[BUG] python-flask ignores missing required fields, and values that don't match enum

https://github.com/OpenAPITools/openapi-generator/commit/01a9c55b6efd2149fc1bacc61f808c393ff0eb6f#commitcomment-81374306

Bug Report Checklist

• Have you provided a full/minimal spec to reproduce the issue?

• Have you validated the input using an OpenAPI validator (example)?

• What’s the version of OpenAPI Generator used?

• Have you search for related issues/PRs?

• What’s the actual output vs expected output?

• [Optional] Bounty to sponsor the fix (example)

Description

python-flask does not raise errors when required fields are missing, or they don’t match a value in an enum.

openapi-generator version

openapi-generator-cli 5.0.0-SNAPSHOT

  commit : 068ad02

  built  : 2020-07-02T17:04:18Z

OpenAPI declaration file content or url

---

swagger: "2.0"

info:

  description: "API for demonstrating unit test bug"

  version: "1.0.0"

  title: "MWE"

host: "example.com"

basePath: "/v1"

schemes:

- "http"

paths:

  /example:

    post:

      description: "sample call"

      operationId: "sample_post"

      consumes:

      - "application/json"

      produces:

      - "application/json"

      responses:

        "201":

          description: "pending"

          schema:

            $ref: "#/definitions/example-post-response"

definitions:

  example-post-response:

    type: "object"

    required:

    - "user"

    properties:

      user:

        type: "string"

        example: "User A"

        description: "The user who initiated the request"

        enum:

        - "User B"

        - "User A"

Command line used for generation

docker run --rm \

    -v $PWD:/local \

    openapitools/openapi-generator-cli \

    generate \

    -i /local/mwe.yaml \

    -g python-flask \

    -o /local/out-mwe \

    --package-name example

Steps to reproduce

1. Generate the code

2. Modify example/controllers/default_controller.py. Replace do some magic to instead return ExamplePostResponse()

3. pip install -e output_dir

4. Run python -m example

5. in another terminal run curl http://localhost:8080/v1/example -d "param1=value1&param2=value2" -X POST -v

6. Note what’s logged in both terminals

7. Retry, but with ExamplePostResponse(user='value not in enum')

expected behavior

At step 5 the server code should fail to instantiate ExamplePostResponse(), because required field user is missing.

It should catch this error and return 5XX to curl.

At step 7 the server should fail to instantiate ExamplePostResponse() because the field user has a value that’s not in the enum. It should catch this error and return 5XX to the curl.

actual behavior

No error thrown at step 5 or 7. The server returns a non-compliant payload. (Also the HTTP 200 status is not one allowed in the spec.)

Related issues/PRs

• unit tests fail out of the box because required arguments are not included

• someone added something to do with enums in flask. The version I’m using doesn’t include that part, but it looks like it provides something you could use, but isn’t used automatically out of the box.

Suggest a fix

Something like:

for each field:

   if field is required and field is not specified:

      raise ValueError

   if field is an enum, and value not in enum:

      raise ValueError

Add that here:

https://github.com/OpenAPITools/openapi-generator/blob/850c958d83b32de9f2274349ef3a111631fd938a/modules/openapi-generator/src/main/resources/python-flask/model.mustache#L62