committee 3.3.0 → 5.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0c35304cf9026ae20062ea312cdca6b43af486c4c2e5e7c952b35bbad811ce4e
-  data.tar.gz: d9a96cd2c6c15b9de26fb95ef0b4d59216c999f8589329d6ee6b21b41e2511d9
+  metadata.gz: 284c8c1198255435e959dcee2b92cb25c3d80dd5fe6d4622b8077a69525712ed
+  data.tar.gz: b306ec0ad5e628d9cc7b6382781c4b710c99bedb127a7000edadf9d0e0b8fa84
 SHA512:
-  metadata.gz: 42ffc889dcc301c9de500417390454f4723bf049f0336b9de92b94fcaa2d67f53a7f5c4c9ad5a3a56bd2e9fff70d06ebe7c7279729c616b45ab33625c2a33572
-  data.tar.gz: d3c7ca273497b2eb4444fcdb6eb43f49fed866335d1a627f806586f6755557b8a956b43eb5c9448b7cf19176b9e2a4705c78bf6045dde2e98b19fd55211e0070
+  metadata.gz: 687d9a47d2a17786313bde939339d464a8d775795458b09ad7d7784bfa337f848a9ffabe240e9f39173c4466589c026f64a8eede768e7abfff4b01b2672339f5
+  data.tar.gz: 4ee7781341de9ebafae28d01d98c0f72d54067c425f3ee10b221c4eb88da85e79b36853bbda4818b20348177f8d975103cc5be694ff7e8252a6634a856853b7c

data/lib/committee/drivers/open_api_2/driver.rb

@@ -59,7 +59,7 @@ module Committee
           schema.base_path = data['basePath'] || ''
 
           # Arbitrarily choose the first media type found in these arrays. This
-          # appraoch could probably stand to be improved, but at least users will
+          # approach could probably stand to be improved, but at least users will
           # for now have the option of turning media type validation off if they so
           # choose.
           schema.consumes = data['consumes'].first
@@ -156,7 +156,6 @@ module Committee
 
             methods.each do |method, link_data|
               method = method.upcase
-
               link = Link.new
               link.enc_type = schema.consumes
               link.href = href

data/lib/committee/drivers/open_api_2/parameter_schema_builder.rb

@@ -62,7 +62,7 @@ module Committee
                 # And same idea: despite parameters not being schemas, the items
                 # key (if preset) is actually a schema that defines each item of an
                 # array type, so we can just reflect that directly onto our
-                # artifical schema.
+                # artificial schema.
                 if param_data["type"] == "array" && param_data["items"]
                   param_schema.items = param_data["items"]
                 end

data/lib/committee/drivers.rb

@@ -20,26 +20,27 @@ module Committee
     # load and build drive from JSON file
     # @param [String] schema_path
     # @return [Committee::Driver]
-    def self.load_from_json(schema_path)
-      load_from_data(JSON.parse(File.read(schema_path)))
+    def self.load_from_json(schema_path, parser_options: {})
+      load_from_data(JSON.parse(File.read(schema_path)), schema_path, parser_options: parser_options)
     end
 
     # load and build drive from YAML file
     # @param [String] schema_path
     # @return [Committee::Driver]
-    def self.load_from_yaml(schema_path)
-      load_from_data(YAML.load_file(schema_path))
+    def self.load_from_yaml(schema_path, parser_options: {})
+      data = YAML.respond_to?(:unsafe_load_file) ? YAML.unsafe_load_file(schema_path) : YAML.load_file(schema_path)
+      load_from_data(data, schema_path, parser_options: parser_options)
     end
 
