prism icon indicating copy to clipboard operation
prism copied to clipboard
verified publisher icon stoplightio

Proxy is not validating against the correct response schema when using accept header for versioning

Open jarlah opened this issue 1 year ago • 3 comments

Prism proxy is not validating against the correct response schema when using accept header for versioning

Context

I cant make versioned requests using accept header and expect the prism proxy to verify the correct response schema in the openapi file.

Current Behavior

It currently takes the first schema, for the first response listed under responses and validates the server response based on that.

Expected Behavior

It should read the content type from the response and select the proper response schema in the openapi path.

Possible Workaround/Solution

I dont have any good suggestions.

Steps to Reproduce

Use the following openapi spec

{
    ..... the rest of the spec .....
    
    "paths": {
        "/api/stuff/{stuffid}": {
            "get": {
                "tags": [
                    "stuff"
                ],
                "operationId": "getStuff",
                "summary": "Get stuff",
                "description": "Get some stuff",
                "parameters": [
                    {
                        "name": "stuffid",
                        "in": "path",
                        "description": "Stuff id",
                        "required": true,
                        "schema": {
                            "type": "string",
                            "example": "stuff id"
                        }
                    }
                ],
                "responses": {
                    "200": {
                        "description": "200",
                        "content": {
                            "application/vnd.stuff.v2+json": {
                                "schema": {
                                    "$ref": "#/components/schemas/StuffV2"
                                }
                            },
                            "application/vnd.stuff.v1+json": {
                                "schema": {
                                    "$ref": "#/components/schemas/StuffV1"
                                }
                            },
                            "application/json": {
                                "schema": {
                                    "$ref": "#/components/schemas/StuffV2"
                                }
                            }
                        }
                    }
                }
            }
        }
    }
}

run the proxy with errors enabled

prism proxy stuffapi.json http://stuffserver.com --errors

call the url

curl -v http://localhost:4010/api/stuff/fluffybear -H "Accept: application/vnd.stuff.v1+json"

if response returns v1 as it should, the proxy will test for v2 since its first on the list of responses.

I have verified this by actually reordering responses in the spec.

Environment

  • Version used: latest
  • Environment name and version (e.g. Chrome 39, node.js 5.4):
  • Operating System and version (desktop or mobile): prism cli on redhat
  • Link to your environment/workspace/project:

jarlah avatar Apr 08 '24 11:04 jarlah

primary suspect is somewhere around here https://github.com/stoplightio/prism/blob/c1145066f9e1f8d24b62c5356d8bf2312327e97b/packages/http/src/validator/validators/body.ts#L156

jarlah avatar Apr 08 '24 11:04 jarlah

we should also validate this on requests with the content-type header as well as in mock mode.

daniel-white avatar Apr 12 '24 16:04 daniel-white

This ticket has been labeled jira. A tracking ticket in Stoplight's Jira (STOP-458) has been created.

github-actions[bot] avatar Apr 12 '24 16:04 github-actions[bot]