postman-app-support icon indicating copy to clipboard operation
postman-app-support copied to clipboard

Published 20 hours ago verified publisher icon postmanlabs

OpenAPI 3.0 readOnly fields show up in request body

Open jules27 opened this issue 2 years ago • 6 comments

Is there an existing issue for this?

  • [X] I have searched the tracker for existing similar issues and I know that duplicates will be closed

Describe the Issue

I have a YAML file that contains definitions of schemas and endpoints for OpenAPI version 3.0.2. When I import the YAML file into Postman as a Collection, I see the request body contain parameters that are marked as readOnly (and thus should not be sent as part of the request).

Steps To Reproduce

  1. Create a YAML file for OpenAPI version 3.0.2.
  2. In the YAML file, define a POST endpoint that has its requestBody pointing to a schema.
  3. Define a schema containing properties, some marked as readOnly and some not.
  4. Import the YAML file into a Postman Collection.
  5. Navigate to the API endpoint within the Collection that was just imported.
  6. Click on the Body tab.
  7. Observe that the request body contains readOnly attributes.

Screenshots or Videos

This is the YAML file I created and imported into my Postman Collection:

openapi: "3.0.2"
info:
  version: '1'
  title: Minimal Test API
  description: Test API

components:
  schemas:
    CustomId:
      type: string
      minLength: 12
      maxLength: 12
      pattern: '[A-Z0-9]{12}'
      example: SOMEID
      readOnly: true

    OrderBase:
      type: object
      description: An order
      properties:
        some_text:
          type: string
          description: |
            Text
          example: 'Text-for-This-Order'

        amount:
          type: integer
          description: Amount
          example: 5

        campaign_id:
          allOf:
            - $ref: '#/components/schemas/CustomId'
            - description: |
                ID of the campaign
          example: CAMPAIGNID

        created_at:
          type: string
          format: date-time
          description: Date the order was created
          readOnly: true

      required:
        - created_at
        - amount

paths:
  /orders:
    post:
      summary: Create order
      description: Create an order
      requestBody:
        required: true
        description: Order to create
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/OrderBase'
      responses:
        '200':
          description: Created order

This is what I see in the request body tab on Postman: image

Text version of the screenshot:

{
  "created_at": "<dateTime>",
  "amount": "<integer>",
  "some_text": "<string>",
  "campaign_id": "7N8L9F6MWMC1"
}

Note that in the request body, created_at and campaign_id are marked as readOnly in the YAML file and shouldn't be sent as part of the request.

Operating System

macOS

Postman Version

10.17.2

Postman Platform

Both

User Account Type

Signed In User

Additional Context?

I tested the YAML file in the Swagger Editor, which does exclude the readOnly fields in the request body:

image image

Text version of the screenshot above:

{
  "some_text": "Text-for-This-Order",
  "amount": 5
}

jules27 avatar Aug 22 '23 18:08 jules27

Any update on this one, @postman-staff? Is it on the roadmap? I also have this problem.

kurko avatar Feb 01 '24 15:02 kurko

bump @postman-staff

mironbalcerzak avatar Feb 15 '24 13:02 mironbalcerzak

Same problem with writeOnly properties.

sergei-ft avatar Feb 27 '24 14:02 sergei-ft

up @postman-staff

Same issues here.

denisebiscaro avatar Mar 04 '24 13:03 denisebiscaro

up @postman-staff I'm also facing the same issue. Swagger UI correctly interprets readOnly schema properties in OpenApi definitions, but Postman does not.

juhachmann avatar Mar 15 '24 22:03 juhachmann

Thanks for reporting the issue! We're aware of this and are working on fix for this which should be available soon. I'll inform here once the fix is available in Postman App.

VShingala avatar Jul 12 '24 05:07 VShingala

This issue is fixed from module side but will be available on Postman app in upcoming week. I'll update here once it's also available on Postman app.

VShingala avatar Aug 14 '24 06:08 VShingala

@jules27 @kurko @mironbalcerzak @sergei-ft @denisebiscaro @juhachmann We've added support for readOnly and writeOnly properties with latest version of Postman App v11.10.0. Do give it a try and let us know if you face any further issues with the Import flow for such OpenAPI definitions.

VShingala avatar Aug 28 '24 05:08 VShingala

I still have the issue with version v11.18.1.

ufawe avatar Oct 30 '24 06:10 ufawe

@ufawe A simple file seem to work fine for me and importing it correctly removes readOnly field from request body and keep it in response.

Could you share the OpenAPI definition for which you're seeing this issue? Even a trimmed-down version where we can reproduce the issue will help us fixing the issue.

VShingala avatar Oct 30 '24 11:10 VShingala

Issue still exists v11.19.0

fortinjoffrey avatar Nov 11 '24 14:11 fortinjoffrey

@fortinjoffrey As mentioned in earlier comments, It'd really help us if you could share the OpenAPI definition for which you're seeing this issue. Even a trimmed-down version where we can reproduce the issue will help us fixing the issue.

A simple file seem to work fine for me and importing it correctly removes readOnly field from request body and keep it in response.

VShingala avatar Nov 12 '24 05:11 VShingala