committee 5.6.1 → 5.6.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 07fd25d2379c9e5d324556185a1071995f394712a778f4d8ee2afda016601645
-  data.tar.gz: dd86ac014d3b34fc1f2d03456fe74190756084c8432858d20e01717562ff7c49
+  metadata.gz: 6f5e2c05d7caa0327f1f9aab8eb4e70fde475df991c89d2969cf1e64fbaf2ab4
+  data.tar.gz: b8e55ce938ae8276b2469cef2a5f451b326fcbd94ab10a0957a0c8908307707d
 SHA512:
-  metadata.gz: 2226c6247449ba57f98ec7fdf69c287d797ff7aabf92de710e91d7d080e3bc8ec65b9b88a5304e549d13f023c6238343c1971f801784f8b4fc2dce6587841e49
-  data.tar.gz: 589bf4caf9cdd2ded55739c90de5db53ebd21e52b66f30d4d883289349af9553fd619fd5d4b7328c0c85e5402f274018b00d6a7ed55e2fcc608157c99d87b2ec
+  metadata.gz: 48819e9df56d4ad78afc3e4ccd6992eba3570a3e3ec39570354b8ab3777e73d4ef75f5554cfb2e3bf173b91d645c0015173c465e64712f87d4ef22ad02738b7e
+  data.tar.gz: f3e72af3ca96804db1b07f0b28002367bee84d6557f1725c0244fee839757a940c7aa89e6373952559109c273f5ec721759be89d8f98517234bd3d00bdba17ce

data/lib/committee/drivers/open_api_3/driver.rb

@@ -33,6 +33,11 @@ module Committee
           false
         end
 
+        # Whether to deserialize parameters based on OpenAPI 3 style/explode settings
+        def default_deserialize_parameters
+          true
+        end
+
         def name
           :open_api_3
         end

data/lib/committee/drivers.rb

@@ -61,9 +61,7 @@ module Committee
         # if it is not explicitly set. See: https://github.com/interagent/committee/issues/343#issuecomment-997400329
         opts = parser_options.dup
 
-        Committee.warn_deprecated_until_6(!opts.key?(:strict_reference_validation), 'openapi_parser will default to strict reference validation ' +
-        'from next version. Pass config `strict_reference_validation: true` (or false, if you must) ' +
-        'to quiet this warning.')
+        Committee.warn_deprecated_until_6(!opts.key?(:strict_reference_validation), 'openapi_parser will default to strict reference validation ' + 'from next version. Pass config `strict_reference_validation: true` (or false, if you must) ' + 'to quiet this warning.')
         opts[:strict_reference_validation] ||= false
 
         openapi = OpenAPIParser.parse_with_filepath(hash, schema_path, opts)
@@ -91,6 +89,7 @@ module Committee
 
       def cache_key(schema_path, parser_options)
         [
+          File.expand_path(schema_path),
           File.exist?(schema_path) ? Digest::MD5.hexdigest(File.read(schema_path)) : nil,
           parser_options.hash,
         ].join('_')

data/lib/committee/errors.rb

@@ -33,4 +33,15 @@ module Committee
 
   class OpenAPI3Unsupported < Error
   end
+
+  class ParameterDeserializationError < InvalidRequest
+    attr_reader :parameter_name, :style, :raw_value
+
+    def initialize(param_name, style, raw_value, message)
+      @parameter_name = param_name
+      @style = style
+      @raw_value = raw_value
+      super("Parameter '#{param_name}' (style: #{style}): #{message}")
+    end
+  end
 end

data/lib/committee/middleware/base.rb

@@ -5,16 +5,17 @@ module Committee
     class Base
       def initialize(app, options = {})
         @app = app
+        @options = build_options(options)
 
-        @error_class = options.fetch(:error_class, Committee::ValidationError)
-        @error_handler = options[:error_handler]
-        @ignore_error = options.fetch(:ignore_error, false)
+        @error_class = @options.error_class
+        @error_handler = @options.error_handler
+        @ignore_error = @options.ignore_error
 
