committee_firetail 5.0.0

data/test/schema_validator/hyper_schema/response_validator_test.rb

@@ -0,0 +1,118 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+describe Committee::SchemaValidator::HyperSchema::ResponseValidator do
+  before do
+    @status = 200
+    @headers = {
+      "Content-Type" => "application/json"
+    }
+    @data = ValidApp.dup
+    @schema = JsonSchema.parse!(hyper_schema_data)
+    @schema.expand_references!
+    # GET /apps/:id
+    @get_link = @link = @schema.properties["app"].links[2]
+    # GET /apps
+    @list_link = @schema.properties["app"].links[3]
+    @type_schema = @schema.properties["app"]
+  end
+
+  it "passes through a valid response" do
+    call
+  end
+
+  it "passes through a valid response with Content-Type options" do
+    @headers = { "Content-Type" => "application/json; charset=utf-8" }
+    call
+  end
+
+  it "passes through a valid list response" do
+    @data = [@data]
+    @link = @list_link
+    call
+  end
+
+  it "passes through a 204 No Content response" do
+    @status, @headers, @data = 204, {}, nil
+    call
+  end
+
+  it "passes through a 304 Not Modified response" do
+    @status, @headers, @data = 304, {}, nil
+    call
+  end
+
+  it "passes through a valid list response for for rel instances links" do
+    @link = @list_link
+
+    # forces the link to use `parent`
+    @link.target_schema = nil
+
+    # We're testing for legacy behavior here: even without a `targetSchema` as
+    # long as `rel` is set to `instances` we still wrap the result in an
+    # array.
+    assert_equal "instances", @link.rel
+
+    @data = [@data]
+    @link = @list_link
+    call
+  end
+
+  it "detects an improperly formatted list response for rel instances link" do
+    @link = @list_link
+
+    # forces the link to use `parent`
+    @link.target_schema = nil
+
+    # We're testing for legacy behavior here: even without a `targetSchema` as
+    # long as `rel` is set to `instances` we still wrap the result in an
+    # array.
+    assert_equal "instances", @link.rel
+
+    e = assert_raises(Committee::InvalidResponse) { call }
+    message = "List endpoints must return an array of objects."
+    assert_equal message, e.message
+  end
+
+  it "detects a blank response Content-Type" do
+    @headers = {}
+    e = assert_raises(Committee::InvalidResponse) { call }
+    message =
+      %{"Content-Type" response header must be set to "#{@link.enc_type}".}
+    assert_equal message, e.message
+  end
+
+  it "detects an invalid response Content-Type" do
+    @headers = { "Content-Type" => "text/html" }
+    e = assert_raises(Committee::InvalidResponse) { call }
+    message =
+      %{"Content-Type" response header must be set to "#{@link.enc_type}".}
+    assert_equal message, e.message
+  end
+
+  it "allows no Content-Type for 204 No Content" do
+    @status, @headers = 204, {}
+    call
+  end
+
+  it "allows no Content-Type for 304 Not Modified" do
+    @status, @headers = 304, {}
+    call
+  end
+
+  it "raises errors generated by json_schema" do
+    @data.merge!("name" => "%@!")
+    e = assert_raises(Committee::InvalidResponse) { call }
+    message = %{Invalid response.\n\n#/name: failed schema #/definitions/app/properties/name: %@! does not match /^[a-z][a-z0-9-]{3,30}$/.}
+    assert_equal message, e.message
+  end
+
+  private
+
+  def call
+    # hyper-schema link should be dropped into driver wrapper before it's used
+    link = Committee::Drivers::HyperSchema::Link.new(@link)
+    Committee::SchemaValidator::HyperSchema::ResponseValidator.new(link).call(@status, @headers, @data)
+  end
+end

