
+                "update_time" => "2016-04-01T16:00:00.000+09:00",
+                "per_page" => 1,
+                "nested_coercer_object" => {
+                    "update_time" => "2016-04-01T16:00:00.000+09:00",
+                    "threshold" => 1.5
+                },
+                "nested_no_coercer_object" => {
+                    "per_page" => 1,
+                    "threshold" => 1.5
+                },
+                "nested_coercer_array" => [
+                    {
+                        "update_time" => "2016-04-01T16:00:00.000+09:00",
+                        "threshold" => 1.5
+                    }
+                ],
+                "nested_no_coercer_array" => [
+                    {
+                        "per_page" => 1,
+                        "threshold" => 1.5
+                    }
+                ]
+            },
+            {
+                "update_time" => "2016-04-01T16:00:00.000+09:00",
+                "per_page" => 1,
+                "threshold" => 1.5
+            },
+            {
+                "threshold" => 1.5,
+                "per_page" => 1
+            }
+        ],
+    }
+    call(params, coerce_date_times: true, coerce_recursive: true)
+
+    first_data = params["array_property"][0]
+    assert_kind_of DateTime, first_data["update_time"]
+    assert_kind_of Integer, first_data["per_page"]
+
+    second_data = params["array_property"][1]
+    assert_kind_of DateTime, second_data["update_time"]
+    assert_kind_of Integer, second_data["per_page"]
+    assert_kind_of Float, second_data["threshold"]
+
+    third_data = params["array_property"][1]
+    assert_kind_of Integer, third_data["per_page"]
+    assert_kind_of Float, third_data["threshold"]
+
+    assert_kind_of DateTime, first_data["nested_coercer_object"]["update_time"]
+    assert_kind_of Float, first_data["nested_coercer_object"]["threshold"]
+
+    assert_kind_of Integer, first_data["nested_no_coercer_object"]["per_page"]
+    assert_kind_of Float, first_data["nested_no_coercer_object"]["threshold"]
+
+    assert_kind_of DateTime, first_data["nested_coercer_array"].first["update_time"]
+    assert_kind_of Float, first_data["nested_coercer_array"].first["threshold"]
+
+    assert_kind_of Integer, first_data["nested_no_coercer_array"].first["per_page"]
+    assert_kind_of Float, first_data["nested_no_coercer_array"].first["threshold"]
+  end
+
+  private
+
+  class HashLikeObject < Hash; end
+
+  def call(params, options={})
+    link = Committee::Drivers::HyperSchema::Link.new(@link)
+    Committee::SchemaValidator::HyperSchema::ParameterCoercer.new(params, link.schema, options).call!
+  end
+end

data/test/schema_validator/hyper_schema/request_validator_test.rb

@@ -0,0 +1,151 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+require "stringio"
+
+describe Committee::SchemaValidator::HyperSchema::RequestValidator do
+  describe 'HyperSchema' do
+    before do
+      @schema = JsonSchema.parse!(hyper_schema_data)
+      @schema.expand_references!
+      # POST /apps/:id
+      @link = @schema.properties["app"].links[0]
+      @request = Rack::Request.new({
+                                     "CONTENT_TYPE"   => "application/json",
+                                     "rack.input"     => StringIO.new("{}"),
+                                     "REQUEST_METHOD" => "POST"
+                                   })
+    end
+
+    it "passes through a valid request with Content-Type options" do
+      @headers = { "Content-Type" => "application/json; charset=utf-8" }
+      call({})
+    end
+
+    it "passes through a valid request" do
+      data = {
+        "name" => "heroku-api",
+      }
+      call(data)
+    end
+
+    it "passes through a valid request with Content-Type options" do
+      @request =
+        Rack::Request.new({
+                            "CONTENT_TYPE" => "application/json; charset=utf-8",
+                            "rack.input"   => StringIO.new("{}"),
+                          })
+      data = {
+        "name" => "heroku-api",
+      }
+      call(data)
+    end
+
+    it "detects an invalid request Content-Type" do
+      e = assert_raises(Committee::InvalidRequest) {
+        @request =
+          Rack::Request.new({
+                              "CONTENT_TYPE" => "application/x-www-form-urlencoded",
+                              "rack.input"   => StringIO.new("{}"),
+                            })
+        call({})
+      }
+      message =
+        %{"Content-Type" request header must be set to "application/json".}
+      assert_equal message, e.message
+    end
+
+    it "allows skipping content_type check" do
+      @request =
+        Rack::Request.new({
+                            "CONTENT_TYPE" => "application/x-www-form-urlencoded",
+                            "rack.input"   => StringIO.new("{}"),
+                          })
+      call({}, {}, check_content_type: false)
+    end
+
+    it "detects an missing parameter in GET requests" do
+      # GET /apps/search?query=...
