handle media range

Author: emilien-puget

requests/validate_body.go

@@ -64,8 +64,7 @@ func (v *requestBodyValidator) ValidateRequestBodyWithPathItem(request *http.Req
 	}
 
 	// extract the media type from the content type header.
-	ct, _, _ := helpers.ExtractContentType(contentType)
-	mediaType, ok := operation.RequestBody.Content.Get(ct)
+	mediaType, ok := v.extractContentType(contentType, operation)
 	if !ok {
 		return false, []*errors.ValidationError{errors.RequestContentTypeNotFound(operation, request, pathValue)}
 	}
@@ -116,3 +115,20 @@ func (v *requestBodyValidator) ValidateRequestBodyWithPathItem(request *http.Req
 
 	return validationSucceeded, validationErrors
 }
+
+func (v *requestBodyValidator) extractContentType(contentType string, operation *v3.Operation) (*v3.MediaType, bool) {
+	ct, _, _ := helpers.ExtractContentType(contentType)
+	mediaType, ok := operation.RequestBody.Content.Get(ct)
+	if ok {
+		return mediaType, true
+	}
+	ctMediaRange := strings.SplitN(ct, "/", 2)
+	for s, mediaTypeValue := range operation.RequestBody.Content.FromOldest() {
+		opMediaRange := strings.SplitN(s, "/", 2)
+		if (opMediaRange[0] == "*" || opMediaRange[0] == ctMediaRange[0]) &&
+			(opMediaRange[1] == "*" || opMediaRange[1] == ctMediaRange[1]) {
+			return mediaTypeValue, true
+		}
+	}
+	return nil, false
+}

requests/validate_body_test.go

@@ -12,6 +12,7 @@ import (
 
 	"github.com/pb33f/libopenapi"
 	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
 
 	"github.com/pb33f/libopenapi-validator/paths"
 )
@@ -48,6 +49,140 @@ paths:
 	assert.Len(t, errors, 0)
 }
 
+func TestValidateBody_MediaRangeContentType_Wildcard_end(t *testing.T) {
+	spec := `openapi: 3.1.0
+paths:
+  /burgers/createBurger:
+    post:
+      requestBody:
+        required: true
+        content:
+          thomas/*:
+            schema:
+              type: object
+              properties:
+                name:
+                  type: string
+                patties:
+                  type: integer
+                vegetarian:
+                  type: boolean`
+
+	doc, _ := libopenapi.NewDocument([]byte(spec))
+
+	m, _ := doc.BuildV3Model()
+	v := NewRequestBodyValidator(&m.Model)
+
+	// mix up the primitives to fire two schema violations.
+	body := map[string]interface{}{
+		"name":       "Big Mac",
+		"patties":    false,
+		"vegetarian": 2,
+	}
+
+	bodyBytes, _ := json.Marshal(body)
+
+	request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger",
+		bytes.NewBuffer(bodyBytes))
+	request.Header.Set("Content-Type", "thomas/tank-engine") // wtf kinda content type is this?
+
+	valid, errors := v.ValidateRequestBody(request)
+
+	assert.True(t, valid)
+	assert.Len(t, errors, 0)
+}
+
+func TestValidateBody_MediaRangeContentType_Wildcards(t *testing.T) {
+	spec := `openapi: 3.1.0
+paths:
+  /burgers/createBurger:
+    post:
+      requestBody:
+        required: true
+        content:
+          "*/*":
+            schema:
+              type: object
+              properties:
+                name:
+                  type: string
+                patties:
+                  type: integer
+                vegetarian:
+                  type: boolean`
+
+	doc, err := libopenapi.NewDocument([]byte(spec))
+	require.NoError(t, err)
+	m, _ := doc.BuildV3Model()
+	v := NewRequestBodyValidator(&m.Model)
+
+	// mix up the primitives to fire two schema violations.
+	body := map[string]interface{}{
+		"name":       "Big Mac",
+		"patties":    false,
+		"vegetarian": 2,
+	}
+
+	bodyBytes, _ := json.Marshal(body)
+
+	request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger",
+		bytes.NewBuffer(bodyBytes))
+	request.Header.Set("Content-Type", "thomas/tank-engine") // wtf kinda content type is this?
+
+	valid, errors := v.ValidateRequestBody(request)
+
+	assert.True(t, valid)
+	assert.Len(t, errors, 0)
+}
+
+func TestValidateBody_InvalidBasicSchema_MediaRangeContentType_Wildcard_Required(t *testing.T) {
+	spec := `openapi: 3.1.0
+paths:
+  /burgers/createBurger:
+    post:
+      requestBody:
+        required: false
+        content:
+          "*/json":
+            schema:
+              type: object
+              properties:
+                name:
+                  type: string
+                patties:
+                  type: integer
+                vegetarian:
+                  type: boolean`
+
+	doc, _ := libopenapi.NewDocument([]byte(spec))
+
+	m, _ := doc.BuildV3Model()
+	v := NewRequestBodyValidator(&m.Model)
+
+	// mix up the primitives to fire two schema violations.
+	body := map[string]interface{}{
+		"name":       "Big Mac",
+		"patties":    false,
+		"vegetarian": 2,
+	}
+
+	bodyBytes, _ := json.Marshal(body)
+
+	request, _ := http.NewRequest(http.MethodPost, "https://things.com/burgers/createBurger",
+		bytes.NewBuffer(bodyBytes))
+	request.Header.Set("Content-Type", "foo/json")
+
+	valid, errors := v.ValidateRequestBody(request)
+
+	// double-tap to hit the cache
+	_, _ = v.ValidateRequestBody(request)
+
+	assert.False(t, valid)
+	assert.Len(t, errors, 1)
+	assert.Len(t, errors[0].SchemaValidationErrors, 2)
+	assert.Equal(t, "POST request body for '/burgers/createBurger' failed to validate schema", errors[0].Message)
+}
+
 func TestValidateBody_UnknownContentType(t *testing.T) {
 	spec := `openapi: 3.1.0
 paths: