committee_firetail 5.0.0

data/test/middleware/response_validation_open_api_3_test.rb

@@ -0,0 +1,291 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+describe Committee::Middleware::ResponseValidation do
+  include Rack::Test::Methods
+
+  CHARACTERS_RESPONSE = {"Otonokizaka" => ["Honoka.Kousaka"]}
+
+  def app
+    @app
+  end
+
+  it "passes through a valid response" do
+    @app = new_response_rack(JSON.generate(CHARACTERS_RESPONSE), {}, schema: open_api_3_schema)
+    get "/characters"
+    assert_equal 200, last_response.status
+  end
+
+  it "passes through a invalid json" do
+    @app = new_response_rack("not_json", {}, schema: open_api_3_schema)
+
+    get "/characters"
+
+    assert_equal 500, last_response.status
+    assert_equal "{\"id\":\"invalid_response\",\"message\":\"Response wasn't valid JSON.\"}", last_response.body
+  end
+
+  it "passes through a invalid json with ignore_error option" do
+    @app = new_response_rack("not_json", {}, schema: open_api_3_schema, ignore_error: true)
+
+    get "/characters"
+
+    assert_equal 200, last_response.status
+  end
+
+  it "passes through a invalid json with parse_response_by_content_type option" do
+    @app = new_response_rack("csv response", { "Content-Type" => "test/csv"}, schema: open_api_3_schema, parse_response_by_content_type: true)
+
+    get "/csv"
+
+    assert_equal 200, last_response.status
+  end
+
+  it "passes through not definition" do
+    @app = new_response_rack(JSON.generate(CHARACTERS_RESPONSE), {}, schema: open_api_3_schema)
+    get "/no_data"
+    assert_equal 200, last_response.status
+  end
+
+  it "detects a response invalid due to schema" do
+    @app = new_response_rack("[]", {}, schema: open_api_3_schema, raise: true)
+
+    e = assert_raises(Committee::InvalidResponse) {
+      get "/characters"
+    }
+
+    assert_match(/expected object, but received Array: /i, e.message)
+  end
+
+  it "passes through a 204 (no content) response" do
+    @app = new_response_rack("", {}, {schema: open_api_3_schema}, {status: 204})
+    post "/validate"
+    assert_equal 204, last_response.status
+  end
+
+  it "passes through a 304 (not modified) response" do
+    @app = new_response_rack("", {}, {schema: open_api_3_schema}, {status: 304})
+    post "/validate"
+    assert_equal 304, last_response.status
+  end
+
+  it "passes through a valid response with prefix" do
+    @app = new_response_rack(JSON.generate(CHARACTERS_RESPONSE), {}, schema: open_api_3_schema, prefix: "/v1")
+    get "/v1/characters"
+    assert_equal 200, last_response.status
+  end
+
+  it "passes through a invalid json with prefix" do
+    @app = new_response_rack("not_json", {}, schema: open_api_3_schema, prefix: "/v1")
+
+    get "/v1/characters"
+
+    assert_equal 500, last_response.status
+    assert_equal "{\"id\":\"invalid_response\",\"message\":\"Response wasn't valid JSON.\"}", last_response.body
+  end
+
+  it "rescues JSON errors" do
+    @app = new_response_rack("_42", {}, schema: open_api_3_schema, raise: true)
+    assert_raises(Committee::InvalidResponse) do
+      get "/characters"
+    end
+  end
+
+  it "not parameter request" do
+    @app = new_response_rack({integer: '1'}.to_json, {}, schema: open_api_3_schema, raise: true)
+
+    assert_raises(Committee::InvalidResponse) do
+      patch "/validate_no_parameter", {no_schema: 'no'}
+    end
+  end
+
+  it "optionally validates non-2xx blank responses" do
+    @app = new_response_rack("", {}, schema: open_api_3_schema, validate_success_only: false)
+    get "/characters"
+    assert_equal 200, last_response.status
+  end
+
+  it "optionally validates non-2xx invalid responses with invalid json" do
+    @app = new_response_rack("{_}", {}, schema: open_api_3_schema, validate_success_only: false)
+    get "/characters"
+    assert_equal 500, last_response.status
+    assert_match(/valid JSON/i, last_response.body)
+  end
+
+  describe "remote schema $ref" do
+    it "passes through a valid response" do
+      @app = new_response_rack(JSON.generate({ "sample" => "value" }), {}, schema: open_api_3_schema)
+      get "/ref-sample"
+      assert_equal 200, last_response.status
+    end
+
+    it "detects a invalid response" do
+      @app = new_response_rack("{}", {}, schema: open_api_3_schema)
+      get "/ref-sample"
