committee 5.6.2 → 5.6.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6f5e2c05d7caa0327f1f9aab8eb4e70fde475df991c89d2969cf1e64fbaf2ab4
-  data.tar.gz: b8e55ce938ae8276b2469cef2a5f451b326fcbd94ab10a0957a0c8908307707d
+  metadata.gz: 694da9f92c8670bbe39fa64e209c43da029c58262ebbc249cff4512dee7e7aed
+  data.tar.gz: 2c3ffa46d5c827471545b585421a45e5c7781b9d1ddb1d861ba9bfd12a1fddd8
 SHA512:
-  metadata.gz: 48819e9df56d4ad78afc3e4ccd6992eba3570a3e3ec39570354b8ab3777e73d4ef75f5554cfb2e3bf173b91d645c0015173c465e64712f87d4ef22ad02738b7e
-  data.tar.gz: f3e72af3ca96804db1b07f0b28002367bee84d6557f1725c0244fee839757a940c7aa89e6373952559109c273f5ec721759be89d8f98517234bd3d00bdba17ce
+  metadata.gz: fc906473afe3beef06fe6f34b96ad3c29566761a1806dff3ed5fabe5d5b477bdbebb49216b5039e533316e0271957a30812f791c5e4ea8a306cf8613abdb8772
+  data.tar.gz: ffa5ad6a180270f703d13fa2dacebe534c0a9c76bc5be9d4a27eac1f07e9592813bfa81d74712b63d5ff9502ebfde97cd171cca3abb2376f4f2a9865d4f11614

data/lib/committee/drivers/open_api_3/driver.rb

@@ -8,7 +8,8 @@ module Committee
           true
         end
 
-        # Whether parameters that were form-encoded will be coerced by default.
+        # Historically named for form params, but in OpenAPI 3 this flag controls
+        # request body coercion more generally.
         def default_coerce_form_params
           true
         end

data/lib/committee/schema_validator/hyper_schema.rb

@@ -31,7 +31,7 @@ module Committee
         elsif !full_body.empty?
           parse_to_json = if validator_option.parse_response_by_content_type
                             content_type_key = headers.keys.detect { |k| k.casecmp?('Content-Type') }
-            headers.fetch(content_type_key, nil)&.start_with?('application/json')
+                            Committee::SchemaValidator.json_media_type?(headers.fetch(content_type_key, nil))
           else
             true
           end

data/lib/committee/schema_validator/open_api_3/parameter_deserializer.rb

@@ -52,6 +52,8 @@ module Committee
           # If no parameters are defined for this location, return raw params as-is
           return raw_params if params_for_location.empty?
 
+          raw_params = normalize_raw_params(raw_params, location, params_for_location)
+
           # Collect parameter names that will be deserialized
           # This includes both the parameter name and any properties (for exploded objects)
           deserialized_keys = Set.new
@@ -105,6 +107,65 @@ module Committee
           Committee::Utils.indifferent_hash.merge(hash)
         end
 