-        @raise = options[:raise]
+        @raise = @options.raise_error
         @schema = self.class.get_schema(options)
 
         @router = @schema.build_router(options)
-        @accept_request_filter = options[:accept_request_filter] || ->(_) { true }
+        @accept_request_filter = @options.accept_request_filter
       end
 
       def call(env)
@@ -49,6 +50,11 @@ module Committee
 
       private
 
+      # Subclasses should override this method to use their specific Options class
+      def build_options(options)
+        Options::Base.from(options)
+      end
+
       def build_schema_validator(request)
         @router.build_schema_validator(request)
       end

data/lib/committee/middleware/options/base.rb

@@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+module Committee
+  module Middleware
+    module Options
+      class Base
+        # Common options
+        attr_reader :schema
+        attr_reader :schema_path
+        attr_reader :error_class
+        attr_reader :error_handler
+        attr_reader :raise_error
+        attr_reader :ignore_error
+        attr_reader :prefix
+        attr_reader :accept_request_filter
+
+        # Schema loading options
+        attr_reader :strict_reference_validation
+
+        def initialize(options = {})
+          @original_options = options.dup.freeze
+
+          # Schema related
+          @schema = options[:schema]
+          @schema_path = options[:schema_path]
+          @strict_reference_validation = options.fetch(:strict_reference_validation, false)
+
+          # Error handling
+          @error_class = options.fetch(:error_class, Committee::ValidationError)
+          @error_handler = options[:error_handler]
+          @raise_error = options[:raise] || false
+          @ignore_error = options.fetch(:ignore_error, false)
+
+          # Routing
+          @prefix = options[:prefix]
+          @accept_request_filter = options[:accept_request_filter] || ->(_) { true }
+
+          validate!
+        end
+
+        # Allow Hash-like access for backward compatibility
+        def [](key)
+          to_h[key]
+        end
+
+        def fetch(key, default = nil)
+          to_h.fetch(key, default)
+        end
+
+        def to_h
+          @to_h ||= build_hash
+        end
+
+        # Create an Option object from Hash options
+        # Returns the object as-is if already an Option object
+        def self.from(options)
+          case options
+          when self
+            options
+          when Hash
+            new(options)
+          else
+            raise ArgumentError, "options must be a Hash or #{name}"
+          end
+        end
+
+        private
+
+        def validate!
+          validate_error_class!
+          validate_error_handler!
+          validate_schema_source!
+          validate_accept_request_filter!
+        end
+
+        def validate_error_handler!
+          return if @error_handler.nil? || @error_handler.respond_to?(:call)
+
+          raise ArgumentError, "error_handler must respond to #call"
+        end
+
+        def validate_error_class!
+          return if @error_class.is_a?(Class)
+
+          raise ArgumentError, "error_class must be a Class"
+        end
+
+        def validate_schema_source!
+          return if @schema || @schema_path
+
+          raise ArgumentError, "Committee: need option `schema` or `schema_path`"
+        end
+
+        def validate_accept_request_filter!
+          return if @accept_request_filter.respond_to?(:call)
+
+          raise ArgumentError, "accept_request_filter must respond to #call"
+        end
+
+        def build_hash
+          # Start with original options to preserve any options not explicitly handled
+          @original_options.dup.merge(schema: @schema, schema_path: @schema_path, strict_reference_validation: @strict_reference_validation, error_class: @error_class, error_handler: @error_handler, raise: @raise_error, ignore_error: @ignore_error, prefix: @prefix, accept_request_filter: @accept_request_filter)
+        end
+      end
+    end
+  end
+end

data/lib/committee/middleware/options/request_validation.rb

@@ -0,0 +1,80 @@
+# frozen_string_literal: true
+
+module Committee
+  module Middleware
+    module Options
+      class RequestValidation < Base
+        # RequestValidation specific options
+        attr_reader :strict
+        attr_reader :coerce_date_times
+        attr_reader :coerce_recursive
+        attr_reader :coerce_form_params
+        attr_reader :coerce_path_params
+        attr_reader :coerce_query_params
+        attr_reader :allow_form_params
+        attr_reader :allow_query_params
+        attr_reader :allow_get_body
+        attr_reader :allow_non_get_query_params
+        attr_reader :check_content_type
+        attr_reader :check_header
+        attr_reader :optimistic_json
+        attr_reader :request_body_hash_key
+        attr_reader :query_hash_key
+        attr_reader :path_hash_key
+        attr_reader :headers_key
+        attr_reader :params_key
+        attr_reader :allow_blank_structures
+        attr_reader :allow_empty_date_and_datetime
+        attr_reader :parameter_overwrite_by_rails_rule
+        attr_reader :deserialize_parameters
+
+        # Default values
+        DEFAULTS = { strict: false, coerce_recursive: true, allow_get_body: false, check_content_type: true, check_header: true, optimistic_json: false, allow_form_params: true, allow_query_params: true, allow_non_get_query_params: false, allow_blank_structures: false, allow_empty_date_and_datetime: false, parameter_overwrite_by_rails_rule: true, request_body_hash_key: "committee.request_body_hash", query_hash_key: "committee.query_hash", path_hash_key: "committee.path_hash", headers_key: "committee.headers", params_key: "committee.params" }.freeze
+
+        def initialize(options = {})
+          super(options)
+
+          # Validation related
+          @strict = options.fetch(:strict, DEFAULTS[:strict])
+          @check_content_type = options.fetch(:check_content_type, DEFAULTS[:check_content_type])
+          @check_header = options.fetch(:check_header, DEFAULTS[:check_header])
+          @optimistic_json = options.fetch(:optimistic_json, DEFAULTS[:optimistic_json])
+
+          # Type coercion related
+          @coerce_date_times = options[:coerce_date_times]
+          @coerce_recursive = options.fetch(:coerce_recursive, DEFAULTS[:coerce_recursive])
+          @coerce_form_params = options[:coerce_form_params]
+          @coerce_path_params = options[:coerce_path_params]
+          @coerce_query_params = options[:coerce_query_params]
+
+          # Parameter permission related
+          @allow_form_params = options.fetch(:allow_form_params, DEFAULTS[:allow_form_params])
+          @allow_query_params = options.fetch(:allow_query_params, DEFAULTS[:allow_query_params])
+          @allow_get_body = options.fetch(:allow_get_body, DEFAULTS[:allow_get_body])
+          @allow_non_get_query_params = options.fetch(:allow_non_get_query_params, DEFAULTS[:allow_non_get_query_params])
+          @allow_blank_structures = options.fetch(:allow_blank_structures, DEFAULTS[:allow_blank_structures])
+          @allow_empty_date_and_datetime = options.fetch(:allow_empty_date_and_datetime, DEFAULTS[:allow_empty_date_and_datetime])
+
+          # Rails compatibility
+          @parameter_overwrite_by_rails_rule = options.fetch(:parameter_overwrite_by_rails_rule, DEFAULTS[:parameter_overwrite_by_rails_rule])
+
+          # Deserialization
+          @deserialize_parameters = options[:deserialize_parameters]
+
+          # Hash keys
+          @request_body_hash_key = options.fetch(:request_body_hash_key, DEFAULTS[:request_body_hash_key])
+          @query_hash_key = options.fetch(:query_hash_key, DEFAULTS[:query_hash_key])
+          @path_hash_key = options.fetch(:path_hash_key, DEFAULTS[:path_hash_key])
+          @headers_key = options.fetch(:headers_key, DEFAULTS[:headers_key])
+          @params_key = options.fetch(:params_key, DEFAULTS[:params_key])
+        end
+
+        private
+
+        def build_hash
+          super.merge(strict: @strict, coerce_date_times: @coerce_date_times, coerce_recursive: @coerce_recursive, coerce_form_params: @coerce_form_params, coerce_path_params: @coerce_path_params, coerce_query_params: @coerce_query_params, allow_form_params: @allow_form_params, allow_query_params: @allow_query_params, allow_get_body: @allow_get_body, allow_non_get_query_params: @allow_non_get_query_params, allow_blank_structures: @allow_blank_structures, allow_empty_date_and_datetime: @allow_empty_date_and_datetime, parameter_overwrite_by_rails_rule: @parameter_overwrite_by_rails_rule, deserialize_parameters: @deserialize_parameters, check_content_type: @check_content_type, check_header: @check_header, optimistic_json: @optimistic_json, request_body_hash_key: @request_body_hash_key, query_hash_key: @query_hash_key, path_hash_key: @path_hash_key, headers_key: @headers_key, params_key: @params_key)
+        end
+      end
+    end
+  end
+end

data/lib/committee/middleware/options/response_validation.rb

@@ -0,0 +1,46 @@
+# frozen_string_literal: true
+
+module Committee
+  module Middleware
+    module Options
+      class ResponseValidation < Base
+        # ResponseValidation specific options
+        attr_reader :strict
+        attr_reader :validate_success_only
+        attr_reader :parse_response_by_content_type
+        attr_reader :coerce_response_values
+        attr_reader :streaming_content_parsers
+
+        # Default values
+        DEFAULTS = { strict: false, validate_success_only: true, parse_response_by_content_type: true, coerce_response_values: false }.freeze
+
+        def initialize(options = {})
+          super(options)
+
+          # Validation related
+          @strict = options.fetch(:strict, DEFAULTS[:strict])
+          @validate_success_only = options.fetch(:validate_success_only, DEFAULTS[:validate_success_only])
+          @parse_response_by_content_type = options.fetch(:parse_response_by_content_type, DEFAULTS[:parse_response_by_content_type])
+          @coerce_response_values = options.fetch(:coerce_response_values, DEFAULTS[:coerce_response_values])
+
+          # Streaming
+          @streaming_content_parsers = options[:streaming_content_parsers] || {}
+
+          validate_response_validation_options!
+        end
+
+        private
+
+        def validate_response_validation_options!
+          return if @streaming_content_parsers.is_a?(Hash)
+
+          raise ArgumentError, "streaming_content_parsers must be a Hash"
+        end
+
+        def build_hash
+          super.merge(strict: @strict, validate_success_only: @validate_success_only, parse_response_by_content_type: @parse_response_by_content_type, coerce_response_values: @coerce_response_values, streaming_content_parsers: @streaming_content_parsers)
+        end
+      end
+    end
+  end
+end

data/lib/committee/middleware/options.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module Committee
+  module Middleware
+    module Options
+    end
+  end
+end
+
+require_relative "options/base"
+require_relative "options/request_validation"
+require_relative "options/response_validation"

data/lib/committee/middleware/request_validation.rb

@@ -6,7 +6,13 @@ module Committee
       def initialize(app, options = {})
         super
 
-        @strict = options[:strict]
+        @strict = @options.strict
+      end
+
+      private
+
+      def build_options(options)
+        Options::RequestValidation.from(options)
       end
 
       def handle(request)

data/lib/committee/middleware/response_validation.rb

@@ -7,9 +7,9 @@ module Committee
 
       def initialize(app, options = {})
         super
-        @strict = options[:strict]
+        @strict = @options.strict
         @validate_success_only = @schema.validator_option.validate_success_only
-        @streaming_content_parsers = options[:streaming_content_parsers] || {}
+        @streaming_content_parsers = @options.streaming_content_parsers
       end
 
       def handle(request)
@@ -63,6 +63,10 @@ module Committee
 
       private
 
+      def build_options(options)
+        Options::ResponseValidation.from(options)
+      end
+
       def validate(request, status, headers, response, streaming_content_parser = nil)
         v = build_schema_validator(request)
         if v.link_exist? && self.class.validate?(status, validate_success_only)

data/lib/committee/middleware.rb

@@ -5,6 +5,7 @@ module Committee
   end
 end
 
+require_relative "middleware/options"
 require_relative "middleware/base"
 require_relative "middleware/request_validation"
 require_relative "middleware/response_validation"