data/test/schema_validator/hyper_schema/router_test.rb

@@ -0,0 +1,88 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+describe Committee::SchemaValidator::HyperSchema::Router do
+  it "builds routes without parameters" do
+    link, _ = hyper_schema_router.find_link("GET", "/apps")
+    refute_nil link
+  end
+
+  it "builds routes with parameters" do
+    link, _ = hyper_schema_router.find_link("GET", "/apps/123")
+    refute_nil link
+  end
+
+  it "doesn't match anything on a /" do
+    link, _ = hyper_schema_router.find_link("GET", "/")
+    assert_nil link
+  end
+
+  it "takes a prefix" do
+    # this is a sociopathic example
+    link, _ = hyper_schema_router(prefix: "/kpi").find_link("GET", "/kpi/apps/123")
+    refute_nil link
+  end
+
+  it "includes all paths without a prefix" do
+    link, _ = hyper_schema_router.includes?("/")
+    refute_nil link
+
+    link, _ = hyper_schema_router.includes?("/apps")
+    refute_nil link
+  end
+
+  it "only includes the prefix path with a prefix" do
+    link, _ = hyper_schema_router(prefix: "/kpi").includes?("/")
+    assert_nil link
+
+    link, _ = hyper_schema_router(prefix: "/kpi").includes?("/kpi")
+    refute_nil link
+
+    link, _ = hyper_schema_router(prefix: "/kpi").includes?("/kpi/apps")
+    refute_nil link
+  end
+
+  it "provides named parameters" do
+    link, param_matches = open_api_2_router.find_link("GET", "/api/pets/fido")
+    refute_nil link
+    assert_equal '/api/pets/{id}', link.href
+    assert_equal({ "id" => "fido" }, param_matches)
+  end
+
+  it "doesn't provide named parameters where none are available" do
+    link, param_matches = open_api_2_router.find_link("GET", "/api/pets")
+    refute_nil link
+    assert_equal({}, param_matches)
+  end
+
+  it "finds a path which has fewer matches" do
+    link, _ = open_api_2_router.find_link("GET", "/api/pets/dog")
+    refute_nil link
+    assert_equal '/api/pets/dog', link.href
+  end
+
+  it "fewer match not support in HyperSchema" do
+    link, _ = hyper_schema_router.find_link("GET", "/apps/abc")
+    refute_nil link
+    assert_equal '/apps/{(%23%2Fdefinitions%2Fapp%2Fdefinitions%2Fname)}', link.href
+  end
+
+  def hyper_schema_router(options = {})
+    # TODO: delete when 5.0.0 released because default value changed
+    options[:parse_response_by_content_type] = true if options[:parse_response_by_content_type] == nil
+    schema = Committee::Drivers::HyperSchema::Driver.new.parse(hyper_schema_data)
+    validator_option = Committee::SchemaValidator::Option.new(options, schema, :hyper_schema)
+
+    Committee::SchemaValidator::HyperSchema::Router.new(schema, validator_option)
+  end
+
+  def open_api_2_router(options = {})
+    # TODO: delete when 5.0.0 released because default value changed
+    options[:parse_response_by_content_type] = true if options[:parse_response_by_content_type] == nil
+    schema = Committee::Drivers::OpenAPI2::Driver.new.parse(open_api_2_data)
+    validator_option = Committee::SchemaValidator::Option.new(options, schema, :hyper_schema)
+
+    Committee::SchemaValidator::HyperSchema::Router.new(schema, validator_option)
+  end
+end