+        # Normalize Rack-style nested query hashes into bracket notation when the
+        # schema expects bracket-named params or deepObject query params.
+        # Example: { "filter" => { "slug" => "/test" } } => { "filter[slug]" => "/test" }
+        # @param [Hash] raw_params
+        # @param [String] location
+        # @param [Array<OpenAPIParser::Schemas::Parameter>] params_for_location
+        # @return [Hash]
+        def normalize_raw_params(raw_params, location, params_for_location)
+          return raw_params unless location == 'query'
+          return raw_params unless raw_params.values.any? { |value| value.is_a?(Hash) }
+          return raw_params unless requires_query_param_flattening?(params_for_location)
+
+          normalized = Committee::Utils.indifferent_hash
+
+          raw_params.each do |key, value|
+            if should_flatten_query_param?(key, value, params_for_location)
+              flatten_nested_query_param(normalized, key.to_s, value)
+            else
+              normalized[key] = value
+            end
+          end
+
+          normalized
+        end
+
+        # @param [Array<OpenAPIParser::Schemas::Parameter>] params_for_location
+        # @return [Boolean]
+        def requires_query_param_flattening?(params_for_location)
+          params_for_location.any? { |param_def| param_def.style == 'deepObject' || param_def.name.include?('[') }
+        end
+
+        # @param [String, Symbol] key
+        # @param [Object] value
+        # @param [Array<OpenAPIParser::Schemas::Parameter>] params_for_location
+        # @return [Boolean]
+        def should_flatten_query_param?(key, value, params_for_location)
+          return false unless value.is_a?(Hash)
+
+          key_name = key.to_s
+          params_for_location.any? do |param_def|
+            param_def.name == key_name || param_def.name.start_with?("#{key_name}[")
+          end
+        end
+
+        # @param [Hash] result
+        # @param [String] prefix
+        # @param [Object] value
+        # @return [void]
+        def flatten_nested_query_param(result, prefix, value)
+          case value
+          when Hash
+            value.each do |child_key, child_value|
+              flatten_nested_query_param(result, "#{prefix}[#{child_key}]", child_value)
+            end
+          else
+            result[prefix] = value
+          end
+        end
+
         # Extract and deserialize a single parameter
         # @param [OpenAPIParser::Schemas::Parameter] param_def Parameter definition
         # @param [Hash] raw_params Raw parameters

data/lib/committee/schema_validator/open_api_3.rb

@@ -28,7 +28,7 @@ module Committee
 
         parse_to_json = if validator_option.parse_response_by_content_type
                           content_type_key = headers.keys.detect { |k| k.casecmp?('Content-Type') }
-                          headers.fetch(content_type_key, nil)&.start_with?('application/json')
+                          Committee::SchemaValidator.json_media_type?(headers.fetch(content_type_key, nil))
                         else
                           true
                         end

data/lib/committee/schema_validator.rb

@@ -2,11 +2,18 @@
 
 module Committee
   module SchemaValidator
+    JSON_MEDIA_TYPE_PATTERN = %r{\Aapplication/(?:.+\+)?json\z}.freeze
+
     class << self
       def request_media_type(request)
         Rack::MediaType.type(request.env['CONTENT_TYPE'])
       end
 
+      def json_media_type?(content_type)
+        normalized_content_type = Rack::MediaType.type(content_type)
+        normalized_content_type&.match?(JSON_MEDIA_TYPE_PATTERN) || false
+      end
+
       # @param [String] prefix
       # @return [Regexp]
       def build_prefix_regexp(prefix)

data/lib/committee/test/methods.rb

@@ -23,6 +23,8 @@ module Committee
             schema_validator.request_validate(request_object)
           end
         end
+
+        increment_assertion_count
       end
 
       def assert_response_schema_confirm(expected_status = nil)
@@ -46,6 +48,8 @@ module Committee
         end
 
         schema_validator.response_validate(status, headers, [body], true) if validate_response?(status)
+
+        increment_assertion_count
       end
 
       def committee_options
@@ -90,6 +94,13 @@ module Committee
 
       private
 
+      # assert_*_schema_confirm signal failure by raising, not via `assert`,
+      # so Minitest would report "Test is missing assertions" on success.
+      # Bump the counter explicitly; no-op outside Minitest (e.g. RSpec).
+      def increment_assertion_count
+        assert true if respond_to?(:assertions)
+      end
+
       # Temporarily adds dummy values for excepted parameters during validation
       # @see ExceptParameter
       def with_except_params(except)

data/lib/committee/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Committee
-  VERSION = '5.6.2'.freeze
+  VERSION = '5.6.3'.freeze
 end

data/test/middleware/request_validation_open_api_3_test.rb

@@ -660,6 +660,44 @@ describe Committee::Middleware::RequestValidation do
     end
   end
 
