fix: validation required warning with readonly writeonly props (#37)

Co-authored-by: Albina Blazhko <46962291+AlbinaBlazhko17@users.noreply.github.com>

Author: vadyvas

lib/vocabularies/code.ts

@@ -5,6 +5,7 @@ import {CodeGen, _, and, or, not, nil, strConcat, getProperty, Code, Name} from
 import {alwaysValidSchema, Type} from "../compile/util"
 import N from "../compile/names"
 import {useFunc} from "../compile/util"
+import {getSkipCondition} from "./oasContext"
 export function checkReportMissingProp(cxt: KeywordCxt, prop: string): void {
   const {gen, data, it} = cxt
   gen.if(noPropertyInData(gen, data, prop, it.opts.ownProperties), () => {
@@ -14,13 +15,17 @@ export function checkReportMissingProp(cxt: KeywordCxt, prop: string): void {
 }
 
 export function checkMissingProp(
-  {gen, data, it: {opts}}: KeywordCxt,
+  {gen, data, it: {opts}, parentSchema}: KeywordCxt,
   properties: string[],
   missing: Name
 ): Code {
   return or(
     ...properties.map((prop) =>
-      and(noPropertyInData(gen, data, prop, opts.ownProperties), _`${missing} = ${prop}`)
+      and(
+        not(getSkipCondition(parentSchema, prop) ?? _`false`),
+        noPropertyInData(gen, data, prop, opts.ownProperties),
+        _`${missing} = ${prop}`
+      )
     )
   )
 }

lib/vocabularies/metadata.ts

@@ -5,8 +5,16 @@ export const metadataVocabulary: Vocabulary = [
   "description",
   "default",
   "deprecated",
-  "readOnly",
-  "writeOnly",
+  /**
+   * readOnly/writeOnly are handled as validation keywords when OAS context is provided.
+   * Keeping them here would register them as annotation-only metadata and would
+   * prevent the context-aware validation behavior.
+   *
+   * @see ./validation/readOnly.ts
+   * @see ./validation/writeOnly.ts
+   */
+  // "readOnly",
+  // "writeOnly",
   "examples",
 ]
 

lib/vocabularies/oasContext.ts

@@ -0,0 +1,27 @@
+import type {AnySchemaObject} from "../types"
+
+import {_, or, type Code} from "../compile/codegen"
+import N from "../compile/names"
+
+export function getSkipCondition(schema: AnySchemaObject, prop: string): Code | undefined {
+  const propSchema = schema.properties?.[prop]
+  if (!propSchema) return undefined
+
+  const hasReadOnly = propSchema.readOnly === true
+  const hasWriteOnly = propSchema.writeOnly === true
+
+  if (!hasReadOnly && !hasWriteOnly) return undefined
+
+  const conditions: Code[] = []
+  const oasContext = _`typeof ${N.this} == "object" && ${N.this} && ${N.this}.oas`
+
+  if (hasReadOnly) {
+    conditions.push(_`${oasContext} && ${N.this}.oas.mode === "request"`)
+  }
+
+  if (hasWriteOnly) {
+    conditions.push(_`${oasContext} && ${N.this}.oas.mode === "response"`)
+  }
+
+  return conditions.length === 1 ? conditions[0] : or(...conditions)
+}

lib/vocabularies/validation/index.ts

@@ -5,6 +5,8 @@ import limitLength from "./limitLength"
 import pattern, {PatternError} from "./pattern"
 import limitProperties from "./limitProperties"
 import required, {RequiredError} from "./required"
+import readOnlyKeyword from "./readOnly"
+import writeOnlyKeyword from "./writeOnly"
 import limitItems from "./limitItems"
 import uniqueItems, {UniqueItemsError} from "./uniqueItems"
 import constKeyword, {ConstError} from "./const"
@@ -20,6 +22,8 @@ const validation: Vocabulary = [
   // object
   limitProperties,
   required,
+  readOnlyKeyword,
+  writeOnlyKeyword,
   // array
   limitItems,
   uniqueItems,

