@redocly/openapi-core 1.0.0-beta.109 → 1.0.0-beta.111

package/src/rules/common/security-defined.ts

@@ -13,10 +13,11 @@ export const SecurityDefined: Oas3Rule | Oas2Rule = () => {
     }
   >();
 
+  const operationsWithoutSecurity: Location[] = [];
   let eachOperationHasSecurity: boolean = true;
 
   return {
-    DefinitionRoot: {
+    Root: {
       leave(root: Oas2Definition | Oas3Definition, { report }: UserContext) {
         for (const [name, scheme] of referencedSchemes.entries()) {
           if (scheme.defined) continue;
@@ -31,9 +32,12 @@ export const SecurityDefined: Oas3Rule | Oas2Rule = () => {
         if (root.security || eachOperationHasSecurity) {
           return;
         } else {
-          report({
-            message: `Every API should have security defined on the root level or for each operation.`,
-          });
+          for (const operationLocation of operationsWithoutSecurity) {
+            report({
+              message: `Every operation should have security defined on it or on the root level.`,
+              location: operationLocation.key(),
+            });
+          }
         }
       },
     },
@@ -51,9 +55,10 @@ export const SecurityDefined: Oas3Rule | Oas2Rule = () => {
         }
       }
     },
-    Operation(operation: Oas2Operation | Oas3Operation) {
+    Operation(operation: Oas2Operation | Oas3Operation, { location }: UserContext) {
       if (!operation?.security) {
         eachOperationHasSecurity = false;
+        operationsWithoutSecurity.push(location);
       }
     },
   };

package/src/rules/common/spec.ts

@@ -1,8 +1,9 @@
 import type { Oas3Rule, Oas2Rule } from '../../visitors';
 import { isNamedType } from '../../types';
-import { oasTypeOf, matchesJsonSchemaType, getSuggest } from '../utils';
+import { oasTypeOf, matchesJsonSchemaType, getSuggest, validateSchemaEnumType } from '../utils';
 import { isRef } from '../../ref-utils';
 import { isPlainObject } from '../../utils';
+import { UserContext } from '../../walk';
 
 export const OasSpec: Oas3Rule | Oas2Rule = () => {
   return {
@@ -114,17 +115,20 @@ export const OasSpec: Oas3Rule | Oas2Rule = () => {
           propValue = resolve(propValue).node;
         }
 
-        if (propSchema.enum) {
-          if (!propSchema.enum.includes(propValue)) {
-            report({
-              location: propLocation,
-              message: `\`${propName}\` can be one of the following only: ${propSchema.enum
-                .map((i) => `"${i}"`)
-                .join(', ')}.`,
-              from: refLocation,
-              suggest: getSuggest(propValue, propSchema.enum),
-            });
+        if (propSchema.items && propSchema.items?.enum && Array.isArray(propValue)) {
+          for (let i = 0; i < propValue.length; i++) {
+            validateSchemaEnumType(propSchema.items?.enum, propValue[i], propName, refLocation, {
+              report,
+              location: location.child([propName, i]),
+            } as UserContext);
           }
+        }
+
+        if (propSchema.enum) {
+          validateSchemaEnumType(propSchema.enum, propValue, propName, refLocation, {
+            report,
+            location: location.child([propName]),
+          } as UserContext);
         } else if (propSchema.type && !matchesJsonSchemaType(propValue, propSchema.type, false)) {
           report({
             message: `Expected type \`${propSchema.type}\` but got \`${propValueType}\`.`,

package/src/rules/oas3/__tests__/no-invalid-media-type-examples.test.ts

@@ -128,7 +128,7 @@ describe('no-invalid-media-type-examples', () => {
               "source": "foobar.yaml",
             },
           ],
-          "message": "Example value must conform to the schema: must NOT have additional properties \`c\`.",
+          "message": "Example value must conform to the schema: must NOT have unevaluated properties \`c\`.",
           "ruleId": "no-invalid-media-type-examples",
           "severity": "error",
           "suggest": Array [],
@@ -137,7 +137,7 @@ describe('no-invalid-media-type-examples', () => {
     `);
   });
 
