Skip to content

OAS 3.0.1: apiKey security scheme has incomprehensible validation errors #1672

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
eropple opened this issue Feb 12, 2018 · 1 comment · Fixed by #1985
Closed

OAS 3.0.1: apiKey security scheme has incomprehensible validation errors #1672

eropple opened this issue Feb 12, 2018 · 1 comment · Fixed by #1985
Labels
cat: validation epic: schema validation error quality type: bug

Comments

@eropple
Copy link

eropple commented Feb 12, 2018
edited
Loading

Q A
Bug or feature request? Bug
Which Swagger/OpenAPI version? 3.0.1
Which Swagger-Editor version? 3.2.9
How did you install Swagger-Editor? yarn
Which broswer & version? Chrome latest
Which operating system? Fedora 27

Demonstration API definition

---
openapi: 3.0.1
info:
  title: Test
  version: 1.0.0
paths: {}
components:
  schemas: {}
  securitySchemes:
    headerFoo:
      type: apiKey
      in: header
  links: {}
  callbacks: {}

Configuration (browser query string, constructor, config.yaml)

Completely stock

Expected Behavior

I expected it to squawk that headerFoo lacked a name parameter.

Current Behavior

Schema error at components.securitySchemes['headerFoo']
should NOT have additional properties
additionalProperty: in

Schema error at components.securitySchemes['headerFoo'].type
should be equal to one of the allowed values
allowedValues: http, oauth2, openIdConnect

This is weird, because it explicitly enumerates the valid types for this...and omits apiKey. If I fix the scheme def, it's fine:

    headerFoo:
      type: apiKey
      name: bob
      in: header

Context

I'm writing an OpenAPI-first web framework for Ruby/Rack, called Modern. As I build my OpenAPI spec generator, I keep occasionally testing against the editor (because the only Ruby OAPI gem I can find is incomplete and I haven't extended my test pipeline to automate the use of swagger-js) and this one made me go "buh?".
@eropple eropple changed the title OAS 3.0.1: apiKey header type OAS 3.0.1: apiKey header type has incomprehensible validation errors Feb 12, 2018
@eropple eropple changed the title OAS 3.0.1: apiKey header type has incomprehensible validation errors OAS 3.0.1: apiKey security scheme has incomprehensible validation errors Feb 12, 2018
shockey added a commit to shockey/swagger-editor that referenced this issue Apr 9, 2019
@shockey
use switch to pivot security scheme based on type
4a05e3a 
(for swagger-api#1672)
shockey added a commit to shockey/swagger-editor that referenced this issue Apr 9, 2019
@shockey
use switch to fall-through to inline security scheme validation (for s…
55fdb22 
…wagger-api#1672)
shockey added a commit to shockey/swagger-editor that referenced this issue Apr 10, 2019
@shockey
use switch to pivot security scheme based on type
bdb3b5d 
(for swagger-api#1672)
shockey added a commit to shockey/swagger-editor that referenced this issue Apr 10, 2019
@shockey
use switch to fall-through to inline security scheme validation (for s…
50aaa8a 
…wagger-api#1672)
shockey added a commit to shockey/swagger-editor that referenced this issue Apr 11, 2019
@shockey
use switch to pivot security scheme based on type
696794d 
(for swagger-api#1672)
shockey added a commit to shockey/swagger-editor that referenced this issue Apr 11, 2019
@shockey
use switch to fall-through to inline security scheme validation (for s…
1299eaa 
…wagger-api#1672)
@shockey shockey mentioned this issue Apr 12, 2019
Merged
17 tasks
@shockey
Copy link
Contributor

shockey commented Apr 12, 2019

I've opened a pull request (#1985) that will close this issue.

Here's what Swagger Editor reports with my changes:

Structural error at […]headerFoo
should have required property 'name'
missingProperty: name

shockey added a commit to shockey/swagger-editor that referenced this issue Apr 17, 2019
@shockey
use switch to pivot security scheme based on type
f8d87f1 
(for swagger-api#1672)
shockey added a commit to shockey/swagger-editor that referenced this issue Apr 17, 2019
@shockey
use switch to fall-through to inline security scheme validation (for s…
b572bfa 
…wagger-api#1672)
shockey added a commit that referenced this issue Apr 18, 2019
@shockey
improvement: schema validation error quality, phase 2 (via #1985)
06a5ad2 
* adopt @webron's OpenAPI 3.0 schema from OAI/OpenAPI-Specification#1270

permalink: https://github.com/OAI/OpenAPI-Specification/blob/92e15eba1d4591ebfe8c11898c48241e72854381/schemas/v3.0/schema.yaml