lib/vocabularies/validation/readOnly.ts

@@ -0,0 +1,31 @@
+import type {CodeKeywordDefinition, KeywordErrorDefinition} from "../../types"
+import type {KeywordCxt} from "../../compile/validate"
+import {_, str} from "../../compile/codegen"
+import N from "../../compile/names"
+
+const error: KeywordErrorDefinition = {
+  message: ({params}) =>
+    str`must NOT be present in ${params.mode || "this context"}${
+      params.location ? str` (${params.location})` : ""
+    }`,
+  params: ({params}) => _`{mode: ${params.mode}, location: ${params.location}}`,
+}
+
+const def: CodeKeywordDefinition = {
+  keyword: "readOnly",
+  schemaType: "boolean",
+  error,
+  code(cxt: KeywordCxt) {
+    if (cxt.schema !== true) return
+
+    const mode = _`(${N.this} && ${N.this}.oas ? ${N.this}.oas.mode : undefined)`
+    const location = _`(${N.this} && ${N.this}.oas ? ${N.this}.oas.location : undefined)`
+    cxt.setParams({mode, location})
+
+    cxt.fail(
+      _`typeof ${N.this} == "object" && ${N.this} && ${N.this}.oas && ${N.this}.oas.mode === "request"`
+    )
+  },
+}
+
+export default def

lib/vocabularies/validation/required.ts

@@ -7,6 +7,7 @@ import {
   propertyInData,
   noPropertyInData,
 } from "../code"
+import {getSkipCondition} from "../oasContext"
 import {_, str, nil, not, Name, Code} from "../../compile/codegen"
 import {checkStrictMode} from "../../compile/util"
 
@@ -52,7 +53,12 @@ const def: CodeKeywordDefinition = {
         cxt.block$data(nil, loopAllRequired)
       } else {
         for (const prop of schema) {
-          checkReportMissingProp(cxt, prop)
+          const skip = getSkipCondition(cxt.parentSchema, prop) ?? _`false`
+          /**
+           * Generate a runtime check: validate `required` only when this property
+           * should NOT be skipped in the current context (readOnly/writeOnly).
+           */
+          gen.if(not(skip), () => checkReportMissingProp(cxt, prop))
         }
       }
     }

lib/vocabularies/validation/writeOnly.ts

@@ -0,0 +1,29 @@
+import type {CodeKeywordDefinition, KeywordErrorDefinition} from "../../types"
+import type {KeywordCxt} from "../../compile/validate"
+import {_, str} from "../../compile/codegen"
+import N from "../../compile/names"
+
+const error: KeywordErrorDefinition = {
+  message: ({params}) =>
+    str`must NOT be present in ${params.mode || "this context"}${
+      params.location ? str` (${params.location})` : ""
+    }`,
+  params: ({params}) => _`{mode: ${params.mode}, location: ${params.location}}`,
+}
+
+const def: CodeKeywordDefinition = {
+  keyword: "writeOnly",
+  schemaType: "boolean",
+  error,
+  code(cxt: KeywordCxt) {
+    if (cxt.schema !== true) return
+    const mode = _`(${N.this} && ${N.this}.oas ? ${N.this}.oas.mode : undefined)`
+    const location = _`(${N.this} && ${N.this}.oas ? ${N.this}.oas.location : undefined)`
+    cxt.setParams({mode, location})
+    cxt.fail(
+      _`typeof ${N.this} == "object" && ${N.this} && ${N.this}.oas && ${N.this}.oas.mode === "response"`
+    )
+  },
+}
+
+export default def

