Validate your HttpFoundation requests and responses against OpenAPI (3+) definitions
Home Page: https://tech.osteel.me/posts/openapi-backed-api-testing-in-php-projects-a-laravel-example
License: MIT License
Get this error when securityScheme set with header
Osteel\OpenApi\Testing\Exceptions\ValidationException: None of security schemas did match for Request [get /operation/{operationUuid}]
Defined security scheme as Bearer header
securitySchemes:
X-Session:
scheme: bearer
bearerFormat: ''
type: http
description: Bearer Session Token
x-last-modified: 1668326446280
and when validating request with below code
$validator->validate($request, '/permissions/{permissionUuid}', 'GET');
It gives this error
Osteel\OpenApi\Testing\Exceptions\ValidationException: None of security schemas did match for Request [get /operation/{operationUuid}]
/web/vendor/osteel/openapi-httpfoundation-testing/src/Exceptions/ValidationException.php:32
/web/vendor/osteel/openapi-httpfoundation-testing/src/Validator.php:70
/web/tests/TestCase/Action/Operation/OperationTest.php:83
Caused by
League\OpenAPIValidation\PSR7\Exception\Validation\InvalidSecurity: None of security schemas did match for Request [get /operation/{operationUuid}]
/web/vendor/league/openapi-psr7-validator/src/PSR7/Exception/Validation/AddressValidationFailed.php:39
/web/vendor/league/openapi-psr7-validator/src/PSR7/Exception/Validation/InvalidSecurity.php:24
/web/vendor/league/openapi-psr7-validator/src/PSR7/Validators/SecurityValidator.php:80
/web/vendor/league/openapi-psr7-validator/src/PSR7/Validators/SecurityValidator.php:53
/web/vendor/league/openapi-psr7-validator/src/PSR7/Validators/ValidatorChain.php:25
/web/vendor/league/openapi-psr7-validator/src/PSR7/RoutedServerRequestValidator.php:49
/web/vendor/osteel/openapi-httpfoundation-testing/src/Validator.php:68
/web/tests/TestCase/Permission/OperationTest.php:83
Is there support to add headers to validator request? If yes than how to add headers and if there is no support than how to validate request with security scheme.
php 8.0
openapi 3.0
Hello there! I've made an issue on thephpleague/openapi-psr7-validator#163 to track progress towards OpenAPI v3.1, so give that a follow if you're interested. Perhaps you could help them out!
Hi there,
first of all this is not an issue.
This is a package that I alway wanted to have to validate my API endpoints against the OpenAPI documentation.
It seems that I am missing something and would love to get some help to get this to work.
I am using Laravel with Docker (Laravel Sail) and I use Stoplight Studio to get some help and to write my OpenAPI definition.
I used exactly the same Example I saw on twitter, but it seems I am getting some problems getting it to work the way I want it to have.
For a better example I recorded a video that shows where my problem is.
Thank you in advance.
PS: If you have some questions let me know.
Hello, this pkg not working with laravel 6?
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Root composer.json requires osteel/openapi-httpfoundation-testing ^0.6.0 -> satisfiable by osteel/openapi-httpfoundation-testing[v0.6].
- osteel/openapi-httpfoundation-testing v0.6 requires symfony/http-foundation ^5.3 -> found symfony/http-foundation[v5.3.0-BETA1, ..., 5.4.x-dev] but the package is fixed to v4.4.23 (lock file version) by a partial update and that version does not match. Make sure you list it as an argument for the update command.
Hello
How can I find out what field of response is incorrect ?
Osteel\OpenApi\Testing\Exceptions\ValidationException : Body does not match schema for content-type "application/json" for Response [get /entities/{id} 200]: Value '2022-07-31T21:00:00.000000Z' does not match format date of type string
It looks like the validator fails to check objects inside a request
I've modified responce in example project so it looks like this:
Route::post('/test', function (Request $request) {
return response()->json([
'status' => 200,
'success' => true,
'data' => [
'here' => 'here',
],
]);
});
Also I've modified openapi defenition:
/test:
post:
tags:
- "Authorization"
summary: "login into user account"
description: "Stores new access tokens in DB. returns stored access tokens and user data"
requestBody:
$ref: '#/components/requestBodies/LoginRequest'
responses:
"200":
$ref: "#/components/responses/LoginResponse"
responses:
LoginResponse:
description: "successful operation"
content:
application/json:
schema:
type: object
required:
- status
- success
- data
properties:
status:
type: integer
example: 200
success:
type: boolean
example: true
data:
type: object
properties:
accessToken:
type: integer
refreshToken:
type: integer
requestBodies:
LoginRequest:
content:
application/json:
schema:
type: object
properties:
email:
type: string
example: "[email protected]"
password:
description: "min 6 symbols"
type: string
example: "password123"
required:
- email
- password
as you can see actual response and openapi response body object doesn't match. a real one returns only 'here' => 'here' in data while open api expects 'refreshToken' => 'string' and 'accessToken' => 'string'
But tests are passing anyway which was not expected in this case
I was expecting it is possible to validate response body entirely
Unfortunately I'm not experienced enough to offer any concrete solutions
openapi-httpfoundation-testing example laravel project launched via sail
php8.1, Ubuntu 22.04
Right now I have the id and name fields mandatory and description optional.
