diff --git a/oapi_validate_test.go b/oapi_validate_test.go index 8bc6a11..2d7e29f 100644 --- a/oapi_validate_test.go +++ b/oapi_validate_test.go @@ -129,6 +129,18 @@ func TestOapiRequestValidator(t *testing.T) { called = true return nil }) + // add a Handler for an encoded path parameter + // this needs to be installed before calling the first doGet + // because of echo internals (maxParam) + e.GET("/resource/maxlength/:encoded", func(c echo.Context) error { + called = true + return c.NoContent(http.StatusNoContent) + }) + e.GET("/resource/pattern/:encoded", func(c echo.Context) error { + called = true + return c.NoContent(http.StatusNoContent) + }) + // Let's send the request to the wrong server, this should return 404 { rec := doGet(t, e, "http://not.deepmap.ai/resource") @@ -231,6 +243,43 @@ func TestOapiRequestValidator(t *testing.T) { assert.False(t, called, "Handler should not have been called") called = false } + + // Let's send a request with an encoded parameter + // It should pass validation even though the parameter is encoded + // to 3 chars and the parameter is limited to maxLength: 1 + { + rec := doGet(t, e, "http://deepmap.ai/resource/maxlength/%2B") + assert.Equal(t, http.StatusNoContent, rec.Code) + assert.True(t, called, "Handler should have been called") + called = false + } + + // Let's send a request with an unencoded parameter + // It should pass as well + { + rec := doGet(t, e, "http://deepmap.ai/resource/maxlength/+") + assert.Equal(t, http.StatusNoContent, rec.Code) + assert.True(t, called, "Handler should have been called") + called = false + } + + // Let's send a request with an encoded parameter + // It should pass validation + { + rec := doGet(t, e, "http://deepmap.ai/resource/pattern/%2B1234") + assert.Equal(t, http.StatusNoContent, rec.Code) + assert.True(t, called, "Handler should have been called") + called = false + } + + // Let's send a request with an unencoded parameter + // It should pass as well + { + rec := doGet(t, e, "http://deepmap.ai/resource/pattern/+1234") + assert.Equal(t, http.StatusNoContent, rec.Code) + assert.True(t, called, "Handler should have been called") + called = false + } } func TestOapiRequestValidatorWithOptionsMultiError(t *testing.T) { diff --git a/test_spec.yaml b/test_spec.yaml index 1f847d7..56af6a4 100644 --- a/test_spec.yaml +++ b/test_spec.yaml @@ -16,7 +16,7 @@ paths: minimum: 10 maximum: 100 responses: - '200': + "200": description: success content: application/json: @@ -29,7 +29,7 @@ paths: post: operationId: createResource responses: - '204': + "204": description: No content requestBody: required: true @@ -39,6 +39,32 @@ paths: properties: name: type: string + /resource/maxlength/{param}: + get: + operationId: getMaxLengthResourceParameter + parameters: + - name: param + in: path + required: true + schema: + type: string + maxLength: 1 + responses: + "204": + description: success + /resource/pattern/{param}: + get: + operationId: getPatternResourceParameter + parameters: + - name: param + in: path + required: true + schema: + type: string + pattern: '^\+[1-9]+$' + responses: + "204": + description: success /protected_resource: get: operationId: getProtectedResource @@ -46,7 +72,7 @@ paths: - BearerAuth: - someScope responses: - '204': + "204": description: no content /protected_resource2: get: @@ -55,7 +81,7 @@ paths: - BearerAuth: - otherScope responses: - '204': + "204": description: no content /protected_resource_401: get: @@ -64,7 +90,7 @@ paths: - BearerAuth: - unauthorized responses: - '401': + "401": description: no content /multiparamresource: get: @@ -85,7 +111,7 @@ paths: minimum: 10 maximum: 100 responses: - '200': + "200": description: success content: application/json: