openapi-ruby 3.1.0 → 3.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e392a1235f97dc71aaf0ec1790ee0bd64c4bcbae412063af363af91e95cb608d
-  data.tar.gz: 90f056e8bc51aa18d6de20a38ac706c079955567066e034d9408a8bd75b2f966
+  metadata.gz: 2e97365e4c2b566d59db1f4946a2b0e1f45f8ee9b938f2b5c049ac0ac9f56dcc
+  data.tar.gz: 431709a674d6a028fd8a14f47200761215a6e4576888009b3b2b637fd5a453b9
 SHA512:
-  metadata.gz: bde611e9f9b188969e3bbc8a6f1062efe7738ebc15e7eef40079406cccd0eab35051c767db9abfbcba0eea1e91ec39a265f7654468f8478efef8462e63b67f42
-  data.tar.gz: c02da938cd7edd9053fc89730916dbc31b87829fc945c36248269e6a77a569cf77ea07c14938550517a16909615ee926fc05b1b54bf848a3997ac7cfa1bf4c47
+  metadata.gz: 0a670b21d1043c474b2eead1844c47258521df05b247d561a5578de4c8495a6519b575c7b3d2d4fe4fc54c22d5d524e45ee2fab492e99e3366c8eab5bc381ecf
+  data.tar.gz: e2981bfa965fef6c6db6767d8e36592b8166fa20f675265c9d0147265565250e845093ca4fb3dc3bd3a7d2a2b1c3a7c6cb9d52169a0142bc0be2a90727a50b77

data/README.md

@@ -63,12 +63,15 @@ OpenapiRuby.configure do |config|
   config.camelize_keys = true
   config.schema_output_dir = "swagger"
   config.schema_output_format = :yaml
-  config.validate_responses_in_tests = true
 
   # Runtime middleware (disabled by default)
   config.request_validation = :disabled   # :enabled, :disabled, :warn_only
   config.response_validation = :disabled
 
+  # Test DSL: validate requests against declared operations before sending.
+  # Enabled by default; set to false to disable.
+  config.test_request_validation = true
+
   # Optional Swagger UI (disabled by default)
   config.ui_enabled = false
 end
@@ -231,6 +234,12 @@ rails generate openapi_ruby:component BearerAuth security_schemes
 require "openapi_ruby/rspec"
 ```
 
+RSpec supports two DSL styles. Both generate the same OpenAPI spec and validate responses (and requests) against it.
+
+### Style 1: `path` / `run_test!`
+
+Schema definition and test execution are interleaved. Each `response` block uses `let` values and `run_test!` to send the request inline:
+
 ```ruby
 # spec/requests/users_spec.rb
 require "openapi_helper"
@@ -294,11 +303,71 @@ RSpec.describe "Users API", type: :openapi do
 end
 ```
 
+### Style 2: `api_path` / `assert_api_response`
+
+Schema definition at the top, normal RSpec examples underneath. Mirrors the Minitest DSL and is useful when you want basic schema validation separated from detailed edge-case tests:
+
+```ruby
+require "openapi_helper"
+
+RSpec.describe "Users API", type: :openapi do
+  openapi_schema :public_api
+
+  api_path "/api/v1/users" do
+    get "List users" do
+      tags "Users"
+      produces "application/json"
+
+      response 200, "returns all users" do
+        schema type: :array, items: { "$ref" => "#/components/schemas/User" }
+      end
+    end
+
+    post "Create a user" do
+      consumes "application/json"
+
+      request_body required: true, content: {
+        "application/json" => {
+          schema: { "$ref" => "#/components/schemas/UserInput" }
+        }
+      }
+
+      response 201, "user created" do
+        schema "$ref" => "#/components/schemas/User"
+      end
+
+      response 422, "validation errors" do
+        schema "$ref" => "#/components/schemas/ValidationErrors"
+      end
+    end
+  end
+
+  # Normal RSpec examples
+  it "returns all users" do
+    User.create!(name: "Jane", email: "jane@example.com")
+
+    assert_api_response :get, 200 do
+      expect(parsed_body.length).to eq(1)
+    end
+  end
+
+  it "creates a user" do
+    assert_api_response :post, 201, body: { name: "Jane", email: "jane@example.com" } do
+      expect(parsed_body["name"]).to eq("Jane")
+    end
+  end
+end
+```
+
+`assert_api_response` accepts `params:`, `headers:`, `body:`, and `path_params:` keyword arguments. It validates the response status and body schema automatically, then yields to the block for additional expectations.
