1. Atlassian Avatar Atlassian
  2. Tooling and Automation
  3. swagger-request-validator
  4. Issues

Base64 errors missing field name

Issue #285 resolved
Yishai Landau created an issue

Hi,

The following error array I receive consists of 2 errors - one is a field missing, and the other is that a parameter is not base64. I know what field is missing, but I don’t know which field failed the base64 validation:

"errors": [
        "Header parameter 'Digest' is required on path '/v1/{payment-service}/{payment-product}/{paymentId}' but not found in request.",
        "Not a valid base64 string"
    ]

Would it be possible to add the name of the failing field that required base64?

Thanks

Comments (10)

  1. Sven Döring

    Is it really a field? If I test this on a field there is always a field name.

    Can it be a header or query parameter?
    Do you use the latest SRV version?
    Which framework you are using?
    Is it OpenAPI 2 or 3?

  2. James Navin

    Hi Yishai,

    As Sven says - it would be helpful to know what version and framework you are using to trigger the validation (and to receive those validation messages).

    If you use the OpenApiInteractionValidator directly, the Message objects you receive back in the ValidationReport will have contextual information that will include the parameter name that failed validation. If you can let us know which adapter/framework you are using we could look at making sure this context information is supplied in the output error msg.

    What I might do though is look at providing some additional information in the validation message about why it failed validation (e.g. invalid length, bad character etc.)

    Cheers,

    James

  3. James Navin

    I have added some additional information to the validation message for base64 strings. It is available in v2.10.1.

    I will mark this issue as resolved, but please feel free to re-open if the above advice or improved messages don’t meet your needs.

  6. Yishai Landau reporter

    I’ve uploaded an OoenAPI file. It’s a bit of a long one.

    I’ve run tests against v2.10.1 - got more details, but less than when I get other messages.

    Here’s the code - it calls a middleware I’ve programmed, but it’s very straight-forward to follow. Line 7 is where I set it to fail. With any other failure the message includes the name of the field. It’s missing when testing for base64:

    String path = "/v1/payments/masav/1234-wertiq-9800";
        String method = "get";
        Map<String, List<String>> headers = new HashMap<>();
        addHeaderAttribute(headers,"X-Request-ID", "99391c7e-ad88-49ec-a2ad-99ddcb1f7721");
        addHeaderAttribute(headers,"Digest", "SHA-256=hl1/Eps8BEQW58FJhDApwJXjGY4nr1ArGDHIT25vq6A=");
        addHeaderAttribute(headers,"Signature", "keyId=\"SN=9FA1,CA=CN=D-TRUST%20CA%202-1%202015,O=D-Trust%20GmbH,C=DE\",algorithm=\"rsa-sha256\", headers=\"Digest X-Request-ID PSU-ID TPP-Redirect-URI Date\", signature=\"Base64(RSA-SHA256(signing string))");
//        addHeaderAttribute(headers,"TPP-Signature-Certificate", "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUEwbW4vWmlKQmlEcXMyQm0wKzdCcgp6ak1KakNiWkpmbmkzSCt2NWhVUVdaL0xCT0hnc1VZWU1ETmUrSk5wdCtwSFBWd1B3c2ZRMk9rZmdsdFFpTlpFCjVvenloVFkraU9xcHBmV1VDY2tZMVZBM053WDE2S1FzY2FxNW1sQ0U0bTZndy9yUUNJT1k5bUxoVUFlN05RU2EKUDhpdUJSY283L1paUzRUam5nYnhyU3FqTS8xRy9RN2lkR1NGUE9mQ0FJYmhkcmNBMmdRTWxaSzNJelJoNGFYWgoybE0xa0RwRmRqc2E5RVRKdmVZdVNja3g1RzRDTDZkYU5RNGhOWVhIZ0xMY1g1cUo1cmZ6NlhEajZxUWVCVEpLCjRMT2dhTkdDZWplcUd5S01Za3hhV1YzVGdpeEtCbG8wUnZ5UmUxbHo5eGZJV3hkd3RVOHcwc25pMVpWaVFZOE8KQ1FJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0t");
        addHeaderAttribute(headers,"TPP-Signature-Certificate", "Hello World");
        addHeaderAttribute(headers,"PSU-IP-Address", "192.168.8.78");
        addHeaderAttribute(headers,"PSU-IP-Port", "1234");
        addHeaderAttribute(headers,"PSU-Accept", "192.168.8.78");
        addHeaderAttribute(headers,"PSU-Accept-Encoding", "utf8");
        addHeaderAttribute(headers,"PSU-Accept-Language", "he");
        addHeaderAttribute(headers,"PSU-Http-Method", "GET");
        addHeaderAttribute(headers,"PSU-Device-ID", "99391c7e-ad88-49ec-a2ad-99ddcb1f7721");
        addHeaderAttribute(headers,"PSU-Http-Method", "GET");
        addHeaderAttribute(headers,"PSU-Geo-Location", "GEO:52.506931;-13.144558");
        try {
            final OpenAPIValidator validator = new OpenAPIValidator(getFilePath("boi_fixed.json"));
            final List<String> messages = validator.validateRequestSchema(path, method, headers, "", new HashMap<>());
            System.out.println("messages:");
            System.out.println(messages);
            Assert.assertEquals(messages.size(), 0);
        }

    If this is too complicated to replicate, I will set up a Java server on a public cloud and send references.

    Thanks for looking into this

  7. Yishai Landau reporter
    • changed status to open

    Checked against new version, but message does not include a reference to the base64 field that failed. I've uploaded a (big) OpenAPI file and some testing code that I ran

  8. Yishai Landau reporter

    Can it be a header or query parameter? Header
    Do you use the latest SRV version? 2.10.1
    Which framework you are using? I wrote a middleware that interacts with the core library (OpenApiInteractionValidator)
    Is it OpenAPI 2 or 3? 3

  9. James Navin

    Thanks for that extra info. As I mentioned though, I think you can get most of what you’re looking for from the additional context available on the Message object. This should allow you to construct a richer validation message that includes the field, and location (request/response etc.). Take a look at the output of the JsonValidationReportFormat for examples of the sort of information available there.

    If that is still not enough please let me know.

  11. Log in to comment
Assignee
Type
bug
Priority
minor
Status
resolved
Votes
0
Watchers
1