From ece6f1bc983cab2cad0d7d9a491042b6e9a5cd2d Mon Sep 17 00:00:00 2001 From: nickzhums <56864335+nickzhums@users.noreply.github.com> Date: Fri, 22 Nov 2019 16:22:31 +0800 Subject: [PATCH] Update x-ms-secret validation logic for live validation (#86) * Update live validation logic for "x-ms-secret", specifically, check if x-ms-secret is "true" in the response. If so, throw an error --- lib/validation/custom-zschema-validators.js | 3 +- package.json | 2 +- test/browser/documents/2.0/swagger.yaml | 5 +++- test/test-response.js | 32 ++++++++++++++++++++- 4 files changed, 38 insertions(+), 4 deletions(-) diff --git a/lib/validation/custom-zschema-validators.js b/lib/validation/custom-zschema-validators.js index ba93a9b..ec67dd2 100644 --- a/lib/validation/custom-zschema-validators.js +++ b/lib/validation/custom-zschema-validators.js @@ -216,8 +216,9 @@ function checkSecretPropertyInResponse (validateOptions, schema, json, report) { var isResponse = validateOptions && validateOptions.isResponse var xMsSecret = schema && schema['x-ms-secret'] + var isXmsSecretTrue = xMsSecret && typeof xMsSecret === 'string' && xMsSecret.toLowerCase() === 'true' - if (isResponse && schema && xMsSecret && json !== undefined) { + if (isResponse && schema && isXmsSecretTrue && json !== undefined) { let errorMessage = 'Secret property `"{0}": '; if (schema && schema.type === 'string' && typeof json === 'string') { diff --git a/package.json b/package.json index 000a965..49bac9f 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "yasway", - "version": "1.8.7", + "version": "1.8.8", "description": "A library that simplifies Swagger integrations.", "main": "index.js", "types": "index.d.ts", diff --git a/test/browser/documents/2.0/swagger.yaml b/test/browser/documents/2.0/swagger.yaml index 95582df..2c6ac93 100644 --- a/test/browser/documents/2.0/swagger.yaml +++ b/test/browser/documents/2.0/swagger.yaml @@ -682,7 +682,10 @@ definitions: - "sold" secret: type: "string" - x-ms-secret: ["secret"] + x-ms-secret: "true" + nonSecret: + type: "string" + x-ms-secret: "false" writeOnly: type: "string" x-ms-mutability: ["create", "update"] diff --git a/test/test-response.js b/test/test-response.js index 9ffdbe8..3dc98ad 100644 --- a/test/test-response.js +++ b/test/test-response.js @@ -153,6 +153,12 @@ describe('Response', function () { secret: 'password' } + var nonSecretPet = { + name: 'Test Pet', + photoUrls: [], + nonSecret: 'notAnySecret' + } + describe('validate Content-Type', function () { describe('operation level produces', function () { var cSway; @@ -649,7 +655,7 @@ describe('Response', function () { .then(done, done); }); - it('Test if response has secret property marked with x-ms-secret', function (done) { + it('Test if response has secret property marked with x-ms-secret that equals to TRUE', function (done) { var cSwaggerDoc = _.cloneDeep(helpers.swaggerDoc); Sway.create({ @@ -685,6 +691,30 @@ describe('Response', function () { .then(done, done); }); + it('Test if response has secret property marked with x-ms-secret that equals to FALSE', function (done) { + var cSwaggerDoc = _.cloneDeep(helpers.swaggerDoc); + + Sway.create({ + definition: cSwaggerDoc + }) + .then(function (api) { + var results = api.getOperation('/pet/{petId}', 'get').validateResponse({ + body: nonSecretPet, + encoding: 'utf-8', + headers: { + 'content-type': 'application/json' + }, + statusCode: 200 + }); + + // should not return any errors + assert.deepEqual(results.errors, []); + assert.equal(results.warnings.length, 0); + }) + .then(done, done); + }); + + it('Test if response has WRITE only property marked with x-ms-mutability', function (done) { var cSwaggerDoc = _.cloneDeep(helpers.swaggerDoc);