     # load and build drive from file
     # @param [String] schema_path
     # @return [Committee::Driver]
-    def self.load_from_file(schema_path)
+    def self.load_from_file(schema_path, parser_options: {})
       case File.extname(schema_path)
       when '.json'
-        load_from_json(schema_path)
+        load_from_json(schema_path, parser_options: parser_options)
       when '.yaml', '.yml'
-        load_from_yaml(schema_path)
+        load_from_yaml(schema_path, parser_options: parser_options)
       else
         raise "Committee only supports the following file extensions: '.json', '.yaml', '.yml'"
       end
@@ -48,10 +49,20 @@ module Committee
     # load and build drive from Hash object
     # @param [Hash] hash
     # @return [Committee::Driver]
-    def self.load_from_data(hash)
+    def self.load_from_data(hash, schema_path = nil, parser_options: {})
       if hash['openapi']&.start_with?('3.0.')
-        parser = OpenAPIParser.parse(hash)
-        return Committee::Drivers::OpenAPI3::Driver.new.parse(parser)
+        # From the next major version, we want to ensure `{ strict_reference_validation: true }`
+        # as a parser option here, but since it may break existing implementations, just warn
+        # if it is not explicitly set. See: https://github.com/interagent/committee/issues/343#issuecomment-997400329
+        opts = parser_options.dup
+
+        Committee.warn_deprecated_until_6(!opts.key?(:strict_reference_validation), 'openapi_parser will default to strict reference validation ' +
+        'from next version. Pass config `strict_reference_validation: true` (or false, if you must) ' +
+        'to quiet this warning.')
+        opts[:strict_reference_validation] ||= false
+        
+        openapi = OpenAPIParser.parse_with_filepath(hash, schema_path, opts)
+        return Committee::Drivers::OpenAPI3::Driver.new.parse(openapi)
       end
 
       driver = if hash['swagger'] == '2.0'
@@ -60,6 +71,7 @@ module Committee
                  Committee::Drivers::HyperSchema::Driver.new
                end
 
+      # TODO: in the future, pass `opts` here and allow optionality in other drivers?
       driver.parse(hash)
     end
   end

data/lib/committee/errors.rb

@@ -8,9 +8,21 @@ module Committee
   end
 
   class InvalidRequest < Error
+    attr_reader :original_error
+
+    def initialize(error_message=nil, original_error: nil)
+      @original_error = original_error
+      super(error_message)
+    end
   end
 
   class InvalidResponse < Error
+    attr_reader :original_error
+
+    def initialize(error_message=nil, original_error: nil)
+      @original_error = original_error
+      super(error_message)
+    end
   end
 
   class NotFound < Error

data/lib/committee/middleware/base.rb

@@ -30,11 +30,12 @@ module Committee
       class << self
         def get_schema(options)
           schema = options[:schema]
-          unless schema
-            schema = Committee::Drivers::load_from_file(options[:schema_path]) if options[:schema_path]
-
-            raise(ArgumentError, "Committee: need option `schema` or `schema_path`") unless schema
+          if !schema && options[:schema_path]
+            # In the future, we could have `parser_options` as an exposed config?
+            parser_options = options.key?(:strict_reference_validation) ? { strict_reference_validation: options[:strict_reference_validation] } : {}
+            schema = Committee::Drivers::load_from_file(options[:schema_path], parser_options: parser_options)
           end
+          raise(ArgumentError, "Committee: need option `schema` or `schema_path`") unless schema
 
           # Expect the type we want by now. If we don't have it, the user passed
           # something else non-standard in.

data/lib/committee/middleware/request_validation.rb

@@ -7,9 +7,6 @@ module Committee
         super
 
         @strict  = options[:strict]
-
-        # deprecated
-        @allow_extra = options[:allow_extra]
       end
 
       def handle(request)
@@ -21,14 +18,14 @@ module Committee
         rescue Committee::BadRequest, Committee::InvalidRequest
           handle_exception($!, request.env)
           raise if @raise
-          return @error_class.new(400, :bad_request, $!.message).render unless @ignore_error
+          return @error_class.new(400, :bad_request, $!.message, request).render unless @ignore_error
         rescue Committee::NotFound => e
           raise if @raise
-          return @error_class.new(404, :not_found, e.message).render unless @ignore_error
+          return @error_class.new(404, :not_found, e.message, request).render unless @ignore_error
         rescue JSON::ParserError
           handle_exception($!, request.env)
           raise Committee::InvalidRequest if @raise
-          return @error_class.new(400, :bad_request, "Request body wasn't valid JSON.").render unless @ignore_error
+          return @error_class.new(400, :bad_request, "Request body wasn't valid JSON.", request).render unless @ignore_error
         end
 
         @app.call(request.env)
@@ -37,18 +34,7 @@ module Committee
       private
 
       def handle_exception(e, env)
-        return unless @error_handler
-
-        if @error_handler.arity > 1
-          @error_handler.call(e, env)
-        else
-          warn <<-MESSAGE
-          [DEPRECATION] Using `error_handler.call(exception)` is deprecated and will be change to
-            `error_handler.call(exception, request.env)` in next major version.
-          MESSAGE
-
-          @error_handler.call(e)
-        end
+        @error_handler.call(e, env) if @error_handler
       end
     end
   end

data/lib/committee/middleware/response_validation.rb

@@ -7,15 +7,16 @@ module Committee
 
       def initialize(app, options = {})
         super
+        @strict = options[:strict]
         @validate_success_only = @schema.validator_option.validate_success_only
       end
 
       def handle(request)
-        begin
-          status, headers, response = @app.call(request.env)
+        status, headers, response = @app.call(request.env)
 
+        begin
           v = build_schema_validator(request)
-          v.response_validate(status, headers, response) if v.link_exist? && self.class.validate?(status, validate_success_only)
+          v.response_validate(status, headers, response, @strict) if v.link_exist? && self.class.validate?(status, validate_success_only)
 
         rescue Committee::InvalidResponse
           handle_exception($!, request.env)
@@ -34,25 +35,23 @@ module Committee
 
       class << self
         def validate?(status, validate_success_only)
-          status != 204 && (!validate_success_only || (200...300).include?(status))
+          case status
+          when 204
+            false
+          when 200..299
+            true
+          when 304
+            false
+          else
+            !validate_success_only
+          end
         end
       end
 
       private
 
       def handle_exception(e, env)
-        return unless @error_handler
-
-        if @error_handler.arity > 1
-          @error_handler.call(e, env)
-        else
-          warn <<-MESSAGE
-          [DEPRECATION] Using `error_handler.call(exception)` is deprecated and will be change to
-            `error_handler.call(exception, request.env)` in next major version.
-          MESSAGE
-
-          @error_handler.call(e)
-        end
+        @error_handler.call(e, env) if @error_handler
       end
     end
   end

data/lib/committee/request_unpacker.rb

@@ -2,84 +2,82 @@
 
 module Committee
   class RequestUnpacker
-    def initialize(request, options={})
-      @request = request
+    class << self
+      # Enable string or symbol key access to the nested params hash.
+      #
+      # (Copied from Sinatra)
+      def indifferent_params(object)
+        case object
+        when Hash
+          new_hash = Committee::Utils.indifferent_hash
+          object.each { |key, value| new_hash[key] = indifferent_params(value) }
+          new_hash
+        when Array
+          object.map { |item| indifferent_params(item) }
+        else
+          object
+        end
+      end
+    end
 
+    def initialize(options={})
       @allow_form_params  = options[:allow_form_params]
       @allow_get_body     = options[:allow_get_body]
       @allow_query_params = options[:allow_query_params]
-      @coerce_form_params = options[:coerce_form_params]
       @optimistic_json    = options[:optimistic_json]
-      @schema_validator   = options[:schema_validator]
     end
 
-    def call
+    # return params and is_form_params
+    def unpack_request_params(request)
       # if Content-Type is empty or JSON, and there was a request body, try to
       # interpret it as JSON
-      params = if !@request.media_type || @request.media_type =~ %r{application/.*json}
-        parse_json
+      params = if !request.media_type || request.media_type =~ %r{application/(?:.*\+)?json}
+        parse_json(request)
       elsif @optimistic_json
         begin
-          parse_json
+          parse_json(request)
         rescue JSON::ParserError
           nil
         end
       end
 
-      params = if params
-        params
-      elsif @allow_form_params && %w[application/x-www-form-urlencoded multipart/form-data].include?(@request.media_type)
+      return [params, false] if params
+
+      if @allow_form_params && %w[application/x-www-form-urlencoded multipart/form-data].include?(request.media_type)
         # Actually, POST means anything in the request body, could be from
         # PUT or PATCH too. Silly Rack.
-        p = @request.POST
-
-        @schema_validator.coerce_form_params(p) if @coerce_form_params
-
-        p
-      else
-        {}
+        return [request.POST, true] if request.POST
       end
 
-      if @allow_query_params
-        [indifferent_params(@request.GET).merge(params), headers]
-      else
-        [params, headers]
-      end
+      [{}, false]
     end
 
-    private
-
-    # Creates a Hash with indifferent access.
-    #
-    # (Copied from Sinatra)
-    def indifferent_hash
-      Hash.new { |hash,key| hash[key.to_s] if Symbol === key }
+    def unpack_query_params(request)
+      @allow_query_params ? self.class.indifferent_params(request.GET) : {}
     end
 