data/lib/committee/schema_validator/hyper_schema/response_generator.rb

@@ -73,9 +73,7 @@ module Committee
             {}
 
           else
-            raise(%{At "#{link.method} #{link.href}" "#{schema.pointer}": no } +
-              %{"example" attribute and "null" } +
-              %{is not allowed; don't know how to generate property.})
+            raise(%{At "#{link.method} #{link.href}" "#{schema.pointer}": no } + %{"example" attribute and "null" } + %{is not allowed; don't know how to generate property.})
           end
         end
 

data/lib/committee/schema_validator/hyper_schema/response_validator.rb

@@ -53,7 +53,7 @@ module Committee
           end
 
           begin
-            if Committee::Middleware::ResponseValidation.validate?(status, validate_success_only)
+            if validate?(status)
               if @link.is_a?(Drivers::OpenAPI2::Link)
                 raise InvalidResponse, "Invalid response.#{@link.href} status code #{status} definition does not exist" if @validators[status].nil?
                 if !@validators[status].validate(data)
@@ -73,6 +73,19 @@ module Committee
           end
         end
 
+        def validate?(status)
+          case status
+          when 204
+            false
+          when 200..299
+            true
+          when 304
+            false
+          else
+            !validate_success_only
+          end
+        end
+
         private
 
         def response_media_type(response)

data/lib/committee/schema_validator/hyper_schema/router.rb

@@ -6,7 +6,7 @@ module Committee
       class Router
         def initialize(schema, validator_option)
           @prefix = validator_option.prefix
-          @prefix_regexp = /\A#{Regexp.escape(@prefix)}/.freeze if @prefix
+          @prefix_regexp = ::Committee::SchemaValidator.build_prefix_regexp(@prefix)
           @schema = schema
 
           @validator_option = validator_option

data/lib/committee/schema_validator/hyper_schema.rb

@@ -65,13 +65,7 @@ module Committee
       end
 
       def request_unpack(request)
-        unpacker = Committee::RequestUnpacker.new(
-          allow_form_params:  validator_option.allow_form_params,
-          allow_get_body:     validator_option.allow_get_body,
-          allow_query_params: validator_option.allow_query_params,
-          allow_non_get_query_params: validator_option.allow_non_get_query_params,
-          optimistic_json:    validator_option.optimistic_json,
-        )
+        unpacker = Committee::RequestUnpacker.new(allow_form_params: validator_option.allow_form_params, allow_get_body: validator_option.allow_get_body, allow_query_params: validator_option.allow_query_params, allow_non_get_query_params: validator_option.allow_non_get_query_params, optimistic_json: validator_option.optimistic_json,)
 
         request.env[validator_option.headers_key] = unpacker.unpack_headers(request)
 
@@ -109,12 +103,7 @@ module Committee
       def parameter_coerce!(request, link, coerce_key)
         return unless link_exist?
 
-        Committee::SchemaValidator::HyperSchema::ParameterCoercer.
-          new(request.env[coerce_key],
-            link.schema,
-            coerce_date_times: validator_option.coerce_date_times,
-            coerce_recursive: validator_option.coerce_recursive).
-          call!
+        Committee::SchemaValidator::HyperSchema::ParameterCoercer.new(request.env[coerce_key], link.schema, coerce_date_times: validator_option.coerce_date_times, coerce_recursive: validator_option.coerce_recursive).call!
       end
     end
   end

data/lib/committee/schema_validator/open_api_3/operation_wrapper.rb

@@ -23,9 +23,10 @@ module Committee
 
         def coerce_path_parameter(validator_option)
           options = build_openapi_parser_path_option(validator_option)
+          validated_path_params = request_operation.validate_path_params(options)
           return {} unless options.coerce_value
 
