test(open_api3.1): ensure that methods with non-explicit semantics al…

…low request body
cdimascio · Mar 31, 2024 · 0587415 · 0587415
1 parent 15d9049
commit 0587415
Show file tree

Hide file tree

Showing 2 changed files with 103 additions and 0 deletions.
diff --git a/test/openapi_3.1/non_defined_semantics_request_body.spec.ts b/test/openapi_3.1/non_defined_semantics_request_body.spec.ts
@@ -0,0 +1,48 @@
+import * as request from 'supertest';
+import * as express from 'express';
+import { createApp } from "../common/app";
+import { join } from "path";
+
+describe('Request body in operations without well defined semantics - OpenAPI 3.1', () => {
+  let app;
+
+  before(async () => {
+    const apiSpec = join('test', 'openapi_3.1', 'resources', 'non_defined_semantics_request_body.yaml');
+    app = await createApp(
+      { apiSpec, validateRequests: true, validateResponses: true },
+      3005,
+      (app) => app.use(
+        express
+          .Router()
+          .get(`/v1/entity`, (req, res) =>
+            res.status(200).json({
+              property: null
+            }),
+          ),
+      )
+    );
+  });
+
+  after(() => {
+    app.server.close();
+  });
+
+  // In OpenAPI 3.0, methods that RFC7231 does not have explicitly defined semantics for request body (GET, HEAD, DELETE) do not allow request body
+  // In OpenAPI 3.1, request body is allowed for these methods. This test ensures that GET it is correctly handled
+  it('should validate a request body on GET', async () => {
+    return request(app)
+      .get(`${app.basePath}/entity`)
+      .set('Content-Type', 'application/json')
+      .send({request: 123})
+      .expect(400);
+  });
+
+  // Ensures that DELETE it is correctly handled
+  it('should validate a request body on DELETE', async () => {
+    return request(app)
+      .delete(`${app.basePath}/entity`)
+      .set('Content-Type', 'application/json')
+      .send({request: 123})
+      .expect(400);
+  });
+})
diff --git a/test/openapi_3.1/resources/non_defined_semantics_request_body.yaml b/test/openapi_3.1/resources/non_defined_semantics_request_body.yaml
@@ -0,0 +1,55 @@
+openapi: 3.1.0
+info:
+  title: API
+  version: 1.0.0
+servers:
+  - url: /v1
+components:
+  schemas:
+    EntityRequest:
+      type: object
+      properties:
+        request:
+          type: string
+paths:
+  /entity:
+    get:
+      description: GETS my entity
+      requestBody:
+        description: Request body for entity
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/EntityRequest'
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json: 
+              schema:
+                title: Entity
+                type: object
+                properties:
+                  property:
+                    type: ['string', 'null']
+    delete:
+      description: DELETE my entity
+      requestBody:
+        description: Request body for entity
+        required: true
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/EntityRequest'
+      responses:
+        '200':
+          description: OK
+          content:
+            application/json: 
+              schema:
+                title: Entity
+                type: object
+                properties:
+                  property:
+                    type: ['string', 'null']