rspec-openapi 0.10.0 → 0.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9749f7a6121a78737336bd436f5fda8b20381a82f4cb507f42667bf3d38a2a4b
-  data.tar.gz: ff0bc4a559323f1285d282ab786b5666c950b8ad0b9585fa749cf1f2b0f3613e
+  metadata.gz: b221d36e6ff92306e1bd720b4bb07e114839c8e047ad530f6ac4cb2a11eb4ae5
+  data.tar.gz: 5f5daf56dddc8a7b9477f961611d3bd4550eb498aa38d166035e5b18fe7027bd
 SHA512:
-  metadata.gz: 4e412c58158ffaa1518640e3082ef04c41d50ec43de94ef032c866ebbec2468775d4ea3b2c976294f14ce6b8570b3e86df7248f17877c491efa9fc31e5a8819a
-  data.tar.gz: 65d7308f7d552d9ac299a6d3330933283c237345b477de260a2e2af24210268f2e41350619cec83f145f028a7374b197281cbd9752d1cb2aa3baa696f8240739
+  metadata.gz: 18410768ff613a19b39f910e20e58ecda87337095b354e718bdb5f6b6e2713429acd26a289fd4ffa89a493348aa226561d89340d9685d37caa30b44c54d17be8
+  data.tar.gz: 5542bf85a5f1d46eacbdc0936b57ae197279bf618fa1628082e7d33c5600a2583f450426999dbc6eea4d4a401ffb307ea5d207b551aa27d586eb4682e572c9fb

data/.github/workflows/codeql-analysis.yml

@@ -28,12 +28,12 @@ jobs:
       uses: actions/checkout@v4
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: ${{ matrix.language }}
         
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
+      uses: github/codeql-action/autobuild@v3
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3

data/.github/workflows/rubocop.yml

@@ -30,6 +30,6 @@ jobs:
         "
 
     - name: Upload Sarif output
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: rubocop.sarif

data/.github/workflows/test.yml

@@ -26,6 +26,8 @@ jobs:
             rails: 6.1.6
           - ruby: ruby:3.1
             rails: 7.0.3
+          - ruby: ruby:3.3
+            rails: 7.1.2
             coverage: coverage
     env:
       RAILS_VERSION: ${{ matrix.rails == '' && '6.1.6' || matrix.rails }}
@@ -41,9 +43,12 @@ jobs:
         if: matrix.coverage == 'coverage'
       - run: bundle exec rspec
         timeout-minutes: 1
+      - run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        name: codecov-action@v4 workaround
       - name: Upload coverage reports
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v4
         if: matrix.coverage == 'coverage'
         with:
           fail_ci_if_error: true
           files: ./coverage/coverage.xml
+          token: ${{ secrets.CODECOV_TOKEN }}

data/.rubocop_todo.yml

@@ -1,25 +1,35 @@
 # This configuration was generated by
 # `rubocop --auto-gen-config`
-# on 2023-04-14 06:22:29 UTC using RuboCop version 1.49.0.
+# on 2024-01-13 11:12:43 UTC using RuboCop version 1.50.2.
 # The point is for the user to remove these configuration records
 # one by one as the offenses are removed from the code base.
 # Note that changes in the inspected code, or installation of new
 # versions of RuboCop, may require this file to be generated again.
 
-# Offense count: 10
+# Offense count: 9
 # Configuration parameters: AllowedMethods, AllowedPatterns, CountRepeatedAttributes.
 Metrics/AbcSize:
-  Max: 31
+  Max: 48
+
+# Offense count: 2
+# Configuration parameters: CountComments, CountAsOne.
+Metrics/ClassLength:
+  Max: 192
 
-# Offense count: 4
+# Offense count: 5
 # Configuration parameters: AllowedMethods, AllowedPatterns.
 Metrics/CyclomaticComplexity:
-  Max: 10
+  Max: 13
 