+
 ### DSL Reference
 
 | Method | Level | Description |
 |--------|-------|-------------|
-| `path(template, &block)` | Top | Define an API path |
+| `path(template, &block)` | Top | Define an API path (style 1) |
+| `api_path(template, &block)` | Top | Define an API path (style 2) |
+| `openapi_schema(name)` | Top | Set the schema name (style 2) |
 | `get/post/put/patch/delete(summary, &block)` | Path | Define an operation |
 | `tags(*tags)` | Operation | Tag the operation |
 | `operationId(id)` | Operation | Set operation ID |
@@ -312,7 +381,9 @@ end
 | `response(status, description, &block)` | Operation | Define expected response |
 | `schema(definition)` | Response | Response body schema |
 | `header(name, schema:, **opts)` | Response | Response header |
-| `run_test!(&block)` | Response | Execute request and validate |
+| `run_test!(&block)` | Response | Execute request and validate (style 1) |
+| `assert_api_response(method, status, **opts, &block)` | Example | Execute request and validate (style 2) |
+| `parsed_body` | Example | Parsed JSON response body |
 
 ## Testing with Minitest
 

data/lib/generators/openapi_ruby/install/templates/initializer.rb.tt

@@ -20,9 +20,6 @@ OpenapiRuby.configure do |config|
   config.schema_output_dir = "swagger"
   config.schema_output_format = :yaml
 
-  # Validate response bodies in tests against defined schemas
-  config.validate_responses_in_tests = true
-
   # Runtime request/response validation middleware
   # Options: :disabled, :enabled, :warn_only
   config.request_validation = :disabled

data/lib/openapi_ruby/adapters/minitest.rb

@@ -81,13 +81,28 @@ module OpenapiRuby
             request_args = {params: query_params, headers: headers}
           end
 
+          # Validate the request against the declared operation (skip for error responses,
+          # since those tests intentionally send invalid data)
+          if OpenapiRuby.configuration.test_request_validation && expected_status < 400
+            document_hash = build_validation_document(context.schema_name)
+            req_errors = Testing::RequestValidator.new(document_hash).validate(
+              operation: operation,
+              path_context: context,
+              params: params,
+              headers: headers,
+              body: body,
+              path_params: path_params
+            )
+            assert req_errors.empty?, "Request validation failed:\n#{req_errors.join("\n")}"
+          end
+
           send(method, path, **request_args)
 
           # Validate response
           assert_equal expected_status, response.status,
             "Expected status #{expected_status}, got #{response.status}\nResponse body: #{response.body}"
 
-          if OpenapiRuby.configuration.validate_responses_in_tests && response_ctx.schema_definition
+          if response_ctx.schema_definition
             validator = Testing::ResponseValidator.new
             body_data = parse_response_body
             errors = validator.validate(
@@ -181,6 +196,23 @@ module OpenapiRuby
           end.uniq { |p| [p[:name], p[:in]] }
         end
 
+        def build_validation_document(schema_name)
+          return nil unless schema_name
+
+          config = OpenapiRuby.configuration
+          schema_config = config.schemas[schema_name.to_sym] || config.schemas[schema_name.to_s]
+          return nil unless schema_config
+
+          builder = OpenapiRuby::Core::DocumentBuilder.new(schema_config)
+          OpenapiRuby::DSL::MetadataStore.contexts_for(schema_name).each do |ctx|
+            builder.add_path(ctx.path_template, ctx.to_openapi)
+          end
+          scope = schema_config[:component_scope]
+          loader = OpenapiRuby::Components::Loader.new(scope: scope)
+          builder.merge_components(loader.to_openapi_hash)
+          builder.build.data
+        end
+
         def parse_response_body
           return nil if response.body.empty?