data/test/schema_validator/hyper_schema/string_params_coercer_test.rb

@@ -0,0 +1,137 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+describe Committee::SchemaValidator::HyperSchema::StringParamsCoercer do
+  before do
+    @schema = JsonSchema.parse!(hyper_schema_data)
+    @schema.expand_references!
+    # GET /search/apps
+    @link = @schema.properties["app"].links[5]
+  end
+
+  it "doesn't coerce params not in the schema" do
+    check_convert("owner", "admin", "admin")
+  end
+
+  it "skips values for string param" do
+    check_convert("name", "foo", "foo")
+  end
+
+  it "coerces valid values for boolean param" do
+    check_convert("deleted", "true", true)
+    check_convert("deleted", "false", false)
+    check_convert("deleted", "1", true)
+    check_convert("deleted", "0", false)
+  end
+
+  it "skips invalid values for boolean param" do
+    check_convert("deleted", "foo", "foo")
+  end
+
+  it "coerces valid values for integer param" do
+    check_convert("per_page", "3", 3)
+  end
+
+  it "skips invalid values for integer param" do
+    check_convert("per_page", "3.5", "3.5")
+    check_convert("per_page", "false", "false")
+    check_convert("per_page", "", "")
+  end
+
+  it "coerces valid values for number param" do
+    check_convert("threshold", "3", 3.0)
+    check_convert("threshold", "3.5", 3.5)
+  end
+
+  it "skips invalid values for number param" do
+    check_convert("threshold", "false", "false")
+  end
+
+  it "coerces valid values for null param" do
+    check_convert("threshold", "", nil)
+  end
+
+  it "pass array property" do
+    params = {
+        "array_property" => [
+            {
+                "update_time" => "2016-04-01T16:00:00.000+09:00",
+                "per_page" => "1",
+                "nested_coercer_object" => {
+                    "update_time" => "2016-04-01T16:00:00.000+09:00",
+                    "threshold" => "1.5"
+                },
+                "nested_no_coercer_object" => {
+                    "per_page" => "1",
+                    "threshold" => "1.5"
+                },
+                "nested_coercer_array" => [
+                    {
+                        "update_time" => "2016-04-01T16:00:00.000+09:00",
+                        "threshold" => "1.5"
+                    }
+                ],
+                "nested_no_coercer_array" => [
+                    {
+                        "per_page" => "1",
+                        "threshold" => "1.5"
+                    }
+                ]
+            },
+            {
+                "update_time" => "2016-04-01T16:00:00.000+09:00",
+                "per_page" => "1",
+                "threshold" => "1.5"
+            },
+            {
+                "threshold" => "1.5",
+                "per_page" => "1"
+            }
+        ],
+    }
+    call(params, coerce_recursive: true)
+
+    first_data = params["array_property"][0]
+    assert_kind_of String, first_data["update_time"]
+    assert_kind_of Integer, first_data["per_page"]
+
+    second_data = params["array_property"][1]
+    assert_kind_of String, second_data["update_time"]
+    assert_kind_of Integer, second_data["per_page"]
+    assert_kind_of Float, second_data["threshold"]
+
+    third_data = params["array_property"][1]
+    assert_kind_of Integer, third_data["per_page"]
+    assert_kind_of Float, third_data["threshold"]
+
+    assert_kind_of String, first_data["nested_coercer_object"]["update_time"]
+    assert_kind_of Float, first_data["nested_coercer_object"]["threshold"]
+
+    assert_kind_of Integer, first_data["nested_no_coercer_object"]["per_page"]
+    assert_kind_of Float, first_data["nested_no_coercer_object"]["threshold"]
+
+    assert_kind_of String, first_data["nested_coercer_array"].first["update_time"]
+    assert_kind_of Float, first_data["nested_coercer_array"].first["threshold"]
+
+    assert_kind_of Integer, first_data["nested_no_coercer_array"].first["per_page"]
+    assert_kind_of Float, first_data["nested_no_coercer_array"].first["threshold"]
+  end
+
+  private
+
+  def check_convert(key, before_value, after_value)
+    data = {key => before_value}
+    call(data)
+
+    if !after_value.nil?
+      assert_equal(data[key], after_value)
+    else
+      assert_nil(data[key])
+    end
+  end
+
+  def call(data, options={})
+    Committee::SchemaValidator::HyperSchema::StringParamsCoercer.new(data, @link.schema, options).call!
+  end
+end

data/test/schema_validator/open_api_3/operation_wrapper_test.rb

@@ -0,0 +1,218 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+require "stringio"
+
+describe Committee::SchemaValidator::OpenAPI3::OperationWrapper do
+  describe 'validate' do
+    before do
+      @path = '/validate'
+      @method = 'post'
+
+      # TODO: delete when 5.0.0 released because default value changed
+      options = {}
+      options[:parse_response_by_content_type] = true if options[:parse_response_by_content_type] == nil
+
+      @validator_option = Committee::SchemaValidator::Option.new(options, open_api_3_schema, :open_api_3)
+    end
+
+    def operation_object
+      open_api_3_schema.operation_object(@path, @method)
+    end
+
+    HEADER = { 'Content-Type' => 'application/json' }
+
+    SCHEMA_PROPERTIES_PAIR = [
+        ['string', 'str'],
+        ['integer', 1],
+        ['boolean', true],
+        ['boolean', false],
+        ['number', 0.1],
+    ]
+
+    it 'correct data' do
+      operation_object.validate_request_params({}, {}, SCHEMA_PROPERTIES_PAIR.to_h, HEADER, @validator_option)
+      assert true
+    end
+
+    it 'correct object data' do
+      operation_object.validate_request_params(
+                                  {},
+                                  {},
+                                  {
+                                     "object_1" =>
+                                         {
+                                             "string_1" => nil,
+                                             "integer_1" => nil,
+                                             "boolean_1" => nil,
+                                             "number_1" => nil
+                                         }
+                                 },
+                                               HEADER,
+                                               @validator_option)
+
+      assert true
+    end
+
+    it 'invalid params' do
+      e = assert_raises(Committee::InvalidRequest) {
+        operation_object.validate_request_params({}, {}, {"string" => 1}, HEADER, @validator_option)
+      }
+
+      assert_match(/expected string, but received Integer: 1/i, e.message)
+      assert_kind_of(OpenAPIParser::OpenAPIError, e.original_error)
+    end
+
+    it 'support put method' do
+      @method = "put"
+      operation_object.validate_request_params({}, {}, {"string" => "str"}, HEADER, @validator_option)
+
+      e = assert_raises(Committee::InvalidRequest) {
+        operation_object.validate_request_params({}, {}, {"string" => 1}, HEADER, @validator_option)
+      }
+
+      assert_match(/expected string, but received Integer: 1/i, e.message)
+      assert_kind_of(OpenAPIParser::OpenAPIError, e.original_error)
+    end
+
+    it 'support patch method' do
+      @method = "patch"
+      operation_object.validate_request_params({}, {}, {"integer" => 1}, HEADER, @validator_option)
+
+      e = assert_raises(Committee::InvalidRequest) {
+        operation_object.validate_request_params({}, {}, {"integer" => "str"}, HEADER, @validator_option)
+      }
+
+      assert_match(/expected integer, but received String: "str"/i, e.message)
+      assert_kind_of(OpenAPIParser::OpenAPIError, e.original_error)
+    end
+
+    it 'unknown param' do
+      operation_object.validate_request_params({}, {}, {"unknown" => 1}, HEADER, @validator_option)
+    end
+
+    describe 'support get method' do
+      before do
+        @method = "get"
+      end
+
+      it 'correct' do
+        operation_object.validate_request_params(
+            {},
+            {"query_string" => "query", "query_integer_list" => [1, 2]},
+            {},
+            HEADER,
+            @validator_option
+        )
+
+        operation_object.validate_request_params(
+            {},
+            {"query_string" => "query", "query_integer_list" => [1, 2], "optional_integer" => 1},
+            {},
+            HEADER,
+            @validator_option
+        )
+
+        assert true
+      end
+
+      it 'not exist required' do
+        e = assert_raises(Committee::InvalidRequest) {
+          operation_object.validate_request_params({}, {"query_integer_list" => [1, 2]}, {}, HEADER, @validator_option)
+        }
+
+        assert_match(/missing required parameters: query_string/i, e.message)
+        assert_kind_of(OpenAPIParser::OpenAPIError, e.original_error)
+      end
+
+      it 'invalid type' do
+        e = assert_raises(Committee::InvalidRequest) {
+          operation_object.validate_request_params(
+              {},
+              {"query_string" => 1, "query_integer_list" => [1, 2], "optional_integer" => 1},
+              {},
+              HEADER,
+              @validator_option
+          )
+        }
+
+        assert_match(/expected string, but received Integer: 1/i, e.message)
+        assert_kind_of(OpenAPIParser::OpenAPIError, e.original_error)
+      end
+    end
+
+    describe 'support delete method' do
+      before do
+        @path = '/characters'
+        @method = "delete"
+      end
+
+      it 'correct' do
+        operation_object.validate_request_params({}, {"limit" => "1"}, {}, HEADER, @validator_option)
+
+        assert true
+      end
+
+      it 'invalid type' do
+        e = assert_raises(Committee::InvalidRequest) {
+          operation_object.validate_request_params({}, {"limit" => "a"}, {}, HEADER, @validator_option)
+        }
+
+        assert_match(/expected integer, but received String: "a"/i, e.message)
+        assert_kind_of(OpenAPIParser::OpenAPIError, e.original_error)
+      end
+    end
+
+    describe 'support head method' do
+      before do
+        @path = '/characters'
+        @method = 'head'
+      end
+
+      it 'correct' do
+        operation_object.validate_request_params({}, {"limit" => "1"}, {}, HEADER, @validator_option)
+
+        assert true
+      end
+
+      it 'invalid type' do
+        e = assert_raises(Committee::InvalidRequest) {
+          operation_object.validate_request_params({}, {"limit" => "a"}, {}, HEADER, @validator_option)
+        }
+
+        assert_match(/expected integer, but received String: "a"/i, e.message)
+        assert_kind_of(OpenAPIParser::OpenAPIError, e.original_error)
+      end
+    end
+
+    it 'support options method' do
+      @method = "options"
+      operation_object.validate_request_params({}, {}, {"integer" => 1}, HEADER, @validator_option)
+
+      e = assert_raises(Committee::InvalidRequest) {
+        operation_object.validate_request_params({}, {}, {"integer" => "str"}, HEADER, @validator_option)
+      }
+
+      assert_match(/expected integer, but received String: "str"/i, e.message)
+      assert_kind_of(OpenAPIParser::OpenAPIError, e.original_error)
+    end
+
+
+    describe '#content_types' do
+      it 'returns supported content types' do
+        @path = '/validate_content_types'
+        @method = 'post'
+
+        assert_equal ["application/json", "application/binary"], operation_object.request_content_types
+      end
+
+      it 'returns an empty array when the content of requestBody does not exist' do
+        @path = '/characters'
+        @method = 'get'
+
+        assert_equal [], operation_object.request_content_types
+      end
+    end
+  end
+end

