openapi-core icon indicating copy to clipboard operation
openapi-core copied to clipboard

Published 20 hours ago verified publisher icon python-openapi

Request validation does not work properly in case request schema is an object "derived" from other object using allOf

Open vyakoviv-vs opened this issue 5 years ago • 1 comments

Hi. I am trying to validate a request which is an object "derived" from other object using allOf

components:
  schemas:
    Base:
      type: object
      properties:
        ctime:
          type: integer

    ExtendedResource:
      allOf:
        - $ref: '#/components/schemas/Base'
        - type: object
          properties:
            name:
              type: string
            options:
              type: object
              properties:
                option_1:
                  type: string
                option_2:
                  type: string
            capabilities:
              type: object
              properties:
                capability_1:
                  type: string
                capability_2:
                  type: string

Currently validator does not raise any exceptions in case of the following request body:

{'name': 'ext_res', 
 'options': {'option_1': 'a', 'option_3': 'b'}, 
 'capabilities': {'capability_1': 'c', 'capability_3': '3'}}

Expecting that options.option_3 or capabilities.capability_3 are rejected.

Many Thanks!

vyakoviv-vs avatar Mar 07 '19 14:03 vyakoviv-vs

I experienced this also for the simple object validation (not only "derived"). Probably you are right that this is bug in the lib, at least according to the official page, but workaround would be to explicitly use additionalProperties: false, for example for capabilities object:

capabilities:
  type: object
  properties:
    capability_1:
      type: string
    capability_2:
      type: string
  additionalProperties: false

And fix in the lib should be very simple, I would say.

stojan-jovic avatar Jun 17 '20 13:06 stojan-jovic