-# Offense count: 13
+# Offense count: 16
 # Configuration parameters: CountComments, CountAsOne, AllowedMethods, AllowedPatterns.
 Metrics/MethodLength:
-  Max: 30
+  Max: 31
+
+# Offense count: 1
+# Configuration parameters: AllowedMethods, AllowedPatterns.
+Metrics/PerceivedComplexity:
+  Max: 13
 
 # Offense count: 1
 # Configuration parameters: EnforcedStyle, CheckMethodNames, CheckSymbols, AllowedIdentifiers, AllowedPatterns.
@@ -29,7 +39,7 @@ Naming/VariableNumber:
   Exclude:
     - 'spec/integration_tests/roda_test.rb'
 
-# Offense count: 5
+# Offense count: 6
 # Configuration parameters: AllowedConstants.
 Style/Documentation:
   Exclude:

data/CHANGELOG.md

@@ -1,3 +1,18 @@
+## v0.12.0
+
+- feat: Initial support of complex schema with manually-added `oneOf`
+  [#174](https://github.com/exoego/rspec-openapi/pull/174)
+- chore: Test with Ruby 3.3 and Rails 7.1.x 
+  [#169](https://github.com/exoego/rspec-openapi/pull/169)
+
+## v0.11.0
+- feat: Allow path-based config overrides
+  [#162](https://github.com/exoego/rspec-openapi/pull/162)
+- enhancement: Sort HTTP methods, response status codes, and contents lexicographically
+  [#163](https://github.com/exoego/rspec-openapi/pull/163)
+- enhancement: Remove parameters that conflict with security schemas
+  [#166](https://github.com/exoego/rspec-openapi/pull/166)
+
 ## v0.10.0
 - bugfix: Merge parameter data to preserve description in manually edited Openapi spec 
   [#149](https://github.com/exoego/rspec-openapi/pull/149)

data/lib/rspec/openapi/components_updater.rb

@@ -23,7 +23,8 @@ class << RSpec::OpenAPI::ComponentsUpdater = Object.new
       #  0             1         2 ^...............................^
       # ["components", "schema", "Table", "properties", "owner", "properties", "company", "$ref"]
       #  0             1         2 ^...........................................^
-      needle = paths.slice(2, paths.size - 3)
+      needle = paths.reject { |path| path.is_a?(Integer) || path == 'oneOf' }
+      needle = needle.slice(2, needle.size - 3)
       nested_schema = fresh_schemas.dig(*needle)
 
       # Skip if the property using $ref is not found in the parent schema. The property may be removed.
@@ -44,20 +45,28 @@ class << RSpec::OpenAPI::ComponentsUpdater = Object.new
     references.inject({}) do |acc, paths|
       ref_link = dig_schema(base, paths)['$ref']
       schema_name = ref_link.gsub('#/components/schemas/', '')
-      schema_body = dig_schema(fresh, paths)
+      schema_body = dig_schema(fresh, paths.reject { |path| path.is_a?(Integer) })
+
       RSpec::OpenAPI::SchemaMerger.merge!(acc, { schema_name => schema_body })
     end
   end
 
   def dig_schema(obj, paths)
-    obj.dig(*paths, 'schema', 'items') || obj.dig(*paths, 'schema')
+    item_schema = obj.dig(*paths, 'schema', 'items')
+    object_schema = obj.dig(*paths, 'schema')
+    one_of_schema = obj.dig(*paths.take(paths.size - 1), 'schema', 'oneOf', paths.last)
+
+    item_schema || object_schema || one_of_schema
   end
 
   def paths_to_top_level_refs(base)
     request_bodies = RSpec::OpenAPI::HashHelper.matched_paths(base, 'paths.*.*.requestBody.content.application/json')
     responses = RSpec::OpenAPI::HashHelper.matched_paths(base, 'paths.*.*.responses.*.content.application/json')
-    (request_bodies + responses).select do |paths|
-      dig_schema(base, paths)&.dig('$ref')&.start_with?('#/components/schemas/')
+    (request_bodies + responses).flat_map do |paths|
+      object_paths = find_object_refs(base, paths)
+      one_of_paths = find_one_of_refs(base, paths)
+
+      object_paths || one_of_paths || []
     end
   end
 