data/test/schema_validator/open_api_3/request_validator_test.rb

@@ -0,0 +1,110 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+describe Committee::SchemaValidator::OpenAPI3::RequestValidator do
+  describe 'OpenAPI3' do
+    include Rack::Test::Methods
+
+    def app
+      @app
+    end
+
+    it "skip validation when link does not exist" do
+      @app = new_rack_app(schema: open_api_3_schema)
+      params = {}
+      header "Content-Type", "application/json"
+      post "/unknown", JSON.generate(params)
+      assert_equal 200, last_response.status
+    end
+
+    it "optionally content_type check" do
+      @app = new_rack_app(check_content_type: true, schema: open_api_3_schema)
+      params = {
+        "string_post_1" => "cloudnasium"
+      }
+      header "Content-Type", "text/html"
+      post "/characters", JSON.generate(params)
+      assert_equal 400, last_response.status
+
+      body = JSON.parse(last_response.body)
+      message =
+          %{"Content-Type" request header must be set to "application/json".}
+
+      assert_equal "bad_request", body['id']
+      assert_equal message, body['message']
+    end
+
+    it "validates content_type" do
+      @app = new_rack_app(check_content_type: true, schema: open_api_3_schema)
+      params = {
+        "string_post_1" => "cloudnasium"
+      }
+      header "Content-Type", "text/html"
+      post "/validate_content_types", JSON.generate(params)
+      assert_equal 400, last_response.status
+
+      body = JSON.parse(last_response.body)
+      message =
+        %{"Content-Type" request header must be set to any of the following: ["application/json", "application/binary"].}
+
+      assert_equal message, body['message']
+    end
+
+    it "optionally skip content_type check" do
+      @app = new_rack_app(check_content_type: false, schema: open_api_3_schema)
+      params = {
+          "string_post_1" => "cloudnasium"
+      }
+      header "Content-Type", "text/html"
+      post "/characters", JSON.generate(params)
+      assert_equal 200, last_response.status
+    end
+
+    it "if not exist requestBody definition, skip content_type check" do
+      @app = new_rack_app(check_content_type: true, schema: open_api_3_schema)
+      params = {
+          "string_post_1" => "cloudnasium"
+      }
+      header "Content-Type", "application/json"
+      patch "/validate_no_parameter", JSON.generate(params)
+      assert_equal 200, last_response.status
+    end
+
+    it "skips content_type check with an empty body" do
+      @app = new_rack_app(check_content_type: true, schema: open_api_3_schema)
+      header "Content-Type", "application/x-www-form-urlencoded"
+      patch "/validate_empty_optional_body"
+      assert_equal 200, last_response.status
+    end
+    
+    it "does not mix up parameters and requestBody" do
+      @app = new_rack_app(check_content_type: true, schema: open_api_3_schema)
+      params = {
+          "last_name" => "Skywalker"
+      }
+      header "Content-Type", "application/json"
+      post "/additional_properties?first_name=Luke", JSON.generate(params)
+      assert_equal 200, last_response.status
+    end
+
+    it "error because content_type check with body" do
+      @app = new_rack_app(check_content_type: true, schema: open_api_3_schema)
+      header "Content-Type", "application/x-www-form-urlencoded"
+      patch "/validate_empty_optional_body", "{}"
+      assert_equal 400, last_response.status
+    end    
+
+    def new_rack_app(options = {})
+      # TODO: delete when 5.0.0 released because default value changed
+      options[:parse_response_by_content_type] = true if options[:parse_response_by_content_type] == nil
+
+      Rack::Builder.new {
+        use Committee::Middleware::RequestValidation, options
+        run lambda { |_|
+          [200, {}, []]
+        }
+      }
+    end
+  end
+end