-
Notifications
You must be signed in to change notification settings - Fork 330
Expand file tree
/
Copy pathRequestBodyStrictTests.cs
More file actions
118 lines (100 loc) · 5.98 KB
/
RequestBodyStrictTests.cs
File metadata and controls
118 lines (100 loc) · 5.98 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
// Copyright (c) Microsoft Corporation.
// Licensed under the MIT License.
using System.Collections.Generic;
using System.Threading.Tasks;
using Azure.DataApiBuilder.Config.ObjectModel;
using Microsoft.OpenApi.Models;
using Microsoft.VisualStudio.TestTools.UnitTesting;
namespace Azure.DataApiBuilder.Service.Tests.OpenApiIntegration
{
/// <summary>
/// Tests validating OpenAPI schema correctly applies request-body-strict setting.
/// </summary>
[TestCategory(TestCategory.MSSQL)]
[TestClass]
public class RequestBodyStrictTests
{
private const string CONFIG_FILE = "request-body-strict-config.MsSql.json";
private const string DB_ENV = TestCategory.MSSQL;
/// <summary>
/// Validates that when request-body-strict is true (default), request body schemas
/// have additionalProperties set to false.
/// </summary>
[TestMethod]
public async Task RequestBodyStrict_True_DisallowsExtraFields()
{
OpenApiDocument doc = await GenerateDocumentWithPermissions(
OpenApiTestBootstrap.CreateBasicPermissions(),
requestBodyStrict: true);
// Request body schemas should have additionalProperties = false
Assert.IsTrue(doc.Components.Schemas.ContainsKey("book_NoAutoPK"), "POST request body schema should exist");
Assert.IsFalse(doc.Components.Schemas["book_NoAutoPK"].AdditionalPropertiesAllowed, "POST request body should not allow extra fields in strict mode");
Assert.IsTrue(doc.Components.Schemas.ContainsKey("book_NoPK"), "PUT/PATCH request body schema should exist");
Assert.IsFalse(doc.Components.Schemas["book_NoPK"].AdditionalPropertiesAllowed, "PUT/PATCH request body should not allow extra fields in strict mode");
// Response body schema should allow extra fields (not a request body)
Assert.IsTrue(doc.Components.Schemas.ContainsKey("book"), "Response body schema should exist");
Assert.IsTrue(doc.Components.Schemas["book"].AdditionalPropertiesAllowed, "Response body should allow extra fields");
}
/// <summary>
/// Validates that when request-body-strict is false, the redundant _NoAutoPK and _NoPK
/// schemas are not generated. Operations reference the base entity schema instead.
/// </summary>
[TestMethod]
public async Task RequestBodyStrict_False_OmitsRedundantSchemas()
{
OpenApiDocument doc = await GenerateDocumentWithPermissions(
OpenApiTestBootstrap.CreateBasicPermissions(),
requestBodyStrict: false);
// _NoAutoPK and _NoPK schemas should not be generated when strict mode is off
Assert.IsFalse(doc.Components.Schemas.ContainsKey("book_NoAutoPK"), "POST request body schema should not exist in non-strict mode");
Assert.IsFalse(doc.Components.Schemas.ContainsKey("book_NoPK"), "PUT/PATCH request body schema should not exist in non-strict mode");
// Base entity schema should still exist
Assert.IsTrue(doc.Components.Schemas.ContainsKey("book"), "Base entity schema should exist");
// Operations (POST/PUT/PATCH) should reference the base 'book' schema for their request bodies
bool foundRequestBodyForWritableOperation = false;
foreach (OpenApiPathItem pathItem in doc.Paths.Values)
{
foreach (KeyValuePair<OperationType, OpenApiOperation> operationKvp in pathItem.Operations)
{
OperationType operationType = operationKvp.Key;
OpenApiOperation operation = operationKvp.Value;
if (operationType != OperationType.Post
&& operationType != OperationType.Put
&& operationType != OperationType.Patch)
{
continue;
}
if (operation.RequestBody is null)
{
continue;
}
if (!operation.RequestBody.Content.TryGetValue("application/json", out OpenApiMediaType mediaType)
|| mediaType.Schema is null)
{
continue;
}
foundRequestBodyForWritableOperation = true;
OpenApiSchema schema = mediaType.Schema;
Assert.IsNotNull(schema.Reference, "Request body schema should reference a component schema when request-body-strict is false.");
Assert.AreEqual("book", schema.Reference.Id, "Request body should reference the base 'book' schema when request-body-strict is false.");
Assert.AreNotEqual("book_NoAutoPK", schema.Reference.Id, "Request body should not reference the 'book_NoAutoPK' schema when request-body-strict is false.");
Assert.AreNotEqual("book_NoPK", schema.Reference.Id, "Request body should not reference the 'book_NoPK' schema when request-body-strict is false.");
}
}
Assert.IsTrue(foundRequestBodyForWritableOperation, "Expected at least one POST/PUT/PATCH operation with a JSON request body.");
}
private static async Task<OpenApiDocument> GenerateDocumentWithPermissions(EntityPermission[] permissions, bool? requestBodyStrict = null)
{
Entity entity = new(
Source: new("books", EntitySourceType.Table, null, null),
Fields: null,
GraphQL: new(null, null, false),
Rest: new(EntityRestOptions.DEFAULT_SUPPORTED_VERBS),
Permissions: permissions,
Mappings: null,
Relationships: null);
RuntimeEntities entities = new(new Dictionary<string, Entity> { { "book", entity } });
return await OpenApiTestBootstrap.GenerateOpenApiDocumentAsync(entities, CONFIG_FILE, DB_ENV, requestBodyStrict);
}
}
}