@@ -65,6 +74,7 @@ class << RSpec::OpenAPI::ComponentsUpdater = Object.new
     nested_refs = [
       *RSpec::OpenAPI::HashHelper.matched_paths_deeply_nested(base, 'components.schemas', 'properties.*.$ref'),
       *RSpec::OpenAPI::HashHelper.matched_paths_deeply_nested(base, 'components.schemas', 'properties.*.items.$ref'),
+      *RSpec::OpenAPI::HashHelper.matched_paths_deeply_nested(base, 'components.schemas', 'oneOf.*.$ref'),
     ]
     # Reject already-generated schemas to reduce unnecessary loop
     nested_refs.reject do |paths|
@@ -73,4 +83,14 @@ class << RSpec::OpenAPI::ComponentsUpdater = Object.new
       generated_names.include?(schema_name)
     end
   end
+
+  def find_one_of_refs(base, paths)
+    dig_schema(base, paths)&.dig('oneOf')&.map&.with_index do |schema, index|
+      paths + [index] if schema&.dig('$ref')&.start_with?('#/components/schemas/')
+    end&.compact
+  end
+
+  def find_object_refs(base, paths)
+    [paths] if dig_schema(base, paths)&.dig('$ref')&.start_with?('#/components/schemas/')
+  end
 end

data/lib/rspec/openapi/hash_helper.rb

@@ -8,6 +8,10 @@ class << RSpec::OpenAPI::HashHelper = Object.new
         k = k.to_s
         [[k]] + paths_to_all_fields(v).map { |x| [k, *x] }
       end
+    when Array
+      obj.flat_map.with_index do |value, i|
+        [[i]] + paths_to_all_fields(value).map { |x| [i, *x] }
+      end
     else
       []
     end

data/lib/rspec/openapi/result_recorder.rb

@@ -7,26 +7,33 @@ class RSpec::OpenAPI::ResultRecorder
   end
 
   def record_results!
-    title = RSpec::OpenAPI.title
     @path_records.each do |path, records|
+      # Look for a path-specific config file and run it.
+      config_file = File.join(File.dirname(path), RSpec::OpenAPI.config_filename)
+      begin
+        require config_file if File.exist?(config_file)
+      rescue StandardError => e
+        puts "WARNING: Unable to load #{config_file}: #{e}"
+      end
+
+      title = RSpec::OpenAPI.title
       RSpec::OpenAPI::SchemaFile.new(path).edit do |spec|
         schema = RSpec::OpenAPI::DefaultSchema.build(title)
         schema[:info].merge!(RSpec::OpenAPI.info)
         RSpec::OpenAPI::SchemaMerger.merge!(spec, schema)
         new_from_zero = {}
         records.each do |record|
-          begin
-            record_schema = RSpec::OpenAPI::SchemaBuilder.build(record)
-            RSpec::OpenAPI::SchemaMerger.merge!(spec, record_schema)
-            RSpec::OpenAPI::SchemaMerger.merge!(new_from_zero, record_schema)
-          rescue StandardError, NotImplementedError => e # e.g. SchemaBuilder raises a NotImplementedError
-            @error_records[e] = record # Avoid failing the build
-          end
+          record_schema = RSpec::OpenAPI::SchemaBuilder.build(record)
+          RSpec::OpenAPI::SchemaMerger.merge!(spec, record_schema)
+          RSpec::OpenAPI::SchemaMerger.merge!(new_from_zero, record_schema)
+        rescue StandardError, NotImplementedError => e # e.g. SchemaBuilder raises a NotImplementedError
+          @error_records[e] = record # Avoid failing the build
         end
+        RSpec::OpenAPI::SchemaCleaner.cleanup_conflicting_security_parameters!(spec)
         RSpec::OpenAPI::SchemaCleaner.cleanup!(spec, new_from_zero)
         RSpec::OpenAPI::ComponentsUpdater.update!(spec, new_from_zero)
         RSpec::OpenAPI::SchemaCleaner.cleanup_empty_required_array!(spec)
-        RSpec::OpenAPI::SchemaCleaner.sort_paths!(spec)
+        RSpec::OpenAPI::SchemaSorter.deep_sort!(spec)
       end
     end
   end

data/lib/rspec/openapi/schema_cleaner.rb

@@ -39,6 +39,24 @@ class << RSpec::OpenAPI::SchemaCleaner = Object.new
     base
   end
 
+  def cleanup_conflicting_security_parameters!(base)
+    security_schemes = base.dig('components', 'securitySchemes') || {}
+
+    return if security_schemes.empty?
+
+    paths_to_security_definitions = RSpec::OpenAPI::HashHelper.matched_paths_deeply_nested(base, 'paths', 'security')
+
+    paths_to_security_definitions.each do |path|
+      parent_path_definition = base.dig(*path.take(path.length - 1))
+
+      security_schemes.each do |security_scheme_name, security_scheme|
+        remove_parameters_conflicting_with_security_sceheme!(
+          parent_path_definition, security_scheme, security_scheme_name,
+        )
+      end
+    end
+  end
+
   def cleanup_empty_required_array!(base)
     paths_to_objects = [
       *RSpec::OpenAPI::HashHelper.matched_paths_deeply_nested(base, 'components.schemas', 'properties'),
@@ -51,15 +69,20 @@ class << RSpec::OpenAPI::SchemaCleaner = Object.new
     end
   end
 
-  # Sort "paths" lexicographically to make the order more predictable
-  #
-  # @param [Hash]   #
-  def sort_paths!(spec)
-    spec['paths'] = spec['paths']&.entries&.sort_by! { |path, _| path }.to_h
-  end
-
   private
 
+  def remove_parameters_conflicting_with_security_sceheme!(path_definition, security_scheme, security_scheme_name)
+    return unless path_definition['security']
+    return unless path_definition['parameters']
+    return unless path_definition.dig('security', 0).keys.include?(security_scheme_name)
+
+    path_definition['parameters'].reject! do |parameter|
+      parameter['in'] == security_scheme['in'] && # same location (ie. header)
+        parameter['name'] == security_scheme['name'] # same name (ie. AUTHORIZATION)
+    end
+    path_definition.delete('parameters') if path_definition['parameters'].empty?
+  end
+
   def cleanup_array!(base, spec, selector, fields_for_identity = [])
     marshal = lambda do |obj|
       Marshal.dump(slice(obj, fields_for_identity))

data/lib/rspec/openapi/schema_merger.rb

@@ -29,6 +29,12 @@ class << RSpec::OpenAPI::SchemaMerger = Object.new
   #
   # TODO: Should we probably force-merge `summary` regardless of manual modifications?
   def merge_schema!(base, spec)
+    if (options = base['oneOf'])
+      merge_closest_match!(options, spec)
+
+      return base
+    end
+
     spec.each do |key, value|
       if base[key].is_a?(Hash) && value.is_a?(Hash)
         merge_schema!(base[key], value) unless base[key].key?('$ref')
@@ -67,4 +73,39 @@ class << RSpec::OpenAPI::SchemaMerger = Object.new
     all_parameters.uniq! { |param| param.slice('name', 'in') }
     base[key] = all_parameters
   end
+
+  SIMILARITY_THRESHOLD = 0.5
+
+  def merge_closest_match!(options, spec)
+    score, option = options.map { |option| [similarity(option, spec), option] }.max_by(&:first)
+
+    return if option&.key?('$ref')
+
+    if score.to_f > SIMILARITY_THRESHOLD
+      merge_schema!(option, spec)
+    else
+      options.push(spec)
+    end
+  end
+
+  def similarity(first, second)
+    return 1 if first == second
+
+    score =
+      case [first.class, second.class]
+      when [Array, Array]
+        (first & second).size / [first.size, second.size].max.to_f
+      when [Hash, Hash]
+        return 1 if first.merge(second).key?('$ref')
+
+        intersection = first.keys & second.keys
+        total_size = [first.size, second.size].max.to_f
+
+        intersection.sum { |key| similarity(first[key], second[key]) } / total_size
+      else
+        0
+      end
+
+    score.finite? ? score : 0
+  end
 end

