Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

anyOf/oneOf coerces to property first fitting type (in body response) #391

Closed
kevinval opened this issue Oct 7, 2020 · 3 comments
Closed

anyOf/oneOf coerces to property first fitting type (in body response) #391

kevinval opened this issue Oct 7, 2020 · 3 comments

Comments

@kevinval
Copy link

kevinval commented Oct 7, 2020

Describe the bug
A property defined as anyOf with a mixture of integer/boolean results in being coerced (cast) to the first type it matches. Additionally using oneOf isn't possible either as both boolean and an integer value will with both types and the match is no longer oneOf.

To Reproduce
Having a schema like this:

type: object
properties:
  key:
    type: string
    description: Key of the setting.
  value:
    anyOf:
      - type: integer
      - type: boolean
      - type: object
    description: Value of the setting.

And having validateResponses: true enabled, when an object like this is passed to the validator:

{
  "key": "boolean_setting",
  "value": false
}

Actual behavior
It comes out of the validator as this:

{
  "key": "boolean_setting",
  "value": 0
}

Expected behavior
The type should be kept as boolean:

{
  "key": "boolean_setting",
  "value": false
}

Examples and context
It also works the other way, if the schema will have boolean first in the list stuff will get coerced to boolean instead - whatever matches first it seems based on coercion rules of AJV.

coerceTypes: false seems to fix this behavior. It also fixes it for oneOf (obviously, I guess). But that's not the best workaround as we do rely on it for eg. URL GET parameters.

I noticed the recent work in #387 and that coerceTypes got deprecated. Is it possible it somehow does not apply to validation of responses? At least from the quick look it seemed to be request-related.
@cdimascio
Copy link
Owner

cdimascio commented Oct 7, 2020
edited
Loading

@kevinval good catch. PR #387 improves the way request validation is handled. Essentially, it no longer performs type coercion on request bodies. Everything else remains the same (though coerceTypes becomes ambiguous and hence will be removed in the next major version). As you example illustrates, a similar change is needed for response bodies. I'll start work on that.

cdimascio added a commit that referenced this issue Oct 7, 2020
@cdimascio
(fix) #391 - do not coerce response body value
f7422dc
cdimascio added a commit that referenced this issue Oct 8, 2020
@cdimascio
Response body coercion (#392)
c8b5fdf 
* (fix) #391 - do not coerce response body value

* update README
@cdimascio
Copy link
Owner

@kevinval this should be fixed in v4.2.0

@kevinval
Copy link
Author

kevinval commented Oct 8, 2020

confirmed fixed in v4.2.0, thanks for the amazingly fast response :-)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cdimascio @kevinval