The API schema validation is strict, in that it will error out with
invalid keys in either the request or response. Unfortunately the API
itself is not. We're hopefully going to fix this in a distant v2.0, but
for now we need a way to ensure that the API does what it's supposed to,
namely not set fields that don't exist or that the user isn't allowed to
set, even if proper error codes aren't raised.
This isn't actually used yet. That will come later.
Signed-off-by: Stephen Finucane <step...@that.guru>
---
patchwork/tests/api/utils.py | 32 ++++++++++++++++++++++++++----
patchwork/tests/api/validator.py | 34 +++++++++++++++++++-------------
2 files changed, 48 insertions(+), 18 deletions(-)
diff --git a/patchwork/tests/api/utils.py b/patchwork/tests/api/utils.py
index 0c232d04..c405f737 100644
--- a/patchwork/tests/api/utils.py
+++ b/patchwork/tests/api/utils.py
@@ -112,44 +112,68 @@ class APIClient(BaseAPIClient):
self.factory = APIRequestFactory()
def get(self, path, data=None, follow=False, **extra):
+ validate_request = extra.pop('validate_request', True)
+ validate_response = extra.pop('validate_response', True)
+
request = self.factory.get(
path, data=data, SERVER_NAME='example.com', **extra)
response = super(APIClient, self).get(
path, data=data, follow=follow, SERVER_NAME='example.com', **extra)
- validator.validate_data(path, request, response)
+
+ validator.validate_data(path, request, response, validate_request,
+ validate_response)
+
return response
def post(self, path, data=None, format=None, content_type=None,
follow=False, **extra):
+ validate_request = extra.pop('validate_request', True)
+ validate_response = extra.pop('validate_response', True)
+
request = self.factory.post(
path, data=data, format='json', content_type=content_type,
SERVER_NAME='example.com', **extra)
response = super(APIClient, self).post(
path, data=data, format='json', content_type=content_type,
follow=follow, SERVER_NAME='example.com', **extra)
- validator.validate_data(path, request, response)
+
+ validator.validate_data(path, request, response, validate_request,
+ validate_response)
+
return response
def put(self, path, data=None, format=None, content_type=None,
follow=False, **extra):
+ validate_request = extra.pop('validate_request', True)
+ validate_response = extra.pop('validate_response', True)
+
request = self.factory.put(
path, data=data, format='json', content_type=content_type,
SERVER_NAME='example.com', **extra)
response = super(APIClient, self).put(
path, data=data, format='json', content_type=content_type,
follow=follow, SERVER_NAME='example.com', **extra)
- validator.validate_data(path, request, response)
+
+ validator.validate_data(path, request, response, validate_request,
+ validate_response)
+
return response
def patch(self, path, data=None, format=None, content_type=None,
follow=False, **extra):
+ validate_request = extra.pop('validate_request', True)
+ validate_response = extra.pop('validate_response', True)
+
request = self.factory.patch(
path, data=data, format='json', content_type=content_type,
SERVER_NAME='example.com', **extra)
response = super(APIClient, self).patch(
path, data=data, format='json', content_type=content_type,
follow=follow, SERVER_NAME='example.com', **extra)
- validator.validate_data(path, request, response)
+
+ validator.validate_data(path, request, response, validate_request,
+ validate_response)
+
return response
diff --git a/patchwork/tests/api/validator.py b/patchwork/tests/api/validator.py
index ad4d7f15..9cead292 100644
--- a/patchwork/tests/api/validator.py
+++ b/patchwork/tests/api/validator.py
@@ -291,7 +291,8 @@ class DRFOpenAPIResponse(BaseOpenAPIResponse):
return 'application/json'
-def validate_data(path, request, response):
+def validate_data(path, request, response, validate_request,
+ validate_response):
if response.status_code == status.HTTP_405_METHOD_NOT_ALLOWED:
return
@@ -300,18 +301,23 @@ def validate_data(path, request, response):
response = DRFOpenAPIResponse(response)
# request
- validator = RequestValidator(spec, custom_formatters=CUSTOM_FORMATTERS)
- result = validator.validate(request)
- try:
- result.raise_for_errors()
- except OpenAPIMediaTypeError:
- assert response.status_code == status.HTTP_400_BAD_REQUEST
- except OpenAPIParameterError:
- # TODO(stephenfin): In API v2.0, this should be an error. As things
- # stand, we silently ignore these issues.
- assert response.status_code == status.HTTP_200_OK
+ if validate_request:
+ validator = RequestValidator(
+ spec, custom_formatters=CUSTOM_FORMATTERS)
+ result = validator.validate(request)
+ try:
+ result.raise_for_errors()
+ except OpenAPIMediaTypeError:
+ if response.status_code != status.HTTP_400_BAD_REQUEST:
+ raise
+ except OpenAPIParameterError:
+ # TODO(stephenfin): In API v2.0, this should be an error. As things
+ # stand, we silently ignore these issues.
+ assert response.status_code == status.HTTP_200_OK
# response
- validator = ResponseValidator(spec, custom_formatters=CUSTOM_FORMATTERS)
- result = validator.validate(request, response)
- result.raise_for_errors()
+ if validate_response:
+ validator = ResponseValidator(
+ spec, custom_formatters=CUSTOM_FORMATTERS)
+ result = validator.validate(request, response)
+ result.raise_for_errors()
--
2.23.0
_______________________________________________
Patchwork mailing list
Patchwork@lists.ozlabs.org
https://lists.ozlabs.org/listinfo/patchwork