+      assert_equal 500, last_response.status
+    end
+  end
+
+  describe 'check header' do
+    [
+      { check_header: true, description: 'valid value', header: { 'integer' => 1 }, expected: { status: 200 } },
+      { check_header: true, description: 'missing value', header: { 'integer' => nil }, expected: { error: 'headers/integer/schema does not allow null values' } },
+      { check_header: true, description: 'invalid value', header: { 'integer' => 'x' }, expected: { error: 'headers/integer/schema expected integer, but received String: "x"' } },
+
+      { check_header: false, description: 'valid value', header: { 'integer' => 1 }, expected: { status: 200 } },
+      { check_header: false, description: 'missing value', header: { 'integer' => nil }, expected: { status: 200 } },
+      { check_header: false, description: 'invalid value', header: { 'integer' => 'x' }, expected: { status: 200 } },
+    ].each do |h|
+      check_header = h[:check_header]
+      description = h[:description]
+      header = h[:header]
+      expected = h[:expected]
+      describe "when #{check_header}" do
+        %w(get post put patch delete options).each do |method|
+          describe method do
+            describe description do
+              if expected[:error].nil?
+                it 'should pass' do
+                  @app = new_response_rack({}.to_json, header, schema: open_api_3_schema, raise: true, check_header: check_header)
+
+                  send(method, "/header")
+                  assert_equal expected[:status], last_response.status
+                end
+              else
+                it 'should fail' do
+                  @app = new_response_rack({}.to_json, header, schema: open_api_3_schema, raise: true, check_header: check_header)
+
+                  error = assert_raises(Committee::InvalidResponse) do
+                    get "/header"
+                  end
+                  assert_match(expected[:error], error.message)
+                end
+              end
+            end
+          end
+        end
+      end
+    end
+  end
+
+  describe 'validate error option' do
+    it "detects an invalid response status code" do
+      @app = new_response_rack({ integer: '1' }.to_json,
+                               {},
+                               app_status: 400,
+                               schema: open_api_3_schema,
+                               raise: true,
+                               validate_success_only: false)
+
+
+      e = assert_raises(Committee::InvalidResponse) do
+        get "/characters"
+      end
+
+      assert_match(/but received String: \"1\"/i, e.message)
+    end
+
+    it "detects an invalid response status code with validate_success_only=true" do
+      @app = new_response_rack({ string_1: :honoka }.to_json,
+                               {},
+                               app_status: 400,
+                               schema: open_api_3_schema,
+                               raise: true,
+                               validate_success_only: true)
+
+
+      get "/characters"
+
+      assert_equal 400, last_response.status
+    end
+  end
+
+  describe ':accept_request_filter' do
+    [
+      { description: 'when not specified, includes everything', accept_request_filter: nil, expected: { status: 500 } },
+      { description: 'when predicate matches, performs validation', accept_request_filter: -> (request) { request.path.start_with?('/v1/c') }, expected: { status: 500 } },
+      { description: 'when predicate does not match, skips validation', accept_request_filter: -> (request) { request.path.start_with?('/v1/x') }, expected: { status: 200 } },
+    ].each do |h|
+      description = h[:description]
+      accept_request_filter = h[:accept_request_filter]
+      expected = h[:expected]
+
+      it description do
+        @app = new_response_rack('not_json', {}, schema: open_api_3_schema, prefix: '/v1', accept_request_filter: accept_request_filter)
+
+        get 'v1/characters'
+
+        assert_equal expected[:status], last_response.status
+      end
+    end
+  end
+
+  it 'does not suppress application error' do
+    @app = Rack::Builder.new {
+      use Committee::Middleware::ResponseValidation, {schema: open_api_3_schema, raise: true}
+      run lambda { |_|
+        JSON.load('-') # invalid json  
+      }
+    }
+
+    assert_raises(JSON::ParserError) do
+      get "/error", nil
+    end
+  end
+
+  it "strict and invalid status" do    
+    @app = new_response_rack(JSON.generate(CHARACTERS_RESPONSE), {}, {schema: open_api_3_schema, strict: true}, {status: 201})
+    get "/characters"
+    assert_equal 500, last_response.status
+  end
+
+  it "strict and invalid status with raise" do
+    @app = new_response_rack(JSON.generate(CHARACTERS_RESPONSE), {}, {schema: open_api_3_schema, strict: true, raise: true}, {status: 201})
+
+    assert_raises(Committee::InvalidResponse) do
+      get "/characters"
+    end
+  end
+
+  it "strict and invalid content type" do
+    @app = new_response_rack("abc", 
+      {}, 
+      {schema: open_api_3_schema, strict: true},
+      {content_type: 'application/text'}
+    )
+    get "/characters"
+    assert_equal 500, last_response.status
+  end
+
+  it "strict and invalid content type with raise" do
+    @app = new_response_rack("abc",
+      {},
+      {schema: open_api_3_schema, strict: true, raise: true},
+      {content_type: 'application/text'}
+    )
+
+    assert_raises(Committee::InvalidResponse) do
+      get "/characters"
+    end
+  end
+
+  private
+
+  def new_response_rack(response, headers = {}, options = {}, rack_options = {})
+    # TODO: delete when 5.0.0 released because default value changed
+    options[:parse_response_by_content_type] = true if options[:parse_response_by_content_type] == nil
+
+    status = rack_options[:status] || 200
+    content_type = rack_options[:content_type] || "application/json"
+    headers = {
+      "Content-Type" => content_type
+    }.merge(headers)
+    Rack::Builder.new {
+      use Committee::Middleware::ResponseValidation, options
+      run lambda { |_|
+        [options.fetch(:app_status, status), headers, [response]]
+      }
+    }
+  end
+end

data/test/middleware/response_validation_test.rb

@@ -0,0 +1,189 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+describe Committee::Middleware::ResponseValidation do
+  include Rack::Test::Methods
+
+  def app
+    @app
+  end
+
+  it "passes through a valid response" do
+    @app = new_rack_app(JSON.generate([ValidApp]), {}, schema: hyper_schema)
+    get "/apps"
+    assert_equal 200, last_response.status
+  end
+
+  # TODO: remove 5.0.0
+  it "passes through a valid response" do
+    # will show deprecated message
+    @app = new_rack_app(JSON.generate([ValidApp]), {}, schema: hyper_schema, strict: true)
+    get "/apps"
+    assert_equal 200, last_response.status
+  end
+
+  it "doesn't call error_handler (has a arg) when response is valid" do
+    called = false
+    pr = ->(_e) { called = true }
+    @app = new_rack_app(JSON.generate([ValidApp]), {}, schema: hyper_schema, error_handler: pr)
+    get "/apps"
+    assert !called, "error_handler is called"
+  end
+
+  it "doesn't call error_handler (has two args) when response is valid" do
+    called = false
+    pr = ->(_e, _env) { called = true }
+    @app = new_rack_app(JSON.generate([ValidApp]), {}, schema: hyper_schema, error_handler: pr)
+    get "/apps"
+    assert !called, "error_handler is called"
+  end
+
+  it "detects a response invalid due to schema" do
+    @app = new_rack_app("{}", {}, schema: hyper_schema)
+    get "/apps"
+    assert_equal 500, last_response.status
+    assert_match(/{} is not an array/i, last_response.body)
+  end
+
+  it "detects a response invalid due to schema with ignore_error option" do
+    @app = new_rack_app("{}", {}, schema: hyper_schema, ignore_error: true)
+    get "/apps"
+    assert_equal 200, last_response.status
+  end
+
+  it "detects a response invalid due to not being JSON" do
+    @app = new_rack_app("{_}", {}, schema: hyper_schema)
+    get "/apps"
+    assert_equal 500, last_response.status
+    assert_match(/valid JSON/i, last_response.body)
+  end
+
+  it "ignores a non-2xx invalid response" do
+    @app = new_rack_app("[]", {}, app_status: 404, schema: hyper_schema)
+    get "/apps"
+    assert_equal 404, last_response.status
+  end
+
+  it "optionally validates non-2xx invalid responses" do
+    @app = new_rack_app("", {}, app_status: 404, validate_success_only: false, schema: hyper_schema)
+    get "/apps"
+    assert_equal 500, last_response.status
+    assert_match(/Invalid response/i, last_response.body)