-  it('should not on invalid example with allowAdditionalProperties', async () => {
+  it('should not report on valid example with allowAdditionalProperties', async () => {
     const document = parseYamlToDocument(
       outdent`
         openapi: 3.0.0
@@ -177,6 +177,55 @@ describe('no-invalid-media-type-examples', () => {
     expect(replaceSourceWithRef(results)).toMatchInlineSnapshot(`Array []`);
   });
 
+  it('should not report on valid example with allowAdditionalProperties and allOf and $ref', async () => {
+    const document = parseYamlToDocument(
+      outdent`
+        openapi: 3.0.0
+        components:
+          schemas:
+            C:
+              properties:
+                c:
+                  type: string
+        paths:
+          /pet:
+            get:
+              responses:
+                200:
+                  content:
+                    application/json:
+                      example:
+                        a: "string"
+                        b: 13
+                        c: "string"
+                      schema:
+                        type: object
+                        allOf:
+                          - $ref: '#/components/schemas/C'
+                        properties:
+                          a:
+                            type: string
+                          b:
+                            type: number
+
+      `,
+      'foobar.yaml'
+    );
+
+    const results = await lintDocument({
+      externalRefResolver: new BaseResolver(),
+      document,
+      config: await makeConfig({
+        'no-invalid-media-type-examples': {
+          severity: 'error',
+          allowAdditionalProperties: false,
+        },
+      }),
+    });
+
+    expect(replaceSourceWithRef(results)).toMatchInlineSnapshot(`Array []`);
+  });
+
   it('should not on invalid examples', async () => {
     const document = parseYamlToDocument(
       outdent`

package/src/rules/oas3/__tests__/response-contains-header.test.ts

@@ -270,4 +270,120 @@ describe('Oas3 response-contains-header', () => {
     });
     expect(results).toMatchInlineSnapshot(`Array []`);
   });
+
+  it('should not report response object containing header name upper cased', async () => {
+    const document = parseYamlToDocument(outdent`
+      openapi: 3.0.3
+      info:
+        version: 3.0.0
+      paths:
+        /store/subscribe:
+          post:
+            responses:
+              '200':
+                description: successful operation
+                headers:
+                  X-Test-Header:
+                    description: calls per hour allowed by the user
+                    schema:
+                      type: integer
+                      format: int32
+		`);
+
+    const results = await lintDocument({
+      externalRefResolver: new BaseResolver(),
+      document,
+      config: await makeConfig({
+        'response-contains-header': {
+          severity: 'error',
+          names: { '2XX': ['x-test-header'] },
+        },
+      }),
+    });
+    expect(results).toMatchInlineSnapshot(`Array []`);
+  });
+
+  it('should not report response object containing header name in the rule upper cased', async () => {
+    const document = parseYamlToDocument(outdent`
+      openapi: 3.0.3
+      info:
+        version: 3.0.0
+      paths:
+        /store/subscribe:
+          post:
+            responses:
+              '200':
+                description: successful operation
+                headers:
+                  x-test-header:
+                    description: calls per hour allowed by the user
+                    schema:
+                      type: integer
+                      format: int32
+		`);
+
+    const results = await lintDocument({
+      externalRefResolver: new BaseResolver(),
+      document,
+      config: await makeConfig({
+        'response-contains-header': {
+          severity: 'error',
+          names: { '2XX': ['X-Test-Header'] },
+        },
+      }),
+    });
+    expect(results).toMatchInlineSnapshot(`Array []`);
+  });
+
+  it('should report even if the response is null', async () => {
+    const document = parseYamlToDocument(
+      outdent`
+          openapi: 3.0.0
+          paths:
+            '/test/':
+              put:
+                responses: 
+                  '200': null
+        `,
+      'foobar.yaml'
+    );
+
+    const results = await lintDocument({
+      externalRefResolver: new BaseResolver(),
+      document,
+      config: await makeConfig({
+        'response-contains-header': {
+          severity: 'error',
+          names: { '2XX': ['X-Test-Header'] },
+        },
+      }),
+    });
+
+    expect(results).toMatchInlineSnapshot(`
+      Array [
+        Object {
+          "location": Array [
+            Object {
+              "pointer": "#/paths/~1test~1/put/responses/200/headers",
+              "reportOnKey": true,
+              "source": Source {
+                "absoluteRef": "foobar.yaml",
+                "body": "openapi: 3.0.0
+      paths:
+        '/test/':
+          put:
+            responses: 
+              '200': null",
+                "mimeType": undefined,
+              },
+            },
+          ],
+          "message": "Response object must contain a \\"X-Test-Header\\" header.",
+          "ruleId": "response-contains-header",
+          "severity": "error",
+          "suggest": Array [],
+        },
+      ]
+    `);
+  });
 });

