nijens / openapi-bundle Goto Github PK

It would be helpful to also (optionally) support validation of request parameter values when they're specified within the loaded OpenAPI specification.

Useful links:

• https://swagger.io/specification/#parameter-object

At the moment, request validation fails when a request without request body is sent to a route, but a requestBody is defined in the loaded OpenAPI document. Even though no JSON properties are required or the requestBody is defined as required.

Let's assume the following OpenAPI document:

openapi: 3.1.0

info:
  title: OpenAPI document with operation that should allow no response body.
  version: 0.1.0

paths:
  /pets:
    post:
      x-openapi-bundle:
        controller: 'Nijens\OpenapiBundle\Tests\Functional\App\Controller\CreatePetController'
        deserializationObject: 'Nijens\OpenapiBundle\Tests\Functional\App\Model\CreatePet'
      requestBody:
        content:
          application/json:
            schema:
              type: object
              properties:
                name:
                  type: string
        required: false
      responses:
        '201':
          description: Successfully added a new pet to the store.

With this OpenAPI document, it should be possible to send a request without an empty JSON object. Though, at the moment the bundle will return 400 Bad Request when sending a request without JSON request body. This should be improved.

At this moment, exceptions happening on the generated OpenAPI routes will return a response with HTML content. For a JSON API we would like to have the exception output transformed to a JSON response.

In openapi-bundle/src/EventListener/JsonRequestBodyValidationSubscriber.php:

• Some exceptions are thrown, however the PHPDoc does not contain @throws tags
• openapi_resource and openapi_json_request_validation_pointer are re-used, maybe create constants for them?

In openapi-bundle/src/Json/JsonPointer.php:

• Class documentation is a little weak

Since November 2022 Symfony version 4.4 is no longer been actively maintained. This bundle should also remove support this version to ease maintenance and faster development of new features.

Resources

• https://symfony.com/releases/4.4
• https://symfony.com/releases#symfony-releases-calendar

At the moment there's an issue inside the CatchAllController when using the bundle with Symfony 3.4 as referencing a controller services works a bit differently in Symfony 4.x. To ensure nothing like this happens with adding Symfony 5.x support the bundle requires functional or integration tests.

This is a blocking issue for #23.

Upon sending a request with an invalid JSON request body, the response returns a allOf constraint violation in the list of violations when allOf is used in the request body JSON schema of the operation. This constraint violation is unclear in the context of the response as the actual constraint violation is above it.

Assume the following request body JSON schema:

requestBody:
  content:
    application/json:
      schema:
        allOf:
          - $ref: '#/components/schemas/SomeObject'
          - type: object
            properties:
              someProperty:
                type: string
            required:
              - someProperty

When sending a request to the operation without someProperty property inside the request body, the following error response is returned:

{
  "type": "about:blank",
  "title": "The request body contains errors.",
  "status": 400,
  "detail": "Validation of JSON request body failed.",
  "violations": [
    {
      "constraint": "required",
      "message": "The property someProperty is required",
      "property": "someProperty"
    },
    {
      "constraint": "allOf",
      "message": "Failed to match all schemas",
      "property": ""
    }
  ]
}

Here the allOf constraint violation is unclear and redundant for the API consumer. I'd expect the response to be the following:

{
  "type": "about:blank",
  "title": "The request body contains errors.",
  "status": 400,
  "detail": "Validation of JSON request body failed.",
  "violations": [
    {
      "constraint": "required",
      "message": "The property someProperty is required",
      "property": "someProperty"
    }
  ]
}

After installing the openapi bundle, the source files could not be found. The src directory is empty. This happens on different composer versions (1.9.x, 1.10.x and 2.x) and on different projects. From existing to new symfony 5 projects.

The "Nijens\OpenapiBundle\Controller\CatchAllController" class extends "Symfony\Bundle\FrameworkBundle\Controller\Controller" that is deprecated since Symfony 4.2, use {@see AbstractController} instead.

In version 1.3.0 a new component for exception handling was introduced.

With version 2.0.0, support for the deprecated exception handling will be removed from the bundle.

Sorry, wrong repo.

I found that the page loads of my project increased with more than a second after installing the openapi-bundle.

Using the profiler I found that this was the JsonRequestBodyValidationSubscriber loading the routes collection. The routes collection of this project contains 1100 routes.

Both the RouteLoader and JsonRequestBodyValidationSubscriber use the Dereferencer and JsonPointer instances. These might be consolidated into one OpenAPI specification loader class.

Most class methods have strict typehints for arguments and return types added, but not all methods have them set at the moment. This needs to be double-checked.

Even though the bundle currently only supports the validation of a JSON request body, it should still allow all request content types defined in the OpenAPI document.

Let's assume the following OpenAPI document:

openapi: 3.1.0

info:
  title: OpenAPI document with operation that should allow both JSON and XML content types.
  version: 1.0.0

paths:
  /pets:
    post:
      x-symfony-controller: 'Nijens\OpenapiBundle\Tests\Functional\App\Controller\CreatePetController'
      summary: Add a new pet to the store.
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/Pet'
          application/xml:
            schema:
              $ref: '#/components/schemas/Pet'
        required: true
      responses:
        '201':
          description: Successfully added a new pet to the store.

# ...

The above document should allow both application/json and application/xml content types when loaded by the bundle.

My requests are being validated by the openapi-bundle. Validation errors return different status codes. Which codes this bundle might return is not documented at all.

Sorry, wrong repo.

In version 1.4.0 the x-openapi-bundle specification extension was introduced to add additional configuration values to operations in OpenAPI documents.

With version 2.0.0, support for the x-symfony-controller specification extension will be removed from the bundle.

In version 1.4.0 the x-openapi-bundle specification extension was introduced to add additional configuration values to operations in OpenAPI documents.

With version 1.5.0, the x-symfony-controller specification extension will be marked as deprecated.

Would be nice! :)

Currently, the routes created by the bundle aren't easily referenced when generating an URL through a Symfony UrlGeneratorInterface implementation as they're automatically generated from the path.

By using the operationId from the OpenAPI specification we'd be able to reference routes the way we're used to with Symfony.

Sorry, wrong repo.

Sorry, wrong repo.