+  end
+
+  it "optionally validates non-2xx invalid responses with invalid json" do
+    @app = new_rack_app("{_}", {}, app_status: 404, validate_success_only: false, schema: hyper_schema)
+    get "/apps"
+    assert_equal 500, last_response.status
+    assert_match(/valid JSON/i, last_response.body)
+  end
+
+  it "passes through a 204 (no content) response" do
+    @app = new_rack_app("", {}, app_status: 204, schema: hyper_schema)
+    get "/apps"
+    assert_equal 204, last_response.status
+  end
+
+  it "passes through a 304 (not modified) response" do
+    @app = new_rack_app("", {}, app_status: 304, schema: hyper_schema)
+    get "/apps"
+    assert_equal 304, last_response.status
+  end
+
+  it "skip validation when 4xx" do
+    @app = new_rack_app("[{x:y}]", {}, schema: hyper_schema, validate_success_only: true, app_status: 400)
+    get "/apps"
+    assert_equal 400, last_response.status
+    assert_match("[{x:y}]", last_response.body)
+  end
+
+  it "rescues JSON errors" do
+    @app = new_rack_app("[{x:y}]", {}, schema: hyper_schema, validate_success_only: false)
+    get "/apps"
+    assert_equal 500, last_response.status
+    assert_match(/valid json/i, last_response.body)
+  end
+
+  it "calls error_handler (has two args) when it rescues JSON errors" do
+    called_err = nil
+    pr = ->(e, _env) { called_err = e }
+    @app = new_rack_app("[{x:y}]", {}, schema: hyper_schema, error_handler: pr)
+    get "/apps"
+    assert_kind_of JSON::ParserError, called_err
+  end
+
+  it "takes a prefix" do
+    @app = new_rack_app(JSON.generate([ValidApp]), {}, prefix: "/v1",
+      schema: hyper_schema)
+    get "/v1/apps"
+    assert_equal 200, last_response.status
+  end
+
+  it "rescues JSON errors" do
+    @app = new_rack_app("[{x:y}]", {}, raise: true, schema: hyper_schema)
+    assert_raises(Committee::InvalidResponse) do
+      get "/apps"
+    end
+  end
+
+  it "calls error_handler (has two args) when it rescues JSON errors" do
+    called_err = nil
+    pr = ->(e, _env) { called_err = e }
+    @app = new_rack_app("[{x:y}]", {}, raise: true, schema: hyper_schema, error_handler: pr)
+    assert_raises(Committee::InvalidResponse) do
+      get "/apps"
+      assert_kind_of JSON::ParserError, called_err
+    end
+  end
+
+  it "passes through a valid response for OpenAPI" do
+    @app = new_rack_app(JSON.generate([ValidPet]), {},
+      schema: open_api_2_schema)
+    get "/api/pets"
+    assert_equal 200, last_response.status
+  end
+
+  it "detects an invalid response for OpenAPI" do
+    @app = new_rack_app("{_}", {}, schema: open_api_2_schema)
+    get "/api/pets"
+    assert_equal 500, last_response.status
+    assert_match(/valid JSON/i, last_response.body)
+  end
+
+  describe ':accept_request_filter' do
+    [
+      { description: 'when not specified, includes everything', accept_request_filter: nil, expected: { status: 500 } },
+      { description: 'when predicate matches, performs validation', accept_request_filter: -> (request) { request.path.start_with?('/v1/a') }, expected: { status: 500 } },
+      { description: 'when predicate does not match, skips validation', accept_request_filter: -> (request) { request.path.start_with?('/v1/x') }, expected: { status: 200 } },
+    ].each do |h|
+      description = h[:description]
+      accept_request_filter = h[:accept_request_filter]
+      expected = h[:expected]
+      it description do
+        @app = new_rack_app('not_json', {}, schema: hyper_schema, prefix: '/v1', accept_request_filter: accept_request_filter)
+
+        get '/v1/apps'
+
+        assert_equal expected[:status], last_response.status
+      end
+    end
+  end
+
+  private
+
+  def new_rack_app(response, headers = {}, options = {})
+    # TODO: delete when 5.0.0 released because default value changed
+    options[:parse_response_by_content_type] = true if options[:parse_response_by_content_type] == nil
+
+    headers = {
+      "Content-Type" => "application/json"
+    }.merge(headers)
+    Rack::Builder.new {
+      use Committee::Middleware::ResponseValidation, options
+      run lambda { |_|
+        [options.fetch(:app_status, 200), headers, [response]]
+      }
+    }
+  end
+end

data/test/middleware/stub_test.rb

@@ -0,0 +1,145 @@
+# frozen_string_literal: true
+
+require "test_helper"
+
+describe Committee::Middleware::Stub do
+  include Rack::Test::Methods
+
+  def app
+    @app
+  end
+
+  it "responds with a stubbed response" do
+    @app = new_rack_app(schema: hyper_schema)
+    get "/apps/heroku-api"
+    assert_equal 200, last_response.status
+    data = JSON.parse(last_response.body)
+    assert_equal ValidApp.keys.sort, data.keys.sort
+  end
+
+  it "responds with 201 on create actions" do
+    @app = new_rack_app(schema: hyper_schema)
+    post "/apps"
+    assert_equal 201, last_response.status
+  end
+
+  it "optionally calls into application" do
+    @app = new_rack_app(call: true, schema: hyper_schema)
+    get "/apps/heroku-api"
+    assert_equal 200, last_response.status
+    assert_equal ValidApp,
+      JSON.parse(last_response.headers["Committee-Response"])
+  end
+
+  it "optionally returns the application's response" do
+    @app = new_rack_app(call: true, schema: hyper_schema, suppress: true)
+    get "/apps/heroku-api"
+    assert_equal 429, last_response.status
+    assert_equal ValidApp,
+      JSON.parse(last_response.headers["Committee-Response"])
+    assert_equal "", last_response.body
+  end
+
+  it "optionally returns the application's response schema" do
+    @app = new_rack_app(call: true, schema: hyper_schema, suppress: true)
+    get "/apps/heroku-api"
+    assert_equal 429, last_response.status
+    assert_equal "#/definitions/app/links/2/targetSchema",
+      last_response.headers["Committee-Response-Schema"]
+    assert_equal "", last_response.body
+  end
+
+  it "takes a prefix" do
+    @app = new_rack_app(prefix: "/v1", schema: hyper_schema)
+    get "/v1/apps/heroku-api"
+    assert_equal 200, last_response.status
+    data = JSON.parse(last_response.body)
+    assert_equal ValidApp.keys.sort, data.keys.sort
+  end
+
+  it "allows the stub's response to be replaced" do
+    response = { replaced: true }
+    @app = new_rack_app(call: true, response: response, schema: hyper_schema)
+    get "/apps/heroku-api"
+    assert_equal 200, last_response.status
+    assert_equal response, JSON.parse(last_response.body, symbolize_names: true)
+  end
+
+  it "responds with a stubbed response for OpenAPI" do
+    @app = new_rack_app(schema: open_api_2_schema)
+    get "/api/pets/fido"
+    assert_equal 200, last_response.status
+    data = JSON.parse(last_response.body)
+    assert_equal ValidPet.keys.sort, data.keys.sort
+  end
+
+  it "calls into app for links that are undefined" do
+    @app = new_rack_app(call: false, schema: hyper_schema)
+    post "/foos"
+    assert_equal 429, last_response.status
+  end
+
+  it "caches the response if called multiple times" do
+    cache = {}
+    @app = new_rack_app(cache: cache, schema: hyper_schema)
+
+    get "/apps/heroku-api"
+    assert_equal 200, last_response.status
+
+    data, _schema = cache[cache.first[0]]
+    assert_equal ValidApp.keys.sort, data.keys.sort
+
+    # replace what we have in the cache
+    cache[cache.first[0]] = { "cached" => true }
+
+    get "/apps/heroku-api"
+    assert_equal 200, last_response.status
+    data = JSON.parse(last_response.body)
+    assert_equal({ "cached" => true }, data)
+  end
+
+  it "caches the response if called multiple times" do
+    cache = {}
+    @app = new_rack_app(cache: cache, schema: open_api_3_schema)
+
+    assert_raises(Committee::OpenAPI3Unsupported) do
+      get "/characters"
+    end
+  end
+
+  private
+
+  def new_rack_app(options = {})
+    response = options.delete(:response)
+    suppress = options.delete(:suppress)
+
+    # TODO: delete when 5.0.0 released because default value changed
+    options[:parse_response_by_content_type] = true if options[:parse_response_by_content_type] == nil
+
+    Rack::Builder.new {
+      use Committee::Middleware::Stub, options
+      run lambda { |env|
+        if response
+          env["committee.response"] = response
+        end
+
+        headers = {}
+        if res = env["committee.response"]
+          headers.merge!({
+            "Committee-Response" => JSON.generate(res)
+          })
+        end
+
+        if res = env["committee.response_schema"]
+          headers.merge!({
+            "Committee-Response-Schema" => res.pointer,
+          })
+        end
+
+        env["committee.suppress"] = suppress
+
+        [429, headers, []]
+      }
+    }
+  end
+end