package/src/rules/oas3/request-mime-type.ts

@@ -5,7 +5,7 @@ import { validateMimeTypeOAS3 } from '../../utils';
 
 export const RequestMimeType: Oas3Rule = ({ allowedValues }) => {
   return {
-    PathsMap: {
+    Paths: {
       RequestBody: {
         leave(requestBody: Oas3RequestBody, ctx: UserContext) {
           validateMimeTypeOAS3({ type: 'consumes', value: requestBody }, ctx, allowedValues);

package/src/rules/oas3/response-mime-type.ts

@@ -5,7 +5,7 @@ import { validateMimeTypeOAS3 } from '../../utils';
 
 export const ResponseMimeType: Oas3Rule = ({ allowedValues }) => {
   return {
-    PathsMap: {
+    Paths: {
       Response: {
         leave(response: Oas3Response, ctx: UserContext) {
           validateMimeTypeOAS3({ type: 'produces', value: response }, ctx, allowedValues);

package/src/rules/other/stats.ts

@@ -41,7 +41,7 @@ export const Stats = (statsAccumulator: StatsAccumulator) => {
         },
       },
     },
-    PathsMap: {
+    Paths: {
       PathItem: {
         leave() {
           statsAccumulator.pathItems.total++;

package/src/rules/utils.ts

@@ -109,7 +109,8 @@ export function validateExample(
           message: `Example value must conform to the schema: ${error.message}.`,
           location: {
             ...new Location(dataLoc.source, error.instancePath),
-            reportOnKey: error.keyword === 'additionalProperties',
+            reportOnKey:
+              error.keyword === 'unevaluatedProperties' || error.keyword === 'additionalProperties',
           },
           from: location,
           suggest: error.suggest,
@@ -137,3 +138,25 @@ export function getAdditionalPropertiesOption(opts: Record<string, any>): boolea
   showWarningForDeprecatedField('disallowAdditionalProperties', 'allowAdditionalProperties');
   return !opts.disallowAdditionalProperties;
 }
+
+export function validateSchemaEnumType(
+  schemaEnum: string[],
+  propertyValue: string,
+  propName: string,
+  refLocation: Location | undefined,
+  { report, location }: UserContext
+) {
+  if (!schemaEnum) {
+    return;
+  }
+  if (!schemaEnum.includes(propertyValue === null ? 'null' : propertyValue)) {
+    report({
+      location,
+      message: `\`${propName}\` can be one of the following only: ${schemaEnum
+        .map((type) => `"${type}"`)
+        .join(', ')}.`,
+      from: refLocation,
+      suggest: getSuggest(propertyValue, schemaEnum),
+    });
+  }
+}

package/src/types/oas2.ts

@@ -11,7 +11,7 @@ const Root: NodeType = {
     schemes: { type: 'array', items: { type: 'string' } },
     consumes: { type: 'array', items: { type: 'string' } },
     produces: { type: 'array', items: { type: 'string' } },
-    paths: 'PathsMap',
+    paths: 'Paths',
     definitions: 'NamedSchemas',
     parameters: 'NamedParameters',
     responses: 'NamedResponses',
@@ -51,7 +51,7 @@ const License: NodeType = {
   required: ['name'],
 };
 
-const PathsMap: NodeType = {
+const Paths: NodeType = {
   properties: {},
   additionalProperties: (_value: any, key: string) =>
     key.startsWith('/') ? 'PathItem' : undefined,
@@ -82,7 +82,7 @@ const Operation: NodeType = {
     consumes: { type: 'array', items: { type: 'string' } },
     produces: { type: 'array', items: { type: 'string' } },
     parameters: listOf('Parameter'),
-    responses: 'ResponsesMap',
+    responses: 'Responses',
     schemes: { type: 'array', items: { type: 'string' } },
     deprecated: { type: 'boolean' },
     security: listOf('SecurityRequirement'),
@@ -180,7 +180,7 @@ const ParameterItems: NodeType = {
   },
 };
 
-const ResponsesMap: NodeType = {
+const Responses: NodeType = {
   properties: {
     default: 'Response',
   },
@@ -376,14 +376,14 @@ export const Oas2Types: Record<string, NodeType> = {
   Info,
   Contact,
   License,
-  PathsMap,
+  Paths,
   PathItem,
   Parameter,
   ParameterItems,
   Operation,
   Examples,
   Header,
-  ResponsesMap,
+  Responses,
   Response,
   Schema,
   Xml,

package/src/types/oas3.ts

@@ -10,7 +10,7 @@ const Root: NodeType = {
     security: listOf('SecurityRequirement'),
     tags: listOf('Tag'),
     externalDocs: 'ExternalDocs',
-    paths: 'PathsMap',
+    paths: 'Paths',
     components: 'Components',
     'x-webhooks': 'WebhooksMap',
   },
@@ -88,7 +88,7 @@ const License: NodeType = {
   required: ['name'],
 };
 
-const PathsMap: NodeType = {
+const Paths: NodeType = {
   properties: {},
   additionalProperties: (_value: any, key: string) =>
     key.startsWith('/') ? 'PathItem' : undefined,
@@ -153,7 +153,7 @@ const Operation: NodeType = {
     security: listOf('SecurityRequirement'),
     servers: listOf('Server'),
     requestBody: 'RequestBody',
-    responses: 'ResponsesMap',
+    responses: 'Responses',
     deprecated: { type: 'boolean' },
     callbacks: 'CallbacksMap',
     'x-codeSamples': listOf('XCodeSample'),
@@ -190,7 +190,7 @@ const MediaType: NodeType = {
     schema: 'Schema',
     example: { isExample: true },
     examples: 'ExamplesMap',
-    encoding: 'EncodingsMap',
+    encoding: 'EncodingMap',
   },
 };
 
@@ -234,7 +234,7 @@ const Header: NodeType = {
   requiredOneOf: ['schema', 'content'],
 };
 
-const ResponsesMap: NodeType = {
+const Responses: NodeType = {
   properties: { default: 'Response' },
   additionalProperties: (_v: any, key: string) =>
     responseCodeRegexp.test(key) ? 'Response' : undefined,
@@ -408,7 +408,7 @@ const AuthorizationCode: NodeType = {
   required: ['authorizationUrl', 'tokenUrl', 'scopes'],
 };
 
-const SecuritySchemeFlows: NodeType = {
+const OAuth2Flows: NodeType = {
   properties: {
     implicit: 'ImplicitFlow',
     password: 'PasswordFlow',
@@ -425,7 +425,7 @@ const SecurityScheme: NodeType = {
     in: { type: 'string', enum: ['query', 'header', 'cookie'] },
     scheme: { type: 'string' },
     bearerFormat: { type: 'string' },
-    flows: 'SecuritySchemeFlows',
+    flows: 'OAuth2Flows',
     openIdConnectUrl: { type: 'string' },
   },
   required(value) {
@@ -470,7 +470,7 @@ export const Oas3Types: Record<string, NodeType> = {
   Info,
   Contact,
   License,
-  PathsMap,
+  Paths,
   PathItem,
   Parameter,
   Operation,
@@ -482,10 +482,10 @@ export const Oas3Types: Record<string, NodeType> = {
   Example,
   ExamplesMap: mapOf('Example'),
   Encoding,
-  EncodingsMap: mapOf('Encoding'),
+  EncodingMap: mapOf('Encoding'),
   Header,
   HeadersMap: mapOf('Header'),
-  ResponsesMap,
+  Responses,
   Response,
   Link,
   Schema,
@@ -508,7 +508,7 @@ export const Oas3Types: Record<string, NodeType> = {
   PasswordFlow,
   ClientCredentials,
   AuthorizationCode,
-  SecuritySchemeFlows,
+  OAuth2Flows,
   SecurityScheme,
   XCodeSample,
   WebhooksMap,