-    # Enable string or symbol key access to the nested params hash.
-    #
-    # (Copied from Sinatra)
-    def indifferent_params(object)
-      case object
-      when Hash
-        new_hash = indifferent_hash
-        object.each { |key, value| new_hash[key] = indifferent_params(value) }
-        new_hash
-      when Array
-        object.map { |item| indifferent_params(item) }
-      else
-        object
+    def unpack_headers(request)
+      env = request.env
+      base = env.keys.grep(/HTTP_/).inject({}) do |headers, key|
+        headerized_key = key.gsub(/^HTTP_/, '').gsub(/_/, '-')
+        headers[headerized_key] = env[key]
+        headers
       end
+
+      base['Content-Type'] = env['CONTENT_TYPE'] if env['CONTENT_TYPE']
+      base
     end
 
-    def parse_json
-      return nil if @request.request_method == "GET" && !@allow_get_body
+    private
+
+    def parse_json(request)
+      return nil if request.request_method == "GET" && !@allow_get_body
 
-      body = @request.body.read
+      body = request.body.read
       # if request body is empty, we just have empty params
       return nil if body.length == 0
 
-      @request.body.rewind
+      request.body.rewind
       hash = JSON.parse(body)
       # We want a hash specifically. '42', 42, and [42] will all be
       # decoded properly, but we can't use them here.
@@ -87,19 +85,7 @@ module Committee
         raise BadRequest,
               "Invalid JSON input. Require object with parameters as keys."
       end
-      indifferent_params(hash)
-    end
-
-    def headers
-      env = @request.env
-      base = env.keys.grep(/HTTP_/).inject({}) do |headers, key|
-        headerized_key = key.gsub(/^HTTP_/, '').gsub(/_/, '-')
-        headers[headerized_key] = env[key]
-        headers
-      end
-
-      base['Content-Type'] = env['CONTENT_TYPE'] if env['CONTENT_TYPE']
-      base
+      self.class.indifferent_params(hash)
     end
   end
 end

data/lib/committee/schema_validator/hyper_schema/response_validator.rb

@@ -14,7 +14,7 @@ module Committee
         end
 
         def call(status, headers, data)
-          unless status == 204 # 204 No Content
+          unless [204, 304].include?(status) # 204 No Content or 304 Not Modified
             response = Rack::Response.new(data, status, headers)
             check_content_type!(response)
           end
@@ -48,9 +48,15 @@ module Committee
         private
 
         def response_media_type(response)
-          response.content_type.to_s.split(";").first.to_s
+          if response.respond_to?(:media_type)
+            response.media_type.to_s
+          else
+            # for rack compatibility. In rack v 1.5.0, Rack::Response doesn't have media_type
+            response.content_type.to_s.split(";").first.to_s
+          end
         end
 
+
         def check_content_type!(response)
           if @link.media_type
             unless Rack::Mime.match?(response_media_type(response), @link.media_type)

data/lib/committee/schema_validator/hyper_schema.rb

@@ -11,18 +11,8 @@ module Committee
       end
 
       def request_validate(request)
-        # Attempts to coerce parameters that appear in a link's URL to Ruby
-        # types that can be validated with a schema.
-        param_matches_hash = validator_option.coerce_path_params ? coerce_path_params : {}
-
-        # Attempts to coerce parameters that appear in a query string to Ruby
-        # types that can be validated with a schema.
-        coerce_query_params(request) if validator_option.coerce_query_params
-
         request_unpack(request)
 
-        request.env[validator_option.params_key].merge!(param_matches_hash) if param_matches_hash
-
         request_schema_validation(request)
         parameter_coerce!(request, link, validator_option.params_key)
         parameter_coerce!(request, link, "rack.request.query_hash") if link_exist? && !request.GET.nil? && !link.schema.nil?
@@ -35,7 +25,14 @@ module Committee
         response.each do |chunk|
           full_body << chunk
         end
-        data = full_body.empty? ? {} : JSON.parse(full_body)
+
+        data = {}
+        unless full_body.empty?
+          parse_to_json = !validator_option.parse_response_by_content_type ||
+                          headers.fetch('Content-Type', nil)&.start_with?('application/json')
+          data = JSON.parse(full_body) if parse_to_json
+        end
+
         Committee::SchemaValidator::HyperSchema::ResponseValidator.new(link, validate_success_only: validator_option.validate_success_only).call(status, headers, data)
       end
 
@@ -43,16 +40,10 @@ module Committee
         !link.nil?
       end
 
-      def coerce_form_params(parameter)
-        return unless link_exist?
-        return unless link.schema
-        Committee::SchemaValidator::HyperSchema::StringParamsCoercer.new(parameter, link.schema).call!
-      end
-
       private
 
         def coerce_path_params
-          return unless link_exist?
+          return {} unless link_exist?
 
           Committee::SchemaValidator::HyperSchema::StringParamsCoercer.new(param_matches, link.schema, coerce_recursive: validator_option.coerce_recursive).call!
           param_matches
@@ -66,15 +57,38 @@ module Committee
         end
 
         def request_unpack(request)
-          request.env[validator_option.params_key], request.env[validator_option.headers_key] = Committee::RequestUnpacker.new(
-              request,
-              allow_form_params:  validator_option.allow_form_params,
-              allow_get_body:     validator_option.allow_get_body,
-              allow_query_params: validator_option.allow_query_params,
-              coerce_form_params: validator_option.coerce_form_params,
-              optimistic_json:    validator_option.optimistic_json,
-              schema_validator:   self
-          ).call
+          unpacker = Committee::RequestUnpacker.new(
+            allow_form_params:  validator_option.allow_form_params,
+            allow_get_body:     validator_option.allow_get_body,
+            allow_query_params: validator_option.allow_query_params,
+            optimistic_json:    validator_option.optimistic_json,
+          )
+
+          request.env[validator_option.headers_key] = unpacker.unpack_headers(request)
+
+          # Attempts to coerce parameters that appear in a link's URL to Ruby
+          # types that can be validated with a schema.
+          param_matches_hash = validator_option.coerce_path_params ? coerce_path_params : {}
+
+          # Attempts to coerce parameters that appear in a query string to Ruby
+          # types that can be validated with a schema.
+          coerce_query_params(request) if validator_option.coerce_query_params
+
+          query_param = unpacker.unpack_query_params(request)
+          request_param, is_form_params = unpacker.unpack_request_params(request)
+          coerce_form_params(request_param) if validator_option.coerce_form_params && is_form_params
+          request.env[validator_option.request_body_hash_key] = request_param
+
+          request.env[validator_option.params_key] = Committee::Utils.indifferent_hash
+          request.env[validator_option.params_key].merge!(Committee::Utils.deep_copy(query_param))
+          request.env[validator_option.params_key].merge!(Committee::Utils.deep_copy(request_param))
+          request.env[validator_option.params_key].merge!(Committee::Utils.deep_copy(param_matches_hash))
+        end
+
+        def coerce_form_params(parameter)
+          return unless link_exist?
+          return unless link.schema
+          Committee::SchemaValidator::HyperSchema::StringParamsCoercer.new(parameter, link.schema).call!
         end
 
         def request_schema_validation(request)

data/lib/committee/schema_validator/open_api_3/operation_wrapper.rb

@@ -17,13 +17,17 @@ module Committee
           request_operation.original_path
         end
 
+        def http_method
+          request_operation.http_method
+        end
+
         def coerce_path_parameter(validator_option)
           options = build_openapi_parser_path_option(validator_option)
           return {} unless options.coerce_value
 
           request_operation.validate_path_params(options)
         rescue OpenAPIParser::OpenAPIError => e
-          raise Committee::InvalidRequest.new(e.message)
+          raise Committee::InvalidRequest.new(e.message, original_error: e)
         end
 
         # @param [Boolean] strict when not content_type or status code definition, raise error
@@ -32,21 +36,15 @@ module Committee
 
           return request_operation.validate_response_body(response_body, response_validate_options(strict, check_header))
         rescue OpenAPIParser::OpenAPIError => e
-          raise Committee::InvalidResponse.new(e.message)
+          raise Committee::InvalidResponse.new(e.message, original_error: e)
         end
 
-        def validate_request_params(params, headers, validator_option)
+        def validate_request_params(path_params, query_params, body_params, headers, validator_option)
           ret, err = case request_operation.http_method
-                when 'get'
-                  validate_get_request_params(params, headers, validator_option)
-                when 'post'
-                  validate_post_request_params(params, headers, validator_option)
-                when 'put'
-                  validate_post_request_params(params, headers, validator_option)
-                when 'patch'
-                  validate_post_request_params(params, headers, validator_option)
-                when 'delete'
-                  validate_get_request_params(params, headers, validator_option)
+                when 'get', 'delete', 'head'
+                  validate_get_request_params(path_params, query_params, headers, validator_option)
+                when 'post', 'put', 'patch', 'options'
+                  validate_post_request_params(path_params, query_params, body_params, headers, validator_option)
                 else
                   raise "Committee OpenAPI3 not support #{request_operation.http_method} method"
                 end
@@ -54,6 +52,10 @@ module Committee
           ret
         end
 