 

data/lib/openapi_ruby/adapters/rspec.rb

@@ -11,6 +11,22 @@ module OpenapiRuby
       # All methods are inherited by nested describe/context/it_behaves_like blocks.
       # Data is stored in RSpec metadata which propagates to child groups.
       module ExampleGroupHelpers
+        def openapi_schema(name)
+          metadata[:openapi_schema_name] = name.to_sym
+        end
+
+        # Minitest-style DSL: define the schema at the top of the spec file,
+        # then write normal RSpec examples underneath using assert_api_response.
+        def api_path(template, &block)
+          schema_name = metadata[:openapi_schema_name]
+          context = DSL::Context.new(template, schema_name: schema_name)
+          context.instance_eval(&block) if block
+          metadata[:openapi_api_contexts] ||= []
+          metadata[:openapi_api_contexts] << context
+          DSL::MetadataStore.register(context)
+          context
+        end
+
         def path(template, &block)
           schema_name = metadata[:openapi_schema_name]
           context = DSL::Context.new(template, schema_name: schema_name)
@@ -104,6 +120,100 @@ module OpenapiRuby
 
       # Instance-level helper methods mixed into RSpec examples
       module ExampleHelpers
+        # Minitest-style assertion: looks up the api_path context, makes the
+        # request, validates the response status + body, then yields to the
+        # block for additional expectations.
+        def assert_api_response(method, expected_status, params: {}, headers: {}, body: nil, path_params: {}, &block)
+          meta = ::RSpec.current_example.metadata
+          context = find_api_context_for(meta, method, path_params)
+          raise OpenapiRuby::Error, "No api_path defined for #{method.upcase} in this example group" unless context
+
+          operation = context.operations[method.to_s]
+          raise OpenapiRuby::Error, "No #{method.upcase} operation defined" unless operation
+
+          response_ctx = operation.responses[expected_status.to_s]
+          raise OpenapiRuby::Error, "No response #{expected_status} defined for #{method.upcase}" unless response_ctx
+
+          base_path = resolve_base_path(context.schema_name)
+          path = "#{base_path}#{expand_path(context.path_template, params.merge(path_params))}"
+
+          # Resolve security scheme parameters
+          resolve_security_params(operation, meta).each do |param|
+            val = params[param[:name].to_sym] || params[param[:name]]
+            next if val.nil?
+
+            case param[:in].to_s
+            when "header" then headers[param[:name]] = val
+            when "query" then params[param[:name]] = val
+            when "cookie" then headers["Cookie"] = "#{param[:name]}=#{val}"
+            end
+          end
+
+          headers["Accept"] ||= "application/json"
+
+          path_param_names = context.path_parameters.map { |p| p["name"] }
+          query_params = params.reject { |k, _| path_param_names.include?(k.to_s) }
+
+          if body
+            content_type = operation.request_body_definition&.dig("content")&.keys&.first || "application/json"
+            request_args = if content_type.include?("form-data") || content_type.include?("x-www-form-urlencoded")
+              {params: body, headers: headers}
+            else
+              {
+                params: body.is_a?(String) ? body : body.to_json,
+                headers: headers.merge("Content-Type" => content_type)
+              }
+            end
+          else
+            request_args = {headers: headers}
+          end
+
+          if query_params.any?
+            path = "#{path}?#{Rack::Utils.build_nested_query(query_params)}"
+          end
+
+          # Validate the request against the declared operation (skip for error responses,
+          # since those tests intentionally send invalid data)
+          if OpenapiRuby.configuration.test_request_validation && expected_status < 400
+            document_hash = OpenapiRuby::Adapters::RSpec.validation_document_for(context.schema_name)
+            req_errors = Testing::RequestValidator.new(document_hash).validate(
+              operation: operation,
+              path_context: context,
+              params: params,
+              headers: headers,
+              body: body,
+              path_params: path_params
+            )
+            raise "Request validation failed:\n#{req_errors.join("\n")}" unless req_errors.empty?
