Skip to content

Commit

Permalink
allowUnknownQueryParameters:false skipped if no query parameters defined
Browse files Browse the repository at this point in the history
  • Loading branch information
Dimascio committed Jun 6, 2020
1 parent 5e5e239 commit 9815802
Show file tree
Hide file tree
Showing 7 changed files with 51 additions and 12 deletions.
2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "express-openapi-validator",
"version": "3.14.1",
"version": "4.0.0",
"description": "Automatically validate API requests and responses with OpenAPI 3 and Express.",
"main": "dist/index.js",
"scripts": {
Expand Down
4 changes: 2 additions & 2 deletions src/middlewares/openapi.request.validator.ts
Original file line number Diff line number Diff line change
Expand Up @@ -165,8 +165,8 @@ export class RequestValidator {
}

private processQueryParam(query, schema, whiteList: string[] = []) {
if (!schema.properties) return;
const knownQueryParams = new Set(Object.keys(schema.properties));
const keys = schema.properties ? Object.keys(schema.properties) : [];
const knownQueryParams = new Set(keys);
whiteList.forEach((item) => knownQueryParams.add(item));
const queryParams = Object.keys(query);
const allowedEmpty = schema.allowEmptyValue;
Expand Down
24 changes: 17 additions & 7 deletions test/query.params.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -11,13 +11,14 @@ describe(packageJson.name, () => {
before(async () => {
// Set up the express app
const apiSpec = path.join('test', 'resources', 'query.params.yaml');
app = await createApp({ apiSpec }, 3005, app =>
app = await createApp({ apiSpec }, 3005, (app) =>
app.use(
`${app.basePath}`,
express
.Router()
.post(`/pets/nullable`, (req, res) => res.json(req.body))
.get(`/no_reserved`, (req, res) => res.json(req.body))
.get(`/no_query_params`, (req, res) => res.json({ complete: true }))
.get(`/allow_reserved`, (req, res) => res.json(req.body)),
),
);
Expand All @@ -39,6 +40,17 @@ describe(packageJson.name, () => {
})
.expect(200));

it('should reject any query param when endpoint declares none', async () =>
request(app)
.get(`${app.basePath}/no_query_params`)
.query({
name: 'max',
})
.expect(400)
.then((r) => {
expect(r.body.errors).to.be.an('array');
}));

it('should fail if unknown query param is specified', async () =>
request(app)
.get(`${app.basePath}/pets`)
Expand All @@ -51,7 +63,7 @@ describe(packageJson.name, () => {
unknown_prop: 'test',
})
.expect(400)
.then(r => {
.then((r) => {
expect(r.body.errors).to.be.an('array');
}));

Expand All @@ -66,13 +78,11 @@ describe(packageJson.name, () => {
owner_name: 'carmine',
})
.expect(400)
.then(r => {
.then((r) => {
expect(r.body)
.to.have.property('message')
.that.equals("Empty value found for query parameter 'breed'");
expect(r.body.errors)
.to.be.an('array')
.with.length(1);
expect(r.body.errors).to.be.an('array').with.length(1);
expect(r.body.errors[0].path).to.equal('.query.breed');
}));

Expand All @@ -99,7 +109,7 @@ describe(packageJson.name, () => {
request(app)
.get(`${app.basePath}/no_reserved?value=ThisHas$ReservedChars!`)
.expect(400)
.then(r => {
.then((r) => {
const body = r.body;
expect(body.message).equals(
"Parameter 'value' must be url encoded. It's value may not contain reserved characters.",
Expand Down
7 changes: 6 additions & 1 deletion test/resources/query.params.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -69,7 +69,12 @@ paths:
responses:
'200':
description: success

/no_query_params:
get:
description: test no query parameters
responses:
'200':
description: pet response
/pets:
get:
description: |
Expand Down
10 changes: 10 additions & 0 deletions test/resources/read.only.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,11 @@ paths:
post:
description: get user
operationId: getUser
parameters:
- name: include_id
in: query
schema:
type: boolean
requestBody:
required: true
content:
Expand Down Expand Up @@ -44,6 +49,11 @@ paths:
post:
description: get user
operationId: getUser
parameters:
- name: include_id
in: query
schema:
type: boolean
requestBody:
required: true
content:
Expand Down
6 changes: 5 additions & 1 deletion test/resources/request.bodies.ref.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,11 @@ servers:
paths:
/request_bodies_ref:
post:
parameters:
- name: bad_body
in: query
schema:
type: boolean
requestBody:
$ref: '#/components/requestBodies/TestBody'
responses:
Expand Down Expand Up @@ -37,7 +42,6 @@ paths:
'*/*':
schema:
type: string

'400':
description: Bad Request

Expand Down
10 changes: 10 additions & 0 deletions test/resources/write.only.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,11 @@ paths:
post:
description: create products
operationId: createProductsInline
parameters:
- name: exclude_write_only
in: query
schema:
type: boolean
requestBody:
required: true
content:
Expand Down Expand Up @@ -45,6 +50,11 @@ paths:
post:
description: create products
operationId: createProductsNested
parameters:
- name: exclude_write_only
in: query
schema:
type: boolean
requestBody:
required: true
content:
Expand Down

0 comments on commit 9815802

Please sign in to comment.