express-openapi-validator
express-openapi-validator copied to clipboard
cdimascio
`additionalProperties` only works on the top object
Describe the bug
additionalProperties only works on the top object in the schema. All additionalProperties in the children object will be ignored.
To Reproduce If I have the following schema,
components:
schemas:
User:
type: object
additionalProperties: false
properties:
attributes:
type: object
properties:
email:
type: string
format: email
name:
type: string
password:
type: string
additionalProperties: false
relationships:
type: object
properties:
projects:
type: object
additionalProperties: false
I send a request like
{
"attributes": {
"email": "[email protected]",
"name": "123123",
"random": "123"
},
"relationships": {
"projects": {},
"random": {}
}
}
and want express-openapi-validator to validate it for me
Actual behavior My request would pass with no error
Expected behavior
My request should fail because it has additionalProperties random in attributes and relationships
Examples and context But if I send a request like
{
"foo": "bar",
"attributes": {
"email": "[email protected]",
"name": "123123",
"random": "123"
},
"relationships": {
"projects": {},
"random": {}
}
}
My request failed because it detected additionalProperties foo at the top level, but didn't complain about the children object additionalProperties
If I divided my schemas like
components:
schemas:
UserAttributes:
type: object
properties:
email:
type: string
format: email
name:
type: string
password:
type: string
additionalProperties: false
UserRelationships:
type: object
properties:
projects:
type: object
additionalProperties: false
User:
type: object
additionalProperties: false
properties:
attributes:
$ref: "#/components/schemas/UserAttributes"
relationships:
$ref: "#/components/schemas/UserRelationships"
Then everything works as expected.
I'm not sure if this problem is caused by your code since you are using other packages, but please find out what's going on