+          end
+
+          send(method, path, **request_args)
+
+          unless response.status == expected_status
+            raise "Expected status #{expected_status}, got #{response.status}\nResponse body: #{response.body}"
+          end
+
+          if response_ctx.schema_definition
+            validator = Testing::ResponseValidator.new(
+              OpenapiRuby::Adapters::RSpec.validation_document_for(context.schema_name)
+            )
+            errors = validator.validate(
+              response_body: parsed_response_body,
+              status_code: response.status,
+              response_context: response_ctx
+            )
+            unless errors.empty?
+              raise "Response body validation failed:\n#{errors.join("\n")}\nResponse body: #{response.body}"
+            end
+          end
+
+          instance_eval(&block) if block
+        end
+
+        def parsed_body
+          parsed_response_body
+        end
+
         # submit_openapi_request is public so specs can call it directly
         # (e.g., for rate limiting tests that need multiple requests)
         def submit_openapi_request(metadata)
@@ -144,6 +254,12 @@ module OpenapiRuby
           accept = resolve_let(:Accept)
           headers["Accept"] = accept || "application/json"
 
+          # Always append query params to the URL so the middleware sees them
+          # (Rails sends params as request body for non-GET methods).
+          if params.any?
+            path = "#{path}?#{Rack::Utils.build_nested_query(params)}"
+          end
+
           if body
             content_type = operation&.request_body_definition&.dig("content")&.keys&.first || "application/json"
             request_args = if content_type.include?("form-data") || content_type.include?("x-www-form-urlencoded")
@@ -154,13 +270,37 @@ module OpenapiRuby
                 headers: headers.merge("Content-Type" => content_type)
               }
             end
-            # Append query params to path when body is present
-            if params.any?
-              query_string = params.map { |k, v| "#{k}=#{CGI.escape(v.to_s)}" }.join("&")
-              path = "#{path}?#{query_string}"
-            end
           else
-            request_args = {params: params, headers: headers}
+            request_args = {headers: headers}
+          end
+
+          # Validate the request against the declared operation (skip for error responses,
+          # since those tests intentionally send invalid data)
+          response_ctx = find_in_metadata(metadata, :openapi_response)
+          expected_status = response_ctx&.status_code.to_i
+          if OpenapiRuby.configuration.test_request_validation && operation && expected_status < 400
+            path_ctx = find_in_metadata(metadata, :openapi_path_context)
+            schema_name = find_in_metadata(metadata, :openapi_schema_name)
+
+            # Collect resolved path param values for validation
+            path_param_values = {}
+            (path_ctx&.path_parameters || []).each do |param|
+              name = param["name"]
+              next unless name
+              val = resolve_let(name.to_sym)
+              path_param_values[name] = val if val
+            end
+
+            document_hash = OpenapiRuby::Adapters::RSpec.validation_document_for(schema_name)
+            req_errors = Testing::RequestValidator.new(document_hash).validate(
+              operation: operation,
+              path_context: path_ctx,
+              params: params,
+              headers: headers,
+              body: body,
+              path_params: path_param_values
+            )
+            raise "Request validation failed:\n#{req_errors.join("\n")}" unless req_errors.empty?
           end
 
           send(method.to_sym, path, **request_args)
@@ -177,10 +317,46 @@ module OpenapiRuby
               "Expected status #{expected_status}, got #{actual_status}\n" \
               "Response body: #{response.body}"
           end
+
+          if response_ctx.schema_definition
+            schema_name = find_in_metadata(metadata, :openapi_schema_name)
+            validator = Testing::ResponseValidator.new(OpenapiRuby::Adapters::RSpec.validation_document_for(schema_name))
+            errors = validator.validate(
+              response_body: parsed_response_body,
+              status_code: response.status,
+              response_context: response_ctx
+            )
+            unless errors.empty?
+              raise "Response body validation failed:\n#{errors.join("\n")}\nResponse body: #{response.body}"
+            end
+          end
         end
 
         private
 
+        def find_api_context_for(metadata, method, path_params)
+          contexts = find_in_metadata(metadata, :openapi_api_contexts) || []
+          has_path_params = path_params.any?