-          request_operation.validate_path_params(options)
+          validated_path_params
         rescue OpenAPIParser::OpenAPIError => e
           raise Committee::InvalidRequest.new(e.message, original_error: e)
         end
@@ -34,9 +35,7 @@ module Committee
         def validate_response_params(status_code, headers, response_data, strict, check_header, validator_options: {})
           response_body = OpenAPIParser::RequestOperation::ValidatableResponseBody.new(status_code, response_data, headers)
 
-          return request_operation.validate_response_body(
-            response_body,
-            response_validate_options(strict, check_header, validator_options: validator_options))
+          return request_operation.validate_response_body(response_body, response_validate_options(strict, check_header, validator_options: validator_options))
         rescue OpenAPIParser::OpenAPIError => e
           raise Committee::InvalidResponse.new(e.message, original_error: e)
         end
@@ -72,12 +71,18 @@ module Committee
           request_operation.operation_object&.request_body&.content&.keys || []
         end
 
-        private
-
+        # Expose request_operation for parameter deserialization
+        # @return [OpenAPIParser::RequestOperation]
         attr_reader :request_operation
 
-        # @!attribute [r] request_operation
-        #   @return [OpenAPIParser::RequestOperation]
+        # @return [Array<String>] names of query parameters defined in the schema
+        def query_parameter_names
+          return [] unless request_operation.operation_object&.parameters
+
+          request_operation.operation_object.parameters.select { |p| p.in == 'query' }.map(&:name)
+        end
+
+        private
 
         # @return [OpenAPIParser::SchemaValidator::Options]
         def build_openapi_parser_body_option(validator_option)
@@ -86,6 +91,11 @@ module Committee
 
         # @return [OpenAPIParser::SchemaValidator::Options]
         def build_openapi_parser_path_option(validator_option)
+          build_openapi_parser_option(validator_option, validator_option.coerce_path_params)
+        end
+
+        # @return [OpenAPIParser::SchemaValidator::Options]
+        def build_openapi_parser_request_parameter_option(validator_option)
           build_openapi_parser_option(validator_option, validator_option.coerce_query_params)
         end
 
@@ -121,6 +131,9 @@ module Committee
         end
 
         def validate_path_and_query_params(path_params, query_params, headers, validator_option)
+          path_params ||= {}
+          query_params ||= {}
+
           # it's currently impossible to validate path params and query params separately
           # so we have to resort to this workaround
 
@@ -129,22 +142,39 @@ module Committee
 
           merged_params = query_params.merge(path_params)
 
-          request_operation.validate_request_parameter(merged_params, headers, build_openapi_parser_path_option(validator_option))
+          request_operation.validate_request_parameter(merged_params, headers, build_openapi_parser_request_parameter_option(validator_option))
 
           merged_params.each do |k, v|
             path_params[k] = v if path_keys.include?(k)
             query_params[k] = v if query_keys.include?(k)
           end
+
+          validate_no_unknown_query_params(query_params) if validator_option.strict_query_params
+        end
+
+        def validate_no_unknown_query_params(query_params)
+          return if query_params.nil? || query_params.empty?
+
+          defined_params = query_parameter_names
+          unknown_params = query_params.keys - defined_params
+
+          return if unknown_params.empty?
+
+          raise Committee::InvalidRequest.new("Unknown query parameter(s): #{unknown_params.join(', ')}")
         end
 
         def response_validate_options(strict, check_header, validator_options: {})
           options = { strict: strict, validate_header: check_header }
 
-          if OpenAPIParser::SchemaValidator::ResponseValidateOptions.method_defined?(:validator_options)
-            ::OpenAPIParser::SchemaValidator::ResponseValidateOptions.new(**options, **validator_options)
-          else
-            ::OpenAPIParser::SchemaValidator::ResponseValidateOptions.new(**options)
+          if validator_options[:coerce_value]
+            options[:coerce_value] = validator_options[:coerce_value]
           end
+
+          if validator_options[:allow_empty_date_and_datetime]
+            options[:allow_empty_date_and_datetime] = validator_options[:allow_empty_date_and_datetime]
+          end
+
+          ::OpenAPIParser::SchemaValidator::ResponseValidateOptions.new(**options)
         end
       end
     end