From c7db2ff8583e0b1962315c55711b1efb68ccdf0d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebasti=C3=A1n=20Ram=C3=ADrez?= Date: Mon, 3 Jun 2019 21:59:40 +0400 Subject: [PATCH] :bug: Fix path and query parameters receiving dict as valid (#287) * :bug: Fix path and query parameters accepting dict * :white_check_mark: Add several tests to ensure invalid types are not accepted * :memo: Document (to include tested source) using query params with list * :bug: Fix OpenAPI schema in query with list tutorial --- .../tutorial013.py | 9 ++ docs/tutorial/query-params-str-validations.md | 13 +++ fastapi/dependencies/utils.py | 7 +- tests/test_invalid_path_param.py | 77 ++++++++++++++++ tests/test_invalid_sequence_param.py | 26 +++++- .../test_tutorial011.py | 7 ++ .../test_tutorial013.py | 91 +++++++++++++++++++ 7 files changed, 227 insertions(+), 3 deletions(-) create mode 100644 docs/src/query_params_str_validations/tutorial013.py create mode 100644 tests/test_invalid_path_param.py create mode 100644 tests/test_tutorial/test_query_params_str_validations/test_tutorial013.py diff --git a/docs/src/query_params_str_validations/tutorial013.py b/docs/src/query_params_str_validations/tutorial013.py new file mode 100644 index 000000000..a433b3a16 --- /dev/null +++ b/docs/src/query_params_str_validations/tutorial013.py @@ -0,0 +1,9 @@ +from fastapi import FastAPI, Query + +app = FastAPI() + + +@app.get("/items/") +async def read_items(q: list = Query(None)): + query_items = {"q": q} + return query_items diff --git a/docs/tutorial/query-params-str-validations.md b/docs/tutorial/query-params-str-validations.md index 4258a71fd..4d3315375 100644 --- a/docs/tutorial/query-params-str-validations.md +++ b/docs/tutorial/query-params-str-validations.md @@ -183,6 +183,19 @@ the default of `q` will be: `["foo", "bar"]` and your response will be: } ``` +#### Using `list` + +You can also use `list` directly instead of `List[str]`: + +```Python hl_lines="7" +{!./src/query_params_str_validations/tutorial013.py!} +``` + +!!! note + Have in mind that in this case, FastAPI won't check the contents of the list. + + For example, `List[int]` would check (and document) that the contents of the list are integers. But `list` alone wouldn't. + ## Declare more metadata You can add more information about the parameter. diff --git a/fastapi/dependencies/utils.py b/fastapi/dependencies/utils.py index 2596d5754..74ba61d81 100644 --- a/fastapi/dependencies/utils.py +++ b/fastapi/dependencies/utils.py @@ -127,12 +127,13 @@ def is_scalar_field(field: Field) -> bool: return ( field.shape == Shape.SINGLETON and not lenient_issubclass(field.type_, BaseModel) + and not lenient_issubclass(field.type_, sequence_types + (dict,)) and not isinstance(field.schema, params.Body) ) def is_scalar_sequence_field(field: Field) -> bool: - if field.shape in sequence_shapes and not lenient_issubclass( + if (field.shape in sequence_shapes) and not lenient_issubclass( field.type_, BaseModel ): if field.sub_fields is not None: @@ -140,6 +141,8 @@ def is_scalar_sequence_field(field: Field) -> bool: if not is_scalar_field(sub_field): return False return True + if lenient_issubclass(field.type_, sequence_types): + return True return False @@ -346,7 +349,7 @@ def request_params_to_args( values = {} errors = [] for field in required_params: - if field.shape in sequence_shapes and isinstance( + if is_scalar_sequence_field(field) and isinstance( received_params, (QueryParams, Headers) ): value = received_params.getlist(field.alias) or field.default diff --git a/tests/test_invalid_path_param.py b/tests/test_invalid_path_param.py new file mode 100644 index 000000000..d5fa53c1f --- /dev/null +++ b/tests/test_invalid_path_param.py @@ -0,0 +1,77 @@ +from typing import Dict, List, Tuple + +import pytest +from fastapi import FastAPI +from pydantic import BaseModel + + +def test_invalid_sequence(): + with pytest.raises(AssertionError): + app = FastAPI() + + class Item(BaseModel): + title: str + + @app.get("/items/{id}") + def read_items(id: List[Item]): + pass # pragma: no cover + + +def test_invalid_tuple(): + with pytest.raises(AssertionError): + app = FastAPI() + + class Item(BaseModel): + title: str + + @app.get("/items/{id}") + def read_items(id: Tuple[Item, Item]): + pass # pragma: no cover + + +def test_invalid_dict(): + with pytest.raises(AssertionError): + app = FastAPI() + + class Item(BaseModel): + title: str + + @app.get("/items/{id}") + def read_items(id: Dict[str, Item]): + pass # pragma: no cover + + +def test_invalid_simple_list(): + with pytest.raises(AssertionError): + app = FastAPI() + + @app.get("/items/{id}") + def read_items(id: list): + pass # pragma: no cover + + +def test_invalid_simple_tuple(): + with pytest.raises(AssertionError): + app = FastAPI() + + @app.get("/items/{id}") + def read_items(id: tuple): + pass # pragma: no cover + + +def test_invalid_simple_set(): + with pytest.raises(AssertionError): + app = FastAPI() + + @app.get("/items/{id}") + def read_items(id: set): + pass # pragma: no cover + + +def test_invalid_simple_dict(): + with pytest.raises(AssertionError): + app = FastAPI() + + @app.get("/items/{id}") + def read_items(id: dict): + pass # pragma: no cover diff --git a/tests/test_invalid_sequence_param.py b/tests/test_invalid_sequence_param.py index bdc4b1bcb..069337f79 100644 --- a/tests/test_invalid_sequence_param.py +++ b/tests/test_invalid_sequence_param.py @@ -1,4 +1,4 @@ -from typing import List, Tuple +from typing import Dict, List, Tuple import pytest from fastapi import FastAPI, Query @@ -27,3 +27,27 @@ def test_invalid_tuple(): @app.get("/items/") def read_items(q: Tuple[Item, Item] = Query(None)): pass # pragma: no cover + + +def test_invalid_dict(): + with pytest.raises(AssertionError): + app = FastAPI() + + class Item(BaseModel): + title: str + + @app.get("/items/") + def read_items(q: Dict[str, Item] = Query(None)): + pass # pragma: no cover + + +def test_invalid_simple_dict(): + with pytest.raises(AssertionError): + app = FastAPI() + + class Item(BaseModel): + title: str + + @app.get("/items/") + def read_items(q: dict = Query(None)): + pass # pragma: no cover diff --git a/tests/test_tutorial/test_query_params_str_validations/test_tutorial011.py b/tests/test_tutorial/test_query_params_str_validations/test_tutorial011.py index b75727f0c..b443a7004 100644 --- a/tests/test_tutorial/test_query_params_str_validations/test_tutorial011.py +++ b/tests/test_tutorial/test_query_params_str_validations/test_tutorial011.py @@ -86,3 +86,10 @@ def test_multi_query_values(): response = client.get(url) assert response.status_code == 200 assert response.json() == {"q": ["foo", "bar"]} + + +def test_query_no_values(): + url = "/items/" + response = client.get(url) + assert response.status_code == 200 + assert response.json() == {"q": None} diff --git a/tests/test_tutorial/test_query_params_str_validations/test_tutorial013.py b/tests/test_tutorial/test_query_params_str_validations/test_tutorial013.py new file mode 100644 index 000000000..f7a2a8a12 --- /dev/null +++ b/tests/test_tutorial/test_query_params_str_validations/test_tutorial013.py @@ -0,0 +1,91 @@ +from starlette.testclient import TestClient + +from query_params_str_validations.tutorial013 import app + +client = TestClient(app) + +openapi_schema = { + "openapi": "3.0.2", + "info": {"title": "Fast API", "version": "0.1.0"}, + "paths": { + "/items/": { + "get": { + "responses": { + "200": { + "description": "Successful Response", + "content": {"application/json": {"schema": {}}}, + }, + "422": { + "description": "Validation Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/HTTPValidationError" + } + } + }, + }, + }, + "summary": "Read Items", + "operationId": "read_items_items__get", + "parameters": [ + { + "required": False, + "schema": {"title": "Q", "type": "array"}, + "name": "q", + "in": "query", + } + ], + } + } + }, + "components": { + "schemas": { + "ValidationError": { + "title": "ValidationError", + "required": ["loc", "msg", "type"], + "type": "object", + "properties": { + "loc": { + "title": "Location", + "type": "array", + "items": {"type": "string"}, + }, + "msg": {"title": "Message", "type": "string"}, + "type": {"title": "Error Type", "type": "string"}, + }, + }, + "HTTPValidationError": { + "title": "HTTPValidationError", + "type": "object", + "properties": { + "detail": { + "title": "Detail", + "type": "array", + "items": {"$ref": "#/components/schemas/ValidationError"}, + } + }, + }, + } + }, +} + + +def test_openapi_schema(): + response = client.get("/openapi.json") + assert response.status_code == 200 + assert response.json() == openapi_schema + + +def test_multi_query_values(): + url = "/items/?q=foo&q=bar" + response = client.get(url) + assert response.status_code == 200 + assert response.json() == {"q": ["foo", "bar"]} + + +def test_query_no_values(): + url = "/items/" + response = client.get(url) + assert response.status_code == 200 + assert response.json() == {"q": None}