1. Atlassian Avatar Atlassian
  2. Tooling and Automation
  3. swagger-request-validator
  4. Issues

Validation of required read-only field fails when request body use allOf to compose schema

Issue #265 resolved
Adrien Gibrat created an issue

Schema using allOf composition with required readOnly properties are not validated properly.

PUT /test {“notReadOnly”: “abc”, “writeOnly”: “write“}

should be valid but triggers validation error complaining `readOnly` is missing in request payload.

Given then openAPI spec is:

openapi: 3.0.0
info:
  version: 1.0.0
  title: RequiredReadOnlyAllOf
servers:
  - url: /
paths:
  /test:
    put:
      summary: update an item
      requestBody:
        description: updated
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/ComposedWithAllOf'
      responses:
        '201':
          description: Updated
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/ComposedWithAllOf'
components:
  schemas:
    ReadOnly:
      type: object
      properties:
        readOnly:
          type: string
          readOnly: true
          example: 'read'
        notReadOnly:
          type: string
          example: 'abc'
        writeOnly:
          type: string
          writeOnly: true
          example: 'write'
      required:
        - readOnly
        - notReadOnly
        - writeOnly
    ComposedWithAllOf:
      allOf:
        - type: object
          required:
            - id
          properties:
            id:
              type: string
        - $ref: '#/components/schemas/ReadOnly

207 & 240 already fixed related issue, but the same bug appear when required, readOnly & allOfare used together.

Comments (5)

  1. Former user Account Deleted

    We are encountering the exact same behavior.

    Please address this issue as soon as possible, since it renders the validator unusable for us.

  4. Arho Huttunen

    If I’m interpreting this correctly, there is an error in the tests related to the usage of allOf:

    https://bitbucket.org/atlassian/swagger-request-validator/src/78393640b5492604ded5c7f31b4fdaca6b355635/swagger-request-validator-core/src/test/resources/oai/v3/api-required-readonly-writeonly.yaml#lines-62

    The ReadOnlyAllOf schema is not referred to anywhere in that file, only ReadOnly.

    Noticed that our existing tests that had allOf in the responses and worked in 2.9.0, started failing in 2.9.1.

  5. James Navin

    Hi Arho,

    The way those tests work is a perhaps a little misleading. They load the OpenAPI spec, then invoke the schema validator with the specific schema fetched from the #/components/schemas block. You can see in e.g. https://bitbucket.org/atlassian/swagger-request-validator/src/78393640b5492604ded5c7f31b4fdaca6b355635/swagger-request-validator-core/src/test/java/com/atlassian/oai/validator/schema/SchemaValidatorTest.java#lines-662 that the ReadOnlyAllOf schema is being used to validate the provided input object.

    Could you supply an example schema + request + error that reproduces the problem?

    Cheers,

    James

  6. Log in to comment
Assignee
Type
bug
Priority
major
Status
resolved
Votes
5
Watchers
7