data/lib/rspec/openapi/schema_sorter.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+class << RSpec::OpenAPI::SchemaSorter = Object.new
+  # Sort some unpredictably ordered properties in a lexicographical manner to make the order more predictable.
+  #
+  # @param [Hash|Array]
+  def deep_sort!(spec)
+    # paths
+    deep_sort_by_selector!(spec, 'paths')
+
+    # methods
+    deep_sort_by_selector!(spec, 'paths.*')
+
+    # response status code
+    deep_sort_by_selector!(spec, 'paths.*.*.responses')
+
+    # content-type
+    deep_sort_by_selector!(spec, 'paths.*.*.responses.*.content')
+  end
+
+  private
+
+  # @param [Hash] base
+  # @param [String] selector
+  def deep_sort_by_selector!(base, selector)
+    RSpec::OpenAPI::HashHelper.matched_paths(base, selector).each do |paths|
+      deep_sort_hash!(base.dig(*paths))
+    end
+  end
+
+  def deep_sort_hash!(hash)
+    sorted = hash.entries.sort_by { |k, _| k }.to_h
+    hash.replace(sorted)
+  end
+end

data/lib/rspec/openapi/version.rb

@@ -2,6 +2,6 @@
 
 module RSpec
   module OpenAPI
-    VERSION = '0.10.0'
+    VERSION = '0.12.0'
   end
 end

data/lib/rspec/openapi.rb

@@ -9,6 +9,7 @@ require 'rspec/openapi/schema_builder'
 require 'rspec/openapi/schema_file'
 require 'rspec/openapi/schema_merger'
 require 'rspec/openapi/schema_cleaner'
+require 'rspec/openapi/schema_sorter'
 
 require 'rspec/openapi/minitest_hooks' if Object.const_defined?('Minitest')
 require 'rspec/openapi/rspec_hooks' if ENV['OPENAPI'] && Object.const_defined?('RSpec')
@@ -31,6 +32,9 @@ module RSpec::OpenAPI
   @path_records = Hash.new { |h, k| h[k] = [] }
   @ignored_path_params = %i[controller action format]
 
+  # This is the configuraion override file name we look for within each path.
+  @config_filename = 'rspec_openapi.rb'
+
   class << self
     attr_accessor :path,
                   :title,
@@ -48,5 +52,7 @@ module RSpec::OpenAPI
                   :response_headers,
                   :path_records,
                   :ignored_path_params
+
+    attr_reader   :config_filename
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: rspec-openapi
 version: !ruby/object:Gem::Version
-  version: 0.10.0
+  version: 0.12.0
 platform: ruby
 authors:
 - Takashi Kokubun
@@ -9,7 +9,7 @@ authors:
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2023-12-11 00:00:00.000000000 Z
+date: 2024-02-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: actionpack
@@ -76,6 +76,7 @@ files:
 - lib/rspec/openapi/schema_cleaner.rb
 - lib/rspec/openapi/schema_file.rb
 - lib/rspec/openapi/schema_merger.rb
+- lib/rspec/openapi/schema_sorter.rb
 - lib/rspec/openapi/version.rb
 - rspec-openapi.gemspec
 - scripts/rspec