If I don't send id and name the exception return only id as missing. Can I show all missing fields that are mandatory?
Thanks
Path parameter validation is broken with the version 0.6.0
openapi-psr7-validator cannot parse path parameters when using the 0.6.0 version of the package. The following LogicException is thrown when trying to validate an endpoint with a path parameter in it:
Required Parameter Missing should not be thrown in Path Validator, because presence of all parameters have to be checked before
This package works great to validate that all properties that are in the schema are also in the response, but I would like to also validate that every single property on my response is part of the schema.
We're using https://orval.dev/ to generate typescript types based on the schema and sometimes our frontend people yell at me to add typing/schema, I would like our pipelines to yell at me instead.
How can it benefit other users?
^ See above.
Not obligatory, but suggest an idea for implementing addition or change.
I think it should be probably an optional setting, because I'm not sure everyone will want to be this strict about their responses matching schemas.
Package version
0.10
Describe the bug
I cannot update to 0.10 because of a new requirement on symfony/cache ^6.0
To Reproduce
composer.json
{
"require": {
"php": ">=8.2",
"symfony/symfony": "5.4.*",
},
"require-dev": {
"osteel/openapi-httpfoundation-testing": "^0.9.0",
},
"extra": {
"symfony": {
"require": "5.4.*"
},
}
$ composer require --dev osteel/openapi-httpfoundation-testing:^0.10.0 -W
./composer.json has been updated
Running composer update osteel/openapi-httpfoundation-testing --with-all-dependencies
Loading composer repositories with package information Info from https://repo.packagist.org: #StandWithUkraine
Restricting packages listed in "symfony/symfony" to "5.4.*"
Updating dependencies
Your requirements could not be resolved to an installable set of packages.
Problem 1
- Root composer.json requires osteel/openapi-httpfoundation-testing ^0.10 -> satisfiable by osteel/openapi-httpfoundation-testing[v0.10].
- osteel/openapi-httpfoundation-testing v0.10 requires symfony/cache ^6.0 -> found symfony/cache[v6.0.0, ..., v6.3.0] but these were not loaded, likely because it conflicts with another require.
Expected behaviour
I expected the library to be compatible with maintained Symfony branches, which are 5.4, 6.2, and 6.3: https://symfony.com/releases
Would be nice to have Symfony 6 support. AS for me it should be enough to change supported versions in composer
Assume that we have the following openapi scheme:
IdField:
type: string
format: uuid
TestObject:
type: object
properties:
id:
$ref: '#/components/schemas/IdField'
name:
type: string
TestResponse:
type: array
items:
$ref: '#/components/schemas/TestObject'
/test:
get:
tags:
- Test
summary: Some summary here
responses:
'200':
description: Successful response
content:
application/json:
schema:
$ref: '#/components/schemas/TestResponse'
And we check it like this
$validator = ValidatorBuilder::fromYamlFile($openapiFilePath)->getValidator();
$validator->validate($this->client->getResponse(),'/test', 'get');
If the response returns array of objects with fields id and name and correct types -> everything is ok
If types of fields are wrong -> we will get an error
If the object will contain fields id and name1 without name -> nothing will happen. No errors.
How to make the package validate required fields in response?
I keep getting this error when trying to test my swagger docs using an endpoint
InvalidArgumentException: Header values must be RFC 7230 compatible strings.
Here's the trace:
/var/www/vendor/nyholm/psr7/src/MessageTrait.php:201
/var/www/vendor/nyholm/psr7/src/MessageTrait.php:80
/var/www/vendor/symfony/psr-http-message-bridge/Factory/PsrHttpFactory.php:163
/var/www/vendor/osteel/openapi-httpfoundation-testing/src/HttpFoundation/HttpFoundationResponseAdapter.php:33
/var/www/vendor/osteel/openapi-httpfoundation-testing/src/ResponseValidator.php:57
/var/www/tests/Feature/SensorAPI/GatewayControllerTest.php:113
This is an example of the test I am trying to run:
$response = $this->get(
'api/v1/sensor/gateways/gateway_name',
[
'Accept' => 'application/json',
'Content-Type' => 'application/json',
'Authorization' => 'Bearer token'
]
);
$validator = ResponseValidatorBuilder::fromJson(storage_path('api-docs/api-docs.json'))->getValidator();
$result = $validator->validate('/v1/sensor/gateways/gateway_name', 'get', $response->baseResponse);
$this->assertTrue($result);
I'm not sure if it's a bug but all my other tests work when testing requests.
PHP 7.3.20
Laravel 8
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
Django
The Web framework for perfectionists with deadlines.
Laravel
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft
Open source projects and samples from Microsoft.
Google
Google โค๏ธ Open Source for everyone.
Alibaba
Alibaba Open Source for everyone
D3
Data-Driven Documents codes.
Tencent
China tencent open source team.