Response validation marks undefined responses as valid
sven-strothoff opened this issue · comments
I am planning to use response validation in a project. While trying out different things to see what happens, I stumbled across two behaviours that might be a bug or at least not what I expected.
I checked the documentation and open issues and could not find any information about the expected behaviour in these cases.
Status codes
Behaviour: Specifying a status code that is not defined is always valid.
Expected behaviour: If a status code is not defined I would have expected any body to be invalid as it is not specified.
Example: Using /pet/{petId}
(operation getPetById
)from the pet store example:
responses:
"200":
description: "successful operation"
schema:
$ref: "#/definitions/Pet"
"400":
description: "Invalid ID supplied"
"404":
description: "Pet not found"
The call api.validateResponse({ name: 'Garfield' }, 'getPetById', 204)
is valid, although no response for status code 204 is defined.
Empty responses body
According to the OpenAPI specification a response with an empty response body is defined by not specifying content
. (see https://swagger.io/docs/specification/describing-responses/#empty)
Behaviour: Any body for an empty response is marked as valid.
Expected behaviour: A response is only valid if it is indeed empty (i.e. undefined
or ''
)
While I can imagine that marking undefined responses as invalid (e.g. error responses) all the time can be annoying, it would be great to have the option of a strict validation.
Good proposals!
I personally don't use (or really see any need for) runtime response validation in my projects.
Happy to accept PRs to implement these checks though 🙏