+
+          contexts.find do |ctx|
+            next false unless ctx.operations.key?(method.to_s)
+
+            if has_path_params
+              ctx.path_template.include?("{")
+            else
+              !ctx.path_template.include?("{")
+            end
+          end
+        end
+
+        def expand_path(template, params)
+          template.gsub(/\{(\w+)\}/) do
+            name = ::Regexp.last_match(1)
+            value = params[name.to_sym] || params[name.to_s]
+            value || "{#{name}}"
+          end
+        end
+
         def resolve_path(metadata)
           path_ctx = find_in_metadata(metadata, :openapi_path_context)
           template = path_ctx&.path_template || ""
@@ -269,6 +445,29 @@ module OpenapiRuby
         end
       end
 
+      # Build the OpenAPI document hash for a given schema name and cache it.
+      # Used by response body validation so $ref schemas can be resolved.
+      def self.validation_document_for(schema_name)
+        return nil unless schema_name
+
+        key = schema_name.to_sym
+        @validation_documents ||= {}
+        @validation_documents[key] ||= begin
+          config = OpenapiRuby.configuration
+          schema_config = config.schemas[key] || config.schemas[schema_name.to_s]
+          return nil unless schema_config
+
+          builder = OpenapiRuby::Core::DocumentBuilder.new(schema_config)
+          OpenapiRuby::DSL::MetadataStore.contexts_for(schema_name).each do |context|
+            builder.add_path(context.path_template, context.to_openapi)
+          end
+          scope = schema_config[:component_scope]
+          loader = OpenapiRuby::Components::Loader.new(scope: scope)
+          builder.merge_components(loader.to_openapi_hash)
+          builder.build.data
+        end
+      end
+
       def self.install!
         ::RSpec.configure do |config|
           config.extend ExampleGroupHelpers, type: :openapi

data/lib/openapi_ruby/configuration.rb

@@ -9,46 +9,56 @@ module OpenapiRuby
     # Components
     attr_accessor :component_paths
     attr_accessor :component_scope_paths
-    attr_accessor :camelize_keys, :key_transform, :response_validation, :strict_query_params,
-      :coerce_params, :error_handler, :schema_output_format, :validate_responses_in_tests, :ui_path, :ui_config, :coverage_report_path
-    attr_accessor :strict_reference_validation
+
+    # Output / formatting
+    attr_accessor :camelize_keys, :schema_output_format, :schema_output_dir
     attr_accessor :auto_validation_error_response
     attr_accessor :validation_error_schema
 
     # Middleware (runtime validation)
-    attr_accessor :request_validation
+    attr_accessor :request_validation, :response_validation, :coerce_params
 
-    # Test / Generation
-    attr_accessor :schema_output_dir
+    # Test DSL: validate that requests match the declared operation before sending.
+    # Enabled by default; set to false to disable.
+    attr_accessor :test_request_validation
 
-    # UI (optional)
-    attr_accessor :ui_enabled
+    # OpenAPI meta-schema validation of generated specs and middleware-loaded
+    # documents. One of :disabled, :enabled (raise on errors), :warn_only
+    # (default, log warnings). Boolean values are accepted for backwards
+    # compatibility: `true` → :warn_only, `false` → :disabled.
+    attr_reader :strict_reference_validation
+
+    def strict_reference_validation=(value)
+      @strict_reference_validation = case value
+      when true, :warn_only then :warn_only
+      when false, :disabled then :disabled
+      when :enabled then :enabled
+      else
+        raise ConfigurationError,
+          "strict_reference_validation must be :disabled, :enabled, :warn_only, or a boolean"
+      end
+    end
 
-    # Coverage
-    attr_accessor :coverage_enabled
+    # UI (optional)
+    attr_accessor :ui_enabled, :ui_path, :ui_config
 
     def initialize
       @schemas = {}
       @component_paths = ["app/api_components"]
       @component_scope_paths = {}
       @camelize_keys = true
-      @key_transform = nil
       @request_validation = :disabled
       @response_validation = :disabled
-      @strict_query_params = false
       @coerce_params = true
-      @error_handler = nil
+      @test_request_validation = true
       @schema_output_dir = "swagger"
       @schema_output_format = :yaml
-      @validate_responses_in_tests = true
       @ui_enabled = false
       @ui_path = "/api-docs"
       @ui_config = {}
-      @strict_reference_validation = true
+      @strict_reference_validation = :warn_only
       @auto_validation_error_response = true
       @validation_error_schema = nil
-      @coverage_enabled = false
-      @coverage_report_path = "tmp/openapi_coverage.json"
     end
 
     def validate!