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@redocly/ajv",
-  "version": "8.17.2",
+  "version": "8.17.3",
   "description": "Another JSON Schema Validator",
   "main": "dist/ajv.js",
   "types": "dist/ajv.d.ts",

spec/validation/read-write.spec.ts

@@ -0,0 +1,113 @@
+import type {DataValidationCxt} from "../../lib/types"
+import Ajv from "../ajv"
+import chai from "../chai"
+
+chai.should()
+
+type OasMode = "request" | "response"
+
+function buildContext(data: unknown): DataValidationCxt {
+  const dynamicAnchors: DataValidationCxt["dynamicAnchors"] = {}
+  return {
+    instancePath: "",
+    parentData: {root: data},
+    parentDataProperty: "root",
+    rootData: data as Record<string, unknown>,
+    dynamicAnchors,
+  }
+}
+
+function getAjv() {
+  return new Ajv({passContext: true})
+}
+
+function getOasContext(mode: OasMode, location?: "requestBody" | "responseBody") {
+  return {oas: {mode, location}}
+}
+
+type Validate = ReturnType<InstanceType<typeof Ajv>["compile"]>
+
+function expectValid(
+  validate: Validate,
+  data: unknown,
+  ctx?: {oas: {mode: OasMode; location?: "requestBody" | "responseBody"}}
+) {
+  const valid = ctx ? validate.call(ctx, data, buildContext(data)) : validate(data)
+  valid.should.equal(true)
+}
+
+function expectInvalid(
+  validate: Validate,
+  data: unknown,
+  keyword: "readOnly" | "writeOnly" | "required",
+  ctx?: {oas: {mode: OasMode; location?: "requestBody" | "responseBody"}}
+) {
+  const valid = ctx ? validate.call(ctx, data, buildContext(data)) : validate(data)
+  valid.should.equal(false)
+  validate.errors?.[0].keyword.should.equal(keyword)
+}
+
+describe("readOnly/writeOnly", () => {
+  const baseSchema = {
+    type: "object",
+    properties: {
+      id: {type: "string", readOnly: true},
+      password: {type: "string", writeOnly: true},
+    },
+  }
+
+  describe("default behavior without OAS context", () => {
+    it("should not validate readOnly/writeOnly", () => {
+      const validate = getAjv().compile(baseSchema)
+      expectValid(validate, {id: "1", password: "secret"})
+      expectValid(validate, {})
+    })
+  })
+
+  describe("with required", () => {
+    const schemaWithRequired = {
+      ...baseSchema,
+      required: ["id", "password"],
+    }
+
+    it("should keep required without context", () => {
+      const validate = getAjv().compile(schemaWithRequired)
+      expectValid(validate, {id: "1", password: "secret"})
+      expectInvalid(validate, {}, "required")
+    })
+
+    it("should skip readOnly in request context and still require writeOnly", () => {
+      const validate = getAjv().compile(schemaWithRequired)
+      const requestCtx = getOasContext("request", "requestBody")
+
+      expectValid(validate, {password: "secret"}, requestCtx)
+      expectInvalid(validate, {id: "1", password: "secret"}, "readOnly", requestCtx)
+      expectInvalid(validate, {}, "required", requestCtx)
+    })
+
+    it("should skip writeOnly in response context and still require readOnly", () => {
+      const validate = getAjv().compile(schemaWithRequired)
+      const responseCtx = getOasContext("response", "responseBody")
+
+      expectValid(validate, {id: "1"}, responseCtx)
+      expectInvalid(validate, {id: "1", password: "secret"}, "writeOnly", responseCtx)
+      expectInvalid(validate, {}, "required", responseCtx)
+    })
+  })
+
+  describe("presence validation with context", () => {
+    it("should reject readOnly in request context", () => {
+      const validate = getAjv().compile(baseSchema)
+      const requestCtx = getOasContext("request", "requestBody")
+
+      expectInvalid(validate, {id: "1"}, "readOnly", requestCtx)
+    })
+
+    it("should reject writeOnly in response context", () => {
+      const validate = getAjv().compile(baseSchema)
+      const responseCtx = getOasContext("response", "responseBody")
+
+      expectInvalid(validate, {password: "secret"}, "writeOnly", responseCtx)
+    })
+  })
+})