package/src/types/oas3_1.ts

@@ -9,7 +9,7 @@ const Root: NodeType = {
     security: listOf('SecurityRequirement'),
     tags: listOf('Tag'),
     externalDocs: 'ExternalDocs',
-    paths: 'PathsMap',
+    paths: 'Paths',
     webhooks: 'WebhooksMap',
     components: 'Components',
     jsonSchemaDialect: { type: 'string' },
@@ -69,7 +69,7 @@ const Operation: NodeType = {
     security: listOf('SecurityRequirement'),
     servers: listOf('Server'),
     requestBody: 'RequestBody',
-    responses: 'ResponsesMap',
+    responses: 'Responses',
     deprecated: { type: 'boolean' },
     callbacks: mapOf('Callback'),
     'x-codeSamples': listOf('XCodeSample'),
@@ -176,7 +176,7 @@ const SecurityScheme: NodeType = {
     in: { type: 'string', enum: ['query', 'header', 'cookie'] },
     scheme: { type: 'string' },
     bearerFormat: { type: 'string' },
-    flows: 'SecuritySchemeFlows',
+    flows: 'OAuth2Flows',
     openIdConnectUrl: { type: 'string' },
   },
   required(value) {

package/src/types/redocly-yaml.ts

@@ -66,7 +66,7 @@ const nodeTypesList = [
   'Info',
   'Contact',
   'License',
-  'PathsMap',
+  'Paths',
   'PathItem',
   'Parameter',
   'Operation',
@@ -78,10 +78,10 @@ const nodeTypesList = [
   'Example',
   'ExamplesMap',
   'Encoding',
-  'EncodingsMap',
+  'EncodingMap',
   'Header',
   'HeadersMap',
-  'ResponsesMap',
+  'Responses',
   'Response',
   'Link',
   'LinksMap',
@@ -104,7 +104,7 @@ const nodeTypesList = [
   'PasswordFlow',
   'ClientCredentials',
   'AuthorizationCode',
-  'SecuritySchemeFlows',
+  'OAuth2Flows',
   'SecurityScheme',
   'XCodeSample',
   'WebhooksMap',
@@ -165,6 +165,12 @@ const ConfigRoot: NodeType = {
         doNotResolveExamples: { type: 'boolean' },
       },
     },
+    files: {
+      type: 'array',
+      items: {
+        type: 'string',
+      },
+    },
   },
 };
 
@@ -187,6 +193,12 @@ const ConfigApisProperties: NodeType = {
     ...ConfigStyleguide.properties,
     'features.openapi': 'ConfigReferenceDocs',
     'features.mockServer': 'ConfigMockServer',
+    files: {
+      type: 'array',
+      items: {
+        type: 'string',
+      },
+    },
   },
   required: ['root'],
 };
@@ -275,6 +287,10 @@ const Assert: NodeType = {
     ref: (value: string | boolean) =>
       typeof value === 'string' ? { type: 'string' } : { type: 'boolean' },
   },
+  additionalProperties: (_value: unknown, key: string) => {
+    if (/^\w+\/\w+$/.test(key)) return { type: 'object' };
+    return;
+  },
   required: ['subject'],
 };
 
@@ -874,6 +890,16 @@ const ConfigReferenceDocs: NodeType = {
     unstable_externalDescription: { type: 'boolean' }, // deprecated
     unstable_ignoreMimeParameters: { type: 'boolean' },
     untrustedDefinition: { type: 'boolean' },
+    mockServer: {
+      properties: {
+        url: { type: 'string' },
+        position: { enum: ['first', 'last', 'replace', 'off'] },
+        description: { type: 'string' },
+      },
+    },
+    showAccessMode: { type: 'boolean' },
+    preserveOriginalExtensionsName: { type: 'boolean' },
+    markdownHeadingsAnchorLevel: { type: 'number' },
   },
   additionalProperties: { type: 'string' },
 };

package/src/utils.ts

@@ -231,3 +231,16 @@ export function isTruthy<Truthy>(value: Truthy | Falsy): value is Truthy {
 export function identity<T>(value: T): T {
   return value;
 }
+
+export function pickDefined<T extends Record<string, unknown>>(
+  obj?: T
+): Record<string, unknown> | undefined {
+  if (!obj) return undefined;
+  const res: Record<string, unknown> = {};
+  for (const key in obj) {
+    if (obj[key] !== undefined) {
+      res[key] = obj[key];
+    }
+  }
+  return res;
+}