* add ajv-errors

* address error messages for #1808's Swagger 2.0 example

clarifies the schema and adds custom error messages for unclear error conditions

* address error messages for #1808's OpenAPI 3.0 example

* restrict underlying JSON Schema `type` field to simple types only (for #1832)

* fix limitation in JSON Pointer conversion helper

* add clear `not` error message (for #1489)

* add additionalProperties message (for #1394)

* add ajv-keywords

* use `switch` to intelligently identify inline vs referenced content (for #1853)

* use `switch` to XOR `schema` and `content` (for #1853)

* use `switch` to pivot security scheme based on type

(for #1672)

* use switch to fall-through to inline security scheme validation (for #1672)

* rewrite more Reference oneOfs (for #1519)

* add custom message for `Schema.required` type error (for #1519)

* rewrite Response/Reference oneOf (for #1489)

* use switch in ParameterLocation validation (for #1797)

* define pivot key switches for SecurityDefinitions (for #1711)

* give helpful `format: uri` messages for SecurityDefinitions (for #1711)

* eliminate NonBodyParameter; pivot on `Parameter.in` with a switch (for #1511)

* oneOf -> switch for Parameters.items reference

* (for #1711)

* remove redundant semantic validator (for #1511)

* adjust wording of custom error message (for #1853)

* add regression tests for all related issues

* revert to expect@^1.20.2

* linter fixes

* fix messaging flaw for #1832

* improve messaging for #1394

* use literal key for `$ref` in Reference Object

* remove commented legacy data from OAS3 schema

* remove superfluous quotation marks

* normalize test case paths to `/`

* normalize openapi fields to 3.0.0

* drop unused `paths` information

* ensure clear errors for 3.0 Parameter style/content exclusivity

* add `required` assertions to switch statements that pivot on a key's value

this prevents false positives when the pivot key is missing entirely

* remove stray space
shockey added a commit to shockey/swagger-editor that referenced this issue May 23, 2019
@shockey
improvement: schema validation error quality, phase 2 (via swagger-ap…
a76cfbb 
…i#1985)

* adopt @webron's OpenAPI 3.0 schema from OAI/OpenAPI-Specification#1270

permalink: https://github.com/OAI/OpenAPI-Specification/blob/92e15eba1d4591ebfe8c11898c48241e72854381/schemas/v3.0/schema.yaml

* add ajv-errors

* address error messages for swagger-api#1808's Swagger 2.0 example

clarifies the schema and adds custom error messages for unclear error conditions

* address error messages for swagger-api#1808's OpenAPI 3.0 example

* restrict underlying JSON Schema `type` field to simple types only (for swagger-api#1832)

* fix limitation in JSON Pointer conversion helper

* add clear `not` error message (for swagger-api#1489)

* add additionalProperties message (for swagger-api#1394)

* add ajv-keywords

* use `switch` to intelligently identify inline vs referenced content (for swagger-api#1853)

* use `switch` to XOR `schema` and `content` (for swagger-api#1853)

* use `switch` to pivot security scheme based on type

(for swagger-api#1672)

* use switch to fall-through to inline security scheme validation (for swagger-api#1672)

* rewrite more Reference oneOfs (for swagger-api#1519)

* add custom message for `Schema.required` type error (for swagger-api#1519)

* rewrite Response/Reference oneOf (for swagger-api#1489)

* use switch in ParameterLocation validation (for swagger-api#1797)

* define pivot key switches for SecurityDefinitions (for swagger-api#1711)

* give helpful `format: uri` messages for SecurityDefinitions (for swagger-api#1711)

* eliminate NonBodyParameter; pivot on `Parameter.in` with a switch (for swagger-api#1511)

* oneOf -> switch for Parameters.items reference

* (for swagger-api#1711)

* remove redundant semantic validator (for swagger-api#1511)

* adjust wording of custom error message (for swagger-api#1853)

* add regression tests for all related issues

* revert to expect@^1.20.2

* linter fixes

* fix messaging flaw for swagger-api#1832

* improve messaging for swagger-api#1394

* use literal key for `$ref` in Reference Object

* remove commented legacy data from OAS3 schema

* remove superfluous quotation marks

* normalize test case paths to `/`

* normalize openapi fields to 3.0.0

* drop unused `paths` information

* ensure clear errors for 3.0 Parameter style/content exclusivity

* add `required` assertions to switch statements that pivot on a key's value

this prevents false positives when the pivot key is missing entirely

* remove stray space
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cat: validation epic: schema validation error quality type: bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

improvement: schema validation error quality, phase 2 shockey/swagger-editor
3 participants
@eropple @webron @shockey