+  describe 'bracket-style query params' do
+    it 'validates query params declared with bracket notation names' do
+      check_parameter = lambda { |env|
+        assert_equal '/test', env['committee.query_hash']['filter[slug]']
+        refute env['committee.query_hash'].key?('filter')
+        [200, {}, []]
+      }
+
+      @app = new_rack_app_with_lambda(check_parameter, schema: query_param_schema(bracket_notation_query_parameter))
+
+      get '/events?filter[slug]=%2Ftest'
+
+      assert_equal 200, last_response.status
+    end
+
+    it 'rejects unknown nested query params with strict_query_params' do
+      @app = new_rack_app(schema: query_param_schema(bracket_notation_query_parameter), strict_query_params: true)
+
+      get '/events?filter[slug]=%2Ftest&filter[status]=active'
+
+      assert_equal 400, last_response.status
+      assert_match(/filter\[status\]/, last_response.body)
+    end
+
+    it 'continues to support deepObject query params from Rack nested hashes' do
+      check_parameter = lambda { |env|
+        assert_equal '/test', env['committee.query_hash']['filter']['slug']
+        [200, {}, []]
+      }
+
+      @app = new_rack_app_with_lambda(check_parameter, schema: query_param_schema(deep_object_query_parameter))
+
+      get '/events?filter[slug]=%2Ftest'
+
+      assert_equal 200, last_response.status
+    end
+  end
+
   private
 
   def new_rack_app(options = {})
@@ -674,4 +712,53 @@ describe Committee::Middleware::RequestValidation do
       run check_lambda
     }
   end
+
+  def query_param_schema(parameter)
+    Committee::Drivers.load_from_data(query_param_document(parameter), nil, parser_options: { strict_reference_validation: true })
+  end
+
+  def bracket_notation_query_parameter
+    {
+      'name' => 'filter[slug]',
+      'in' => 'query',
+      'required' => true,
+      'schema' => { 'type' => 'string' },
+    }
+  end
+
+  def deep_object_query_parameter
+    {
+      'name' => 'filter',
+      'in' => 'query',
+      'required' => true,
+      'style' => 'deepObject',
+      'explode' => true,
+      'schema' => {
+        'type' => 'object',
+        'required' => ['slug'],
+        'properties' => {
+          'slug' => { 'type' => 'string' },
+        },
+      },
+    }
+  end
+
+  def query_param_document(parameter)
+    {
+      'openapi' => '3.0.3',
+      'info' => { 'title' => 'test', 'version' => '1.0.0' },
+      'paths' => {
+        '/events' => {
+          'get' => {
+            'parameters' => [parameter],
+            'responses' => {
+              '200' => {
+                'description' => 'ok',
+              },
+            },
+          },
+        },
+      },
+    }
+  end
 end

data/test/middleware/response_validation_open_api_3_test.rb

@@ -33,6 +33,13 @@ describe Committee::Middleware::ResponseValidation do
     assert_equal 200, last_response.status
   end
 
+  it "passes through a valid response with a +json content-type" do
+    @app = new_response_rack(JSON.generate(CHARACTERS_RESPONSE), { "Content-Type" => "application/problem+json; charset=utf-8" }, schema: open_api_3_schema, parse_response_by_content_type: true,)
+
+    get "/characters"
+    assert_equal 200, last_response.status
+  end
+
   it "passes through a invalid json" do
     @app = new_response_rack("not_json", {}, schema: open_api_3_schema)
 

data/test/schema_validator/open_api_3/operation_wrapper_test.rb

@@ -204,6 +204,24 @@ describe Committee::SchemaValidator::OpenAPI3::OperationWrapper do
         @path = '/characters'
         operation_object.validate_request_params({}, { "limit" => "1" }, {}, HEADER, query_coercion_enabled)
       end
+
+      it 'uses coerce_form_params for JSON request bodies too' do
+        @path = '/validate'
+        @method = 'post'
+
+        body_coercion_disabled = Committee::SchemaValidator::Option.new({ coerce_form_params: false }, open_api_3_schema, :open_api_3)
+        body_coercion_enabled = Committee::SchemaValidator::Option.new({ coerce_form_params: true }, open_api_3_schema, :open_api_3)
+
+        error = assert_raises(Committee::InvalidRequest) do
+          operation_object.validate_request_params({}, {}, { "integer" => "1" }, HEADER, body_coercion_disabled)
+        end
+        assert_match(/expected integer, but received String: "1"/i, error.message)
+
+        body_params = { "integer" => "1" }
+        operation_object.validate_request_params({}, {}, body_params, HEADER, body_coercion_enabled)
+
+        assert_kind_of(Integer, body_params["integer"])
+      end
     end
   end
 end