data/lib/openapi_ruby/generator/schema_writer.rb

@@ -23,7 +23,7 @@ module OpenapiRuby
 
       def write!
         document = build_document
-        validate_document!(document) if OpenapiRuby.configuration.strict_reference_validation
+        validate_document!(document) unless OpenapiRuby.configuration.strict_reference_validation == :disabled
         output_path = File.join(output_dir, filename)
         FileUtils.mkdir_p(output_dir)
         File.write(output_path, format_output(document))
@@ -63,7 +63,12 @@ module OpenapiRuby
         return if errors.empty?
 
         error_messages = errors.first(10).map { |e| e["error"] || e.to_s }
-        warn "[openapi_ruby] Generated schema '#{@schema_name}' has validation errors:\n#{error_messages.join("\n")}"
+        message = "[openapi_ruby] Generated schema '#{@schema_name}' has validation errors:\n#{error_messages.join("\n")}"
+        if OpenapiRuby.configuration.strict_reference_validation == :enabled
+          raise OpenapiRuby::ConfigurationError, message
+        else
+          warn message
+        end
       end
 
       def format_output(document)

data/lib/openapi_ruby/middleware/schema_resolver.rb

@@ -3,7 +3,7 @@
 module OpenapiRuby
   module Middleware
     class SchemaResolver
-      def initialize(spec_path: nil, document: nil, strict_reference_validation: true)
+      def initialize(spec_path: nil, document: nil, strict_reference_validation: :warn_only)
         @spec_path = spec_path
         @document = document
         @strict_reference_validation = strict_reference_validation
@@ -41,15 +41,19 @@ module OpenapiRuby
       private
 
       def validate_document!(doc)
-        return unless @strict_reference_validation
+        return if @strict_reference_validation == :disabled
 
         schemer = JSONSchemer.openapi(doc)
         errors = schemer.validate.to_a
         return if errors.empty?
 
         error_messages = errors.first(5).map { |e| e["error"] || e.to_s }
-        raise OpenapiRuby::ConfigurationError,
-          "OpenAPI document validation failed:\n#{error_messages.join("\n")}"
+        message = "OpenAPI document validation failed:\n#{error_messages.join("\n")}"
+        if @strict_reference_validation == :enabled
+          raise OpenapiRuby::ConfigurationError, message
+        else
+          warn message
+        end
       end
 
       def load_document

data/lib/openapi_ruby/testing/request_validator.rb

@@ -0,0 +1,153 @@
+# frozen_string_literal: true
+
+module OpenapiRuby
+  module Testing
+    class RequestValidator
+      def initialize(document_hash = nil)
+        @document_hash = document_hash
+      end
+
+      def validate(operation:, path_context: nil, params: {}, headers: {}, body: nil, path_params: {})
+        errors = []
+
+        # Collect all parameters (path-level + operation-level)
+        all_parameters = (path_context&.path_parameters || []) + (operation.parameters || [])
+
+        # Validate each declared parameter
+        all_parameters.each do |param|
+          name = param["name"]
+          next unless name
+
+          value = extract_param_value(param, params, headers, path_params)
+
+          if value.nil?
+            errors << "Missing required #{param["in"]} parameter: #{name}" if param["required"]
+            next
+          end
+
+          if param["schema"]
+            param_errors = validate_value(value, param["schema"], "#{param["in"]} parameter '#{name}'")
+            errors.concat(param_errors)
+          end
+        end
+
+        # Validate request body
+        errors.concat(validate_request_body(operation, body))
+
+        errors
+      end
+
+      private
+
+      def extract_param_value(param, params, headers, path_params)
+        name = param["name"]
+
+        case param["in"]
+        when "query"
+          params[name.to_sym] || params[name.to_s]
+        when "path"
+          path_params[name.to_sym] || path_params[name.to_s]
+        when "header"
+          headers[name] || headers[name.downcase]
+        end
+      end
+
+      def validate_request_body(operation, body)
+        errors = []
+        rb_spec = operation.request_body_definition
+        return errors unless rb_spec
+
+        if rb_spec["required"] && body.nil?
+          errors << "Request body is required"
+          return errors
+        end
+
+        return errors unless body && rb_spec["content"]
+
+        media_type = rb_spec["content"].keys.first
+        schema = rb_spec.dig("content", media_type, "schema")
+        return errors unless schema
+
+        validate_against_schema(body, schema, "request body", errors)
+        errors
+      end
+
+      def validate_value(value, schema, context)
+        coerced = coerce_for_validation(value, schema)
+        schema_validator = resolve_schema(schema)
+        return [] unless schema_validator
+
+        schema_validator.validate(coerced).map do |err|
+          "Invalid #{context}: #{format_error(err)}"
+        end
+      rescue => e
+        ["Invalid #{context}: #{e.message}"]
+      end
+
+      def validate_against_schema(data, schema, context, errors)
+        schema_validator = resolve_schema(schema)
+        return unless schema_validator
+
+        schema_validator.validate(data).each do |err|
+          pointer = err["data_pointer"] || ""
+          msg = format_error(err)
+          location = pointer.empty? ? context : "#{context} at #{pointer}"
+          errors << "Invalid #{location}: #{msg}"
+        end
+      rescue => e
+        errors << "Invalid #{context}: #{e.message}"
+      end
+
+      def resolve_schema(schema)
+        if schema.is_a?(Hash) && schema["$ref"] && @document_hash
+          JSONSchemer.openapi(@document_hash).ref(schema["$ref"])
+        elsif contains_ref?(schema)
+          nil # Cannot validate $ref without document
+        else
+          JSONSchemer.schema(schema)
+        end
+      rescue
+        nil
+      end
+
+      def coerce_for_validation(value, schema)
+        return value unless value.is_a?(String)
+
+        type = schema.is_a?(Hash) ? schema["type"] : nil
+        case type
+        when "integer" then Integer(value)
+        when "number" then Float(value)
+        when "boolean"
+          case value.downcase
+          when "true", "1" then true
+          when "false", "0" then false
+          else value
+          end
+        else value
+        end
+      rescue ArgumentError, TypeError
+        value
+      end
+
+      def contains_ref?(value)
+        case value
+        when Hash
+          return true if value.key?("$ref")
+          value.values.any? { |v| contains_ref?(v) }
+        when Array
+          value.any? { |v| contains_ref?(v) }
+        else
+          false
+        end
+      end
+
+      def format_error(error)
+        if error.is_a?(Hash)
+          error["error"] || error["type"] || "validation failed"
+        else
+          error.to_s
+        end
+      end
+    end
+  end
+end

data/lib/openapi_ruby/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OpenapiRuby
-  VERSION = "3.1.0"
+  VERSION = "3.2.0"
 end

data/lib/openapi_ruby.rb

@@ -43,6 +43,7 @@ require_relative "openapi_ruby/dsl/context"
 require_relative "openapi_ruby/dsl/metadata_store"
 require_relative "openapi_ruby/testing/request_builder"
 require_relative "openapi_ruby/testing/response_validator"
+require_relative "openapi_ruby/testing/request_validator"
 require_relative "openapi_ruby/testing/assertions"
 require_relative "openapi_ruby/testing/coverage"
 require_relative "openapi_ruby/generator/schema_writer"

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: openapi-ruby
 version: !ruby/object:Gem::Version
-  version: 3.1.0
+  version: 3.2.0
 platform: ruby
 authors:
 - Morten Hartvig
@@ -117,6 +117,7 @@ files:
 - lib/openapi_ruby/testing/assertions.rb
 - lib/openapi_ruby/testing/coverage.rb
 - lib/openapi_ruby/testing/request_builder.rb
+- lib/openapi_ruby/testing/request_validator.rb
 - lib/openapi_ruby/testing/response_validator.rb
 - lib/openapi_ruby/version.rb
 - lib/tasks/openapi_ruby.rake