+        def optional_body?
+          !request_operation.operation_object&.request_body&.required
+        end
+
         def valid_request_content_type?(content_type)
           if (request_body = request_operation.operation_object&.request_body)
             !request_body.select_media_type(content_type).nil?
@@ -76,28 +78,17 @@ module Committee
         #   @return [OpenAPIParser::RequestOperation]
 
         # @return [OpenAPIParser::SchemaValidator::Options]
-        def build_openapi_parser_path_option(validator_option)
-          coerce_value = validator_option.coerce_path_params
-          datetime_coerce_class = validator_option.coerce_date_times ? DateTime : nil
-          validate_header = validator_option.check_header
-          OpenAPIParser::SchemaValidator::Options.new(coerce_value: coerce_value,
-                                                      datetime_coerce_class: datetime_coerce_class,
-                                                      validate_header: validate_header)
+        def build_openapi_parser_body_option(validator_option)
+          build_openapi_parser_option(validator_option, validator_option.coerce_form_params)
         end
 
         # @return [OpenAPIParser::SchemaValidator::Options]
-        def build_openapi_parser_post_option(validator_option)
-          coerce_value = validator_option.coerce_form_params
-          datetime_coerce_class = validator_option.coerce_date_times ? DateTime : nil
-          validate_header = validator_option.check_header
-          OpenAPIParser::SchemaValidator::Options.new(coerce_value: coerce_value,
-                                                      datetime_coerce_class: datetime_coerce_class,
-                                                      validate_header: validate_header)
+        def build_openapi_parser_path_option(validator_option)
+          build_openapi_parser_option(validator_option, validator_option.coerce_query_params)
         end
 
         # @return [OpenAPIParser::SchemaValidator::Options]
-        def build_openapi_parser_get_option(validator_option)
-          coerce_value = validator_option.coerce_query_params
+        def build_openapi_parser_option(validator_option, coerce_value)
           datetime_coerce_class = validator_option.coerce_date_times ? DateTime : nil
           validate_header = validator_option.check_header
           OpenAPIParser::SchemaValidator::Options.new(coerce_value: coerce_value,
@@ -105,22 +96,38 @@ module Committee
                                                       validate_header: validate_header)
         end
 
-        def validate_get_request_params(params, headers, validator_option)
+        def validate_get_request_params(path_params, query_params, headers, validator_option)
           # bad performance because when we coerce value, same check
-          request_operation.validate_request_parameter(params, headers, build_openapi_parser_get_option(validator_option))
+          validate_path_and_query_params(path_params, query_params, headers, validator_option)
         rescue OpenAPIParser::OpenAPIError => e
-          raise Committee::InvalidRequest.new(e.message)
+          raise Committee::InvalidRequest.new(e.message, original_error: e)
         end
 
-        def validate_post_request_params(params, headers, validator_option)
+        def validate_post_request_params(path_params, query_params, body_params, headers, validator_option)
           content_type = headers['Content-Type'].to_s.split(";").first.to_s
 
           # bad performance because when we coerce value, same check
-          schema_validator_options = build_openapi_parser_post_option(validator_option)
-          request_operation.validate_request_parameter(params, headers, schema_validator_options)
-          request_operation.validate_request_body(content_type, params, schema_validator_options)
+          validate_path_and_query_params(path_params, query_params, headers, validator_option)
+          request_operation.validate_request_body(content_type, body_params, build_openapi_parser_body_option(validator_option))
         rescue => e
-          raise Committee::InvalidRequest.new(e.message)
+          raise Committee::InvalidRequest.new(e.message, original_error: e)
+        end
+
+        def validate_path_and_query_params(path_params, query_params, headers, validator_option)
+          # it's currently impossible to validate path params and query params separately
+          # so we have to resort to this workaround
+
+          path_keys = path_params.keys.to_set
+          query_keys = query_params.keys.to_set
+
+          merged_params = query_params.merge(path_params)
+
+          request_operation.validate_request_parameter(merged_params, headers, build_openapi_parser_path_option(validator_option))
+
+          merged_params.each do |k, v|
+            path_params[k] = v if path_keys.include?(k)
+            query_params[k] = v if query_keys.include?(k)
+          end
         end
 
         def response_validate_options(strict, check_header)