data/test/schema_validator_test.rb

@@ -21,6 +21,39 @@ describe Committee::SchemaValidator do
     assert_equal 'multipart/form-data', media_type
   end
 
+  it "detects application/json as a JSON media type" do
+    assert_equal true, Committee::SchemaValidator.json_media_type?("application/json")
+  end
+
+  it "detects application/problem+json with parameters as a JSON media type" do
+    assert_equal true, Committee::SchemaValidator.json_media_type?("application/problem+json; charset=utf-8")
+  end
+
+  it "detects application/vnd.api+json as a JSON media type" do
+    assert_equal true, Committee::SchemaValidator.json_media_type?("application/vnd.api+json")
+  end
+
+  it "does not detect application/x-ndjson as a JSON media type" do
+    assert_equal false, Committee::SchemaValidator.json_media_type?("application/x-ndjson")
+  end
+
+  it "does not detect non-JSON content types as JSON media types" do
+    assert_equal false, Committee::SchemaValidator.json_media_type?("test/csv")
+    assert_equal false, Committee::SchemaValidator.json_media_type?(nil)
+  end
+
+  it "parses +json responses in the HyperSchema validator" do
+    schema = Committee::Drivers::OpenAPI2::Driver.new.parse(open_api_2_data)
+    validator_option = Committee::SchemaValidator::Option.new({ parse_response_by_content_type: true }, schema, :hyper_schema)
+    router = Committee::SchemaValidator::HyperSchema::Router.new(schema, validator_option)
+    request = Rack::Request.new({ "REQUEST_METHOD" => "GET", "PATH_INFO" => "/api/pets", "rack.input" => StringIO.new("") })
+    validator = Committee::SchemaValidator::HyperSchema.new(router, request, validator_option)
+
+    validator.link.media_type = "application/vnd.api+json"
+
+    validator.response_validate(200, { "Content-Type" => "application/vnd.api+json" }, [JSON.generate([ValidPet])])
+  end
+
   it "builds prefix regexp with a path segment boundary" do
     regexp = Committee::SchemaValidator.build_prefix_regexp("/v1")
 

data/test/test/methods_test.rb

@@ -151,6 +151,14 @@ describe Committee::Test::Methods do
         assert_request_schema_confirm
       end
 
+      it "increments the Minitest assertion count on success" do
+        @app = new_rack_app
+        get "/characters"
+        before_count = assertions
+        assert_request_schema_confirm
+        assert_equal before_count + 1, assertions
+      end
+
       it "not exist required" do
         @app = new_rack_app
         get "/validate", { "query_string" => "query", "query_integer_list" => [1, 2] }
@@ -397,6 +405,14 @@ describe Committee::Test::Methods do
         assert_response_schema_confirm(200)
       end
 
+      it "increments the Minitest assertion count on success" do
+        @app = new_rack_app(JSON.generate(@correct_response))
+        get "/characters"
+        before_count = assertions
+        assert_response_schema_confirm(200)
+        assert_equal before_count + 1, assertions
+      end
+
       it "detects an invalid response Content-Type" do
         @app = new_rack_app(JSON.generate([@correct_response]), {})
         get "/characters"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: committee
 version: !ruby/object:Gem::Version
-  version: 5.6.2
+  version: 5.6.3
 platform: ruby
 authors:
 - Brandur
@@ -277,7 +277,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 4.0.3
+rubygems_version: 3.6.9
 specification_version: 4
 summary: A collection of Rack middleware to support JSON Schema.
 test_files: []