Fix(utils) disallow schema type array value string for oas3 (swagger-api#10713)

* fix(utils): disallow schema type array value string for oas3 only

Author: lukaszzazulak

src/core/utils/index.js

@@ -410,7 +410,7 @@ export const validatePattern = (val, rxPattern) => {
   }
 }
 
-function validateValueBySchema(value, schema, requiredByParam, bypassRequiredCheck, parameterContentMediaType) {
+function validateValueBySchema(value, schema, requiredByParam, bypassRequiredCheck, parameterContentMediaType, disallowArrayString) {
   if(!schema) return []
   let errors = []
   let nullable = schema.get("nullable")
@@ -474,11 +474,9 @@ function validateValueBySchema(value, schema, requiredByParam, bypassRequiredChe
   let objectCheck = type === "object" && typeof value === "object" && value !== null
   let objectStringCheck = type === "object" && typeof value === "string" && value
 
-  const allChecks = [
-    stringCheck, arrayCheck, arrayListCheck, arrayStringCheck, fileCheck,
-    booleanCheck, numberCheck, integerCheck, objectCheck, objectStringCheck,
-  ]
-
+  const checks = [stringCheck, arrayCheck, arrayListCheck, fileCheck,
+    booleanCheck, numberCheck, integerCheck, objectCheck, objectStringCheck]
+  const allChecks = disallowArrayString ? checks : checks.concat(arrayStringCheck)
   const passedAnyCheck = allChecks.some(v => !!v)
 
   if (schemaRequiresValue && !passedAnyCheck && !bypassRequiredCheck) {
@@ -508,7 +506,7 @@ function validateValueBySchema(value, schema, requiredByParam, bypassRequiredChe
     }
     if(schema && schema.has("properties")) {
       schema.get("properties").forEach((val, key) => {
-        const errs = validateValueBySchema(objectVal[key], val, false, bypassRequiredCheck, parameterContentMediaType)
+        const errs = validateValueBySchema(objectVal[key], val, false, bypassRequiredCheck, parameterContentMediaType, disallowArrayString)
         errors.push(...errs
           .map((error) => ({ propKey: key, error })))
       })
@@ -590,7 +588,7 @@ function validateValueBySchema(value, schema, requiredByParam, bypassRequiredChe
     }
     if(value) {
       value.forEach((item, i) => {
-        const errs = validateValueBySchema(item, schema.get("items"), false, bypassRequiredCheck, parameterContentMediaType)
+        const errs = validateValueBySchema(item, schema.get("items"), false, bypassRequiredCheck, parameterContentMediaType, disallowArrayString)
         errors.push(...errs
           .map((err) => ({ index: i, error: err })))
       })
@@ -614,7 +612,7 @@ export const validateParam = (param, value, { isOAS3 = false, bypassRequiredChec
     parameterContentMediaType
   } = getParameterSchema(param, { isOAS3 })
 
-  return validateValueBySchema(value, paramDetails, paramRequired, bypassRequiredCheck, parameterContentMediaType)
+  return validateValueBySchema(value, paramDetails, paramRequired, bypassRequiredCheck, parameterContentMediaType, isOAS3)
 }
 
 export const parseSearch = () => {

test/e2e-cypress/e2e/features/try-it-out-schema-type-array-example-type-string.cy.js

@@ -0,0 +1,12 @@
+describe("Try it out with schema type array but example type string", () => {
+    it("shows a validation error message when Execute is clicked", () => {
+      cy
+        .visit("?tryItOutEnabled=true&url=/documents/features/try-it-out-schema-type-array-example-type-string.yaml")
+        .get("#operations-default-get_")
+        .click()
+        .get(".btn.execute")
+        .click()
+        .get(".validation-errors")
+        .should("exist")
+    })
+  })

test/e2e-cypress/static/documents/features/try-it-out-schema-type-array-example-type-string.yaml

@@ -0,0 +1,23 @@
+openapi: 3.0.3
+info:
+  title: test
+  version: 1.0.0
+paths:
+  /:
+    get:
+      parameters:
+        - in: query
+          name: test
+          required: true
+          schema:
+            type: array
+            example: 'test1'
+            items:
+              type: string
+              enum:
+                - 'test1'
+                - 'test2'
+                - 'test3'
+      responses:
+        default:
+          description: ok

test/unit/core/utils.js

@@ -350,11 +350,21 @@ describe("utils", () => {
     let value = null
     let result = null
 
-    const assertValidateParam = (param, value, expectedError) => {
+    const assertValidateOas3Param = (param, value, expectedError) => {
+      // for cases where you _only_ want to try OAS3
+      result = validateParam(fromJS(param), value, {
+        isOAS3: true
+      })
+      expect( result ).toEqual( expectedError )
+    }
+
+    const assertValidateOas2Param = (param, value, expectedError) => {
       // Swagger 2.0 version
       result = validateParam( fromJS(param), fromJS(value))
       expect( result ).toEqual( expectedError )
+    }
 
+    const assertValidateOas3ParamWithSchema = (param, value, expectedError) => {
       // OAS3 version, using `schema` sub-object
       let oas3Param = {
         required: param.required,
@@ -363,18 +373,14 @@ describe("utils", () => {
           required: undefined
         }
       }
-      result = validateParam( fromJS(oas3Param), fromJS(value), {
-        isOAS3: true
-      })
-      expect( result ).toEqual( expectedError )
+      assertValidateOas3Param(oas3Param, value, expectedError)
     }
 
-    const assertValidateOas3Param = (param, value, expectedError) => {
-      // for cases where you _only_ want to try OAS3
-      result = validateParam(fromJS(param), value, {
-        isOAS3: true
-      })
-      expect( result ).toEqual( expectedError )
+    const assertValidateParam = (param, value, expectedError) => {
+      // Swagger 2.0 version
+      assertValidateOas2Param(param, value, expectedError)
+      // OAS3 version, using `schema` sub-object
+      assertValidateOas3ParamWithSchema(param, value, expectedError)
     }
 
     it("should check the isOAS3 flag when validating parameters", () => {
@@ -749,7 +755,8 @@ describe("utils", () => {
         type: "array"
       }
       value = "[1]"
-      assertValidateParam(param, value, [])
+      assertValidateOas3ParamWithSchema(param, value, ["Required field is not provided"])
+      assertValidateOas2Param(param, value, [])
 
       // valid array, items match type
       param = {