Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenApi 3.1 schema validator does not handle variables in server urls #158

Closed
ekzobrain opened this issue Nov 19, 2023 · 4 comments · Fixed by #161
Closed

OpenApi 3.1 schema validator does not handle variables in server urls #158

ekzobrain opened this issue Nov 19, 2023 · 4 comments · Fixed by #161

Comments

@ekzobrain
Copy link

ekzobrain commented Nov 19, 2023

Attached file gives an error: value at /servers/0/url does not match format: uri-reference
While according to OpenApi docs it's a valid url with variable: https://spec.openapis.org/oas/v3.1.0#fixed-fields-3
OpenApi 3.0 validator does not seem to have this problem.

oas-amocrm.json

@ekzobrain ekzobrain changed the title OpenApi schema validator does not hand;e variables in server urls OpenApi 3.1 schema validator does not handle variables in server urls Nov 19, 2023
@davishmcclurg
Copy link
Owner

Interesting—OpenAPI validation uses their schema, which specficies uri-reference: https://github.com/OAI/OpenAPI-Specification/blob/6627c32921a341b2a7001fd1cf9f757b8b728fd1/schemas/v3.1/schema.json#L171

But I don't think using variables (in brackets) makes for a valid uri-reference (I also checked https://www.jsonschemavalidator.net/):

>> JSONSchemer.schema({ 'format': 'uri-reference' }).valid?('https://{subdomain}.amocrm.ru')
=> false

I'll dig into this more later, but here's what I've found so far:

davishmcclurg added a commit to davishmcclurg/OpenAPI-Specification that referenced this issue Nov 20, 2023
`Server.url` and `Link.operationRef` both allow variable substitution
with {brackets}, which means they're not always valid URI references.

For example, the [current specification][0] shows
`https://{username}.gigantic-server.com:{port}/{basePath}` as a Server
Object `url`, but it's not a valid URI reference because the host
includes curly brackets.

[`operationRef`][1] similarly includes
`https://na2.gigantic-server.com/#/paths/~12.0~1repositories~1{username}/get`
as an example that isn't valid using the `uri-reference` format.

I looked into the other uses of `uri-reference` and they seemed ok.

Related:
- OAI#2586
- OAI#3235
- OAI#3256
- davishmcclurg/json_schemer#158

[0]: https://spec.openapis.org/oas/v3.1.0#server-object-example
[1]: https://spec.openapis.org/oas/v3.1.0#operationref-examples
@davishmcclurg
Copy link
Owner

I opened a pull request to change the format in the upstream schemas.

davishmcclurg added a commit that referenced this issue Nov 23, 2023
Temporary fix until upstream schemas are fixed and published: OAI/OpenAPI-Specification#3455

Closes: #158
@davishmcclurg
Copy link
Owner

Temporary fix: #161

@ekzobrain
Copy link
Author

This also fixed a problem with IDNs. "uri-reference" doesn't not allow those, so at least "iri-reference" should have been used instead.

notEthan pushed a commit to notEthan/scorpio that referenced this issue Dec 4, 2024
`Server.url` and `Link.operationRef` both allow variable substitution
with {brackets}, which means they're not always valid URI references.

For example, the [current specification][0] shows
`https://{username}.gigantic-server.com:{port}/{basePath}` as a Server
Object `url`, but it's not a valid URI reference because the host
includes curly brackets.

[`operationRef`][1] similarly includes
`https://na2.gigantic-server.com/#/paths/~12.0~1repositories~1{username}/get`
as an example that isn't valid using the `uri-reference` format.

I looked into the other uses of `uri-reference` and they seemed ok.

Related:
- OAI/OpenAPI-Specification#2586
- OAI/OpenAPI-Specification#3235
- OAI/OpenAPI-Specification#3256
- davishmcclurg/json_schemer#158

[0]: https://spec.openapis.org/oas/v3.1.0#server-object-example
[1]: https://spec.openapis.org/oas/v3.1.0#operationref-examples

(cherry picked from commit 5f765f29e3c12dcab370f5155fe21c6895a8ac5e)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants