Addressed issue #85

If there is no type, but there is polymorphic data, the header is now validated against the schema.

Author: daveshanley

parameters/header_parameters.go

@@ -5,6 +5,7 @@ package parameters
 
 import (
 	"fmt"
+	lowbase "github.com/pb33f/libopenapi/datamodel/low/base"
 	"net/http"
 	"strconv"
 	"strings"
@@ -145,6 +146,14 @@ func (v *paramValidator) ValidateHeaderParamsWithPathItem(request *http.Request,
 						}
 					}
 				}
+				if len(pType) == 0 {
+					// validate schema as there is no type information.
+					validationErrors = append(validationErrors, ValidateSingleParameterSchema(sch,
+						param,
+						p.Name,
+						lowbase.SchemaLabel, p.Name, helpers.ParameterValidation, helpers.ParameterValidationHeader, v.options)...)
+
+				}
 			} else {
 				if p.Required != nil && *p.Required {
 					validationErrors = append(validationErrors, errors.HeaderParameterMissing(p))

parameters/validate_parameter.go

@@ -8,6 +8,8 @@ import (
 	"fmt"
 	"net/url"
 	"reflect"
+	"strings"
+	"sync"
 
 	"github.com/pb33f/libopenapi/datamodel/high/base"
 	"github.com/pb33f/libopenapi/utils"
@@ -212,17 +214,64 @@ func formatJsonSchemaValidationError(schema *base.Schema, scErrs *jsonschema.Val
 		schemaValidationErrors = append(schemaValidationErrors, fail)
 	}
 	schemaType := "undefined"
+	line := 0
+	col := 0
 	if len(schema.Type) > 0 {
 		schemaType = schema.Type[0]
+		line = schema.GoLow().Type.KeyNode.Line
+		col = schema.GoLow().Type.KeyNode.Column
+	} else {
+		var sTypes []string
+		seen := make(map[string]struct{})
+		extractTypes := func(s *base.SchemaProxy) {
+			pSch := s.Schema()
+			if pSch != nil {
+				for _, typ := range pSch.Type {
+					if _, ok := seen[typ]; !ok {
+						sTypes = append(sTypes, typ)
+						seen[typ] = struct{}{}
+					}
+				}
+			}
+		}
+		processPoly := func(schemas []*base.SchemaProxy, wg *sync.WaitGroup) {
+			if len(schemas) > 0 {
+				for _, s := range schemas {
+					extractTypes(s)
+				}
+			}
+			wg.Done()
+		}
+
+		// check if there is polymorphism going on here.
+		if len(schema.AnyOf) > 0 || len(schema.AllOf) > 0 || len(schema.OneOf) > 0 {
+
+			wg := sync.WaitGroup{}
+			wg.Add(3)
+			go processPoly(schema.AnyOf, &wg)
+			go processPoly(schema.AllOf, &wg)
+			go processPoly(schema.OneOf, &wg)
+			wg.Wait()
+
+			sep := "or"
+			if len(schema.AllOf) > 0 {
+				sep = "and a"
+			}
+			schemaType = strings.Join(sTypes, fmt.Sprintf(" %s ", sep))
+		}
+
+		line = schema.GoLow().RootNode.Line
+		col = schema.GoLow().RootNode.Column
 	}
+
 	validationErrors = append(validationErrors, &errors.ValidationError{
 		ValidationType:    validationType,
 		ValidationSubType: subValType,
 		Message:           fmt.Sprintf("%s '%s' failed to validate", entity, name),
 		Reason: fmt.Sprintf("%s '%s' is defined as an %s, "+
 			"however it failed to pass a schema validation", reasonEntity, name, schemaType),
-		SpecLine:               schema.GoLow().Type.KeyNode.Line,
-		SpecCol:                schema.GoLow().Type.KeyNode.Column,
+		SpecLine:               line,
+		SpecCol:                col,
 		SchemaValidationErrors: schemaValidationErrors,
 		HowToFix:               errors.HowToFixInvalidSchema,
 	})

parameters/validate_parameter_test.go

@@ -1,6 +1,9 @@
 package parameters
 
 import (
+	"github.com/pb33f/libopenapi"
+	"github.com/stretchr/testify/assert"
+	"net/http"
 	"testing"
 