+      @link = @schema.properties["app"].links[5]
+      @request = Rack::Request.new({})
+      e = assert_raises(Committee::InvalidRequest) do
+        call({})
+      end
+      message =
+        %{Invalid request.\n\n#: failed schema #/definitions/app/links/5/schema: "query" wasn't supplied.}
+      assert_equal message, e.message
+    end
+
+    it "allows an invalid Content-Type with an empty body" do
+      @request =
+        Rack::Request.new({
+                            "CONTENT_TYPE" => "application/x-www-form-urlencoded",
+                            "rack.input"   => StringIO.new(""),
+                          })
+      call({})
+    end
+
+    it "detects a parameter of the wrong pattern" do
+      data = {
+        "name" => "%@!"
+      }
+      e = assert_raises(Committee::InvalidRequest) do
+        call(data)
+      end
+      message = %{Invalid request.\n\n#/name: failed schema #/definitions/app/links/0/schema/properties/name: %@! does not match /^[a-z][a-z0-9-]{3,30}$/.}
+      assert_equal message, e.message
+    end
+
+    private
+
+    def call(data, headers={}, options={})
+      # hyper-schema link should be dropped into driver wrapper before it's used
+      link = Committee::Drivers::HyperSchema::Link.new(@link)
+      Committee::SchemaValidator::HyperSchema::RequestValidator.new(link, options).call(@request, data, headers)
+    end
+  end
+
+  describe 'OpenAPI 2' do
+    before do
+      @schema = open_api_2_schema
+      @link = @schema.routes['GET'][0][1]
+      @request = Rack::Request.new({
+                                     "CONTENT_TYPE"   => "application/json",
+                                     "rack.input"     => StringIO.new("{}"),
+                                     "REQUEST_METHOD" => "POST"
+                                   })
+    end
+
+
+    it "passes through a valid request" do
+      headers = {
+        "AUTH-TOKEN" => "xxx"
+      }
+      call({}, headers)
+    end
+
+    it "detects an missing header parameter in GET requests" do
+      @link = @schema.routes['GET'][0][1]
+      @request = Rack::Request.new({})
+      e = assert_raises(Committee::InvalidRequest) do
+        call({}, {})
+      end
+      message = %{Invalid request.\n\n#: failed schema : "AUTH-TOKEN" wasn't supplied.}
+      assert_equal message, e.message
+    end
+
+    it "allows skipping header schema check" do
+      @link = @schema.routes['GET'][0][1]
+      @request = Rack::Request.new({})
+      call({}, {}, { check_header: false })
+    end
+
+    private
+
+    def call(data, headers={}, options={})
+      # hyper-schema link should be dropped into driver wrapper before it's used
+      Committee::SchemaValidator::HyperSchema::RequestValidator.new(@link, options).call(@request, data, headers)
+    end
+  end
+end

data/test/schema_validator/hyper_schema/response_generator_test.rb

@@ -0,0 +1,142 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+describe Committee::SchemaValidator::HyperSchema::ResponseGenerator do
+  before do
+    @schema = JsonSchema.parse!(hyper_schema_data)
+    @schema.expand_references!
+    # GET /apps/:id
+    @get_link = @link = @schema.properties["app"].links[2]
+    # GET /apps
+    @list_link = @schema.properties["app"].links[3]
+  end
+
+  it "returns the schema used to match" do
+    _data, schema = call
+    assert_equal @get_link.target_schema, schema
+  end
+
+  it "generates string properties" do
+    data, _schema = call
+    assert data["name"].is_a?(String)
+  end
+
+  it "generates non-string properties" do
+    data, _schema = call
+    assert_includes [FalseClass, TrueClass], data["maintenance"].class
+  end
+
+  it "wraps list data in an array" do
+    @link = @list_link
+
+    @link.rel = nil
+
+    data, _schema = call
+    assert data.is_a?(Array)
+  end
+
+  it "wraps list data tagged with rel 'instances' in an array" do
+    @link = @list_link
+
+    # forces the link to use `parent`
+    @link.target_schema = nil
+
+    data, _schema = call
+
+    # We're testing for legacy behavior here: even without a `targetSchema` as
+    # long as `rel` is set to `instances` we still wrap the result in an
+    # array.
