Skip to content

Move JSON response body validation to middleware #1591

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
RobbeSneyders merged 10 commits into from
Oct 3, 2022
Merged

Move JSON response body validation to middleware #1591

RobbeSneyders merged 10 commits into from
Oct 3, 2022

Conversation

@RobbeSneyders
Copy link
Member

@RobbeSneyders RobbeSneyders commented Sep 18, 2022

This PR moves the JSON response body validation to middleware as another step towards #1525.

I moved away from having the body validators implement the complete ASGI interface and calling the next app as mentioned in #1588, as this is not possible for the response validators. We only know the response content type once the response has started, so we can't wrap the validator around the next app.

Instead, the validator now provides a wrapped receive / send callable depending on if it validates either request or response bodies. I updated the request body validator to match this.

RobbeSneyders
RobbeSneyders commented Sep 18, 2022
View reviewed changes
@RobbeSneyders RobbeSneyders added this to the Connexion 3.0 milestone Sep 18, 2022
This was referenced Sep 20, 2022
Closed
Closed
Ruwann
Ruwann reviewed Sep 26, 2022
View reviewed changes
connexion/validators.py Outdated
await self._send(self._messages.pop(0))


class TextResonseBodyValidator(JSONResponseBodyValidator):
Copy link
Member

@Ruwann Ruwann Sep 18, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does the validator for content type text/plain subclass from the JSON validator?

Copy link
Member

@Ruwann Ruwann Sep 18, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume to maintain compatibility?

https://github.com/spec-first/connexion/pull/1591/files#diff-dfd9a45381cefd560da87f04925f10801539c6d5c45e4f1f3ecb08e06e9fe273L88

Copy link
Member Author

@RobbeSneyders RobbeSneyders Sep 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The response body in the spec is defined as a json schema, so we can use jsonschema to validate text/plain responses as well. We can even use json.loads to cast non-string values (eg. json.loads("2.0") = 2.0), but json.loads fails for text strings (eg. json.loads("text")), so we should catch any decode errors.

connexion/validators.py
VALIDATOR_MAP = {
"parameter": ParameterValidator,
"body": {"application/json": JSONRequestBodyValidator},
"response": {
Copy link
Member

@Ruwann Ruwann Sep 19, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This has the side-effect that we cannot simply do a .update() on the validator map of a specific instance as it only goes 1 level deep. Currently, still done here:

https://github.com/spec-first/connexion/pull/1591/files#diff-551f6182787bb35e65dd9f8138c3df1d0a6a9f00d378b64dbac3fb5a6c95e194R33

and

https://github.com/spec-first/connexion/pull/1591/files#diff-76b7f0bca9e73c37836970001543c2690d93c837e0e023bbf8f744b92b3b831fR29

Copy link
Member Author

@RobbeSneyders RobbeSneyders Sep 26, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. Question is what kind of behavior we want here. I do think we want to update at the top level, as it would otherwise be impossible to remove validators. That just means the user needs to include all validators they want to use in their custom validator_map.

Base automatically changed from feature/routed-base-classes to main September 26, 2022 18:34
@coveralls
Copy link

coveralls commented Sep 26, 2022
edited
Loading

Pull Request Test Coverage Report for Build 3177325520

  • 159 of 171 (92.98%) changed or added relevant lines in 6 files are covered.
  • 17 unchanged lines in 5 files lost coverage.
  • Overall coverage decreased (-0.8%) to 94.424%
Changes Missing Coverage Covered Lines Changed/Added Lines %
connexion/utils.py 15 16 93.75%
connexion/middleware/request_validation.py 19 21 90.48%
connexion/validators.py 61 64 95.31%
connexion/middleware/response_validation.py 61 67 91.04%
Files with Coverage Reduction New Missed Lines %
connexion/apis/flask_api.py 1 91.55%
connexion/utils.py 1 96.75%
connexion/operations/abstract.py 2 82.97%
connexion/apis/abstract.py 6 86.9%
connexion/jsonifier.py 7 76.19%
Totals Coverage Status
Change from base Build 3130164113: -0.8%
Covered Lines: 2862
Relevant Lines: 3031
💛 - Coveralls

@RobbeSneyders RobbeSneyders force-pushed the feature/response-validation branch from 2148dad to dde3dd3 Compare October 3, 2022 20:38
@RobbeSneyders RobbeSneyders merged commit 1ab5400 into main Oct 3, 2022
@RobbeSneyders RobbeSneyders deleted the feature/response-validation branch October 3, 2022 21:01
@RobbeSneyders RobbeSneyders mentioned this pull request Nov 14, 2022
Merged
RobbeSneyders added a commit that referenced this pull request Dec 23, 2022
@RobbeSneyders
Move parameter validation to middleware (#1610)
1af4733 
Fixes #1525

This PR follows up on #1588 and #1591 and moves the last part of
validation, the parameter validation, to the middleware,
This was referenced Feb 18, 2023
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ruwann Ruwann Ruwann left review comments

@nielsbox nielsbox nielsbox approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

Connexion 3.0

Development

Successfully merging this pull request may close these issues.

5 participants

@RobbeSneyders @coveralls @Ruwann @nielsbox