 	"github.com/stretchr/testify/require"
@@ -13,3 +16,181 @@ func Test_ForceCompilerError(t *testing.T) {
 	// Ideally this would result in an error response, current behavior swallows the error
 	require.Empty(t, result)
 }
+
+func TestHeaderSchemaNoType(t *testing.T) {
+
+	bytes := []byte(`{
+  "openapi": "3.0.0",
+  "info": {
+    "title": "API Spec With Mandatory Header",
+    "version": "1.0.0"
+  },
+  "paths": {
+    "/api-endpoint": {
+      "get": {
+        "summary": "Restricted API Endpoint",
+        "parameters": [
+          {
+            "name": "apiKey",
+            "in": "header",
+            "required": true,
+            "schema": {
+              "oneOf": [
+                {
+                  "type": "boolean"
+                },
+                {
+                  "type": "integer"
+                }
+              ]
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Successful response"
+          }
+        }
+      }
+    }
+  },
+  "components": {
+    "securitySchemes": {
+      "ApiKeyHeader": {
+        "type": "apiKey",
+        "name": "apiKey",
+        "in": "header"
+      }
+    }
+  },
+  "security": [
+    {
+      "ApiKeyHeader": []
+    }
+  ]
+}`)
+
+	doc, err := libopenapi.NewDocument(bytes)
+	if err != nil {
+		t.Fatalf("error while creating open api spec document: %v", err)
+	}
+
+	req, err := http.NewRequest("GET", "/api-endpoint", nil)
+	if err != nil {
+		t.Fatalf("error while creating request: %v", err)
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("apiKey", "headerValue")
+
+	v3Model, errs := doc.BuildV3Model()
+	if len(errs) > 0 {
+		t.Fatalf("error while building v3 model: %v", errs)
+	}
+
+	v3Model.Model.Servers = nil
+	// render the document back to bytes and reload the model.
+	_, doc, v3Model, errs = doc.RenderAndReload()
+
+	validator := NewParameterValidator(&v3Model.Model)
+
+	isSuccess, valErrs := validator.ValidateHeaderParams(req)
+
+	assert.False(t, isSuccess)
+	assert.Len(t, valErrs, 1)
+	assert.Equal(t, "schema 'apiKey' is defined as an boolean or integer, however it failed to pass a schema validation", valErrs[0].Reason)
+	assert.Len(t, valErrs[0].SchemaValidationErrors, 2)
+	assert.Equal(t, "got string, want boolean", valErrs[0].SchemaValidationErrors[0].Reason)
+	assert.Equal(t, "got string, want integer", valErrs[0].SchemaValidationErrors[1].Reason)
+
+}
+
+func TestHeaderSchemaNoType_AllPoly(t *testing.T) {
+
+	bytes := []byte(`{
+  "openapi": "3.0.0",
+  "info": {
+    "title": "API Spec With Mandatory Header",
+    "version": "1.0.0"
+  },
+  "paths": {
+    "/api-endpoint": {
+      "get": {
+        "summary": "Restricted API Endpoint",
+        "parameters": [
+          {
+            "name": "apiKey",
+            "in": "header",
+            "required": true,
+            "schema": {
+              "oneOf": [
+                {
+                  "type": "boolean"
+                },
+                {
+                  "type": "integer"
+                }
+              ],
+			  "allOf": [
+                {
+                  "type": "boolean"
+                },
+              ]
+            }
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "Successful response"
+          }
+        }
+      }
+    }
+  },
+  "components": {
+    "securitySchemes": {
+      "ApiKeyHeader": {
+        "type": "apiKey",
+        "name": "apiKey",
+        "in": "header"
+      }
+    }
+  },
+  "security": [
+    {
+      "ApiKeyHeader": []
+    }
+  ]
+}`)
+
+	doc, err := libopenapi.NewDocument(bytes)
+	if err != nil {
+		t.Fatalf("error while creating open api spec document: %v", err)
+	}
+
+	req, err := http.NewRequest("GET", "/api-endpoint", nil)
+	if err != nil {
+		t.Fatalf("error while creating request: %v", err)
+	}
+
+	req.Header.Set("Content-Type", "application/json")
+	req.Header.Set("apiKey", "headerValue")
+
+	v3Model, errs := doc.BuildV3Model()
+	if len(errs) > 0 {
+		t.Fatalf("error while building v3 model: %v", errs)
+	}
+
+	v3Model.Model.Servers = nil
+	// render the document back to bytes and reload the model.
+	_, doc, v3Model, errs = doc.RenderAndReload()
+
+	validator := NewParameterValidator(&v3Model.Model)
+
+	isSuccess, valErrs := validator.ValidateHeaderParams(req)
+
+	assert.False(t, isSuccess)
+	assert.Len(t, valErrs, 1)
+	assert.Equal(t, "schema 'apiKey' is defined as an boolean and a integer, however it failed to pass a schema validation", valErrs[0].Reason)
+	assert.Len(t, valErrs[0].SchemaValidationErrors, 3)
+}