+    assert_equal "instances", @list_link.rel
+
+    assert data.is_a?(Array)
+  end
+
+  it "errors with no known route for generation" do
+    @link = @get_link
+
+    # tweak the schema so that it can't be generated
+    property = @schema.properties["app"].properties["maintenance"]
+    property.data["example"] = nil
+    property.type = []
+
+    e = assert_raises(RuntimeError) do
+      call
+    end
+
+    expected = <<-eos.gsub(/\n +/, "").strip
+      At "get /apps/{(%23%2Fdefinitions%2Fapp%2Fdefinitions%2Fname)}" 
+      "#/definitions/app/properties/maintenance": no "example" attribute and 
+      "null" is not allowed; don't know how to generate property.
+    eos
+    assert_equal expected, e.message
+  end
+
+  it "generates first enum value for a schema with enum" do
+    link = Committee::Drivers::OpenAPI2::Link.new
+    link.target_schema = JsonSchema::Schema.new
+    link.target_schema.enum = ["foo"]
+    link.target_schema.type = ["string"]
+    data, _schema = Committee::SchemaValidator::HyperSchema::ResponseGenerator.new.call(link)
+    assert_equal("foo", data)
+  end
+
+  it "generates basic types" do
+    link = Committee::Drivers::OpenAPI2::Link.new
+    link.target_schema = JsonSchema::Schema.new
+
+    link.target_schema.type = ["integer"]
+    data, _schema = Committee::SchemaValidator::HyperSchema::ResponseGenerator.new.call(link)
+    assert_equal 0, data
+
+    link.target_schema.type = ["null"]
+    data, _schema = Committee::SchemaValidator::HyperSchema::ResponseGenerator.new.call(link)
+    assert_nil data
+
+    link.target_schema.type = ["string"]
+    data, _schema = Committee::SchemaValidator::HyperSchema::ResponseGenerator.new.call(link)
+    assert_equal "", data
+  end
+
+  it "generates an empty array for an array type" do
+    link = Committee::Drivers::OpenAPI2::Link.new
+    link.target_schema = JsonSchema::Schema.new
+    link.target_schema.type = ["array"]
+    data, _schema = Committee::SchemaValidator::HyperSchema::ResponseGenerator.new.call(link)
+    assert_equal([], data)
+  end
+
+  it "generates an empty object for an object with no fields" do
+    link = Committee::Drivers::OpenAPI2::Link.new
+    link.target_schema = JsonSchema::Schema.new
+    link.target_schema.type = ["object"]
+    data, _schema = Committee::SchemaValidator::HyperSchema::ResponseGenerator.new.call(link)
+    assert_equal({}, data)
+  end
+
+  it "prefers an example to a built-in value" do
+    link = Committee::Drivers::OpenAPI2::Link.new
+    link.target_schema = JsonSchema::Schema.new
+
+    link.target_schema.data = { "example" => 123 }
+    link.target_schema.type = ["integer"]
+
+    data, _schema = Committee::SchemaValidator::HyperSchema::ResponseGenerator.new.call(link)
+    assert_equal 123, data
+  end
+
+  it "prefers non-null types to null types" do
+    link = Committee::Drivers::OpenAPI2::Link.new
+    link.target_schema = JsonSchema::Schema.new
+
+    link.target_schema.type = ["null", "integer"]
+    data, _schema = Committee::SchemaValidator::HyperSchema::ResponseGenerator.new.call(link)
+    assert_equal 0, data
+  end
+
+  def call
+    # hyper-schema link should be dropped into driver wrapper before it's used
+    link = Committee::Drivers::HyperSchema::Link.new(@link)
+    Committee::SchemaValidator::HyperSchema::ResponseGenerator.new.call(link)
+  end
+end