swagger-ui
swagger-ui copied to clipboard
swagger-api
maxProperties specified in schema doesn't limit the amount of properties being sent in try it out
Q&A (please complete the following information)
- OS: macOS
- Browser: chrome
- Version: 122.0.6261.69
- Swagger/OpenAPI version: OpenAPI 3.0
Content & configuration
Example Swagger/OpenAPI definition:
openapi: 3.0.3
info:
title: Test API
version: 1.0.0
paths:
/users:
post:
summary: Create a user
description: Create a user, one of various ways
requestBody:
content:
application/x-www-form-urlencoded:
schema:
$ref: '#/components/schemas/UserSource'
responses:
'204':
description: Successfully opened document
'400':
description: Invalid request
content:
application/json:
schema:
properties:
output:
type: string
example: "Invalid request"
components:
schemas:
UserSource:
type: object
properties:
name:
description: Full name
type: string
example: "John Smith"
badgeid:
description: Badge number
type: integer
format: uint32
example: 959310
email:
description: E-mail
type: string
example: "[email protected]"
minProperties: 1
maxProperties: 1
Describe the bug you're encountering
maxProperties parameter in schema is not validated in Swagger UI. It allows to send more properties than the set limit.
To reproduce...
Steps to reproduce the behavior:
- Load the example definition
- Expand POST
/users - Click on try it out
- See each parameter filled with default value
- Click on execute
- See that request was sent, despite
maxPropertiesbeing set to 1
Expected behavior
Swagger UI should validate that we have specified more properties than the max limit, and show an error based on that.
Screenshots
I'd maybe argue that it isn't the job of swagger UI to validate the try it out section, it's the job of the server receiving the request to validate against the schema it supposedly implements to validate... thus sending more than one property in a maxProperties: 1 is valid for swagger UI.
