[BUG] swagger_strict_schema_validation assumes all attributes required instead of optional

[reneweteling]

Describe the bug

According to the swagger spec, all response objects are optional, when you specify them in the required attribute they become mandatory, only the response_validator sets the requirement default to True, instead of False.

Issue is when you set swagger_strict_schema_validation to true, it actually sets strict: true on JSON::Validator.validate!(schema, yaml, :strict => true) and when you set strict to true here, all fields become required. But this contradicts the swagger spec. I think instead of strict, you should use noAdditionalProperties here: https://github.com/rswag/rswag/blob/master/rswag-specs/lib/rswag/specs/response_validator.rb#L67C26-L67C26 but the setting is set here: https://github.com/rswag/rswag/blob/master/rswag-specs/lib/rswag/specs/response_validator.rb#L75

like so:

      def validation_options_from(metadata)
        is_strict = !!metadata.fetch(
          :swagger_strict_schema_validation,
          @config.swagger_strict_schema_validation
        )

        { noAdditionalProperties: is_strict } # instead of strict
      end

Resulting in my spec failing

The property '#/accounts/0' did not contain a required property of 'current_cash_value' in schema e7c9f924-8939-53fc-aff2-04d1e5435104#

even though this current_cach_value attribute is not in my required list.

Dependency versions

The version of are you using for:

• Rswag: 2.12.0
• RSpec: 3.12.0
• Rails: 7.0.8
• Ruby: 3.2.2

Relates to which version of OAS (OpenAPI Specification)

• OAS2
• OAS3
• OAS3.1

[a-lavis]

I think this is a duplicate of #666

[reneweteling]

Super, the thing that im missing though is a way to set the options, so I saw you relaxed the json-schema versions somewhat . But now we still need to do something like this:

config/initializers/rswag_ui.rb

Rswag::Ui.configure do |c|
  # List the Swagger endpoints that you want to be documented through the swagger-ui
  # The first parameter is the path (absolute or relative to the UI host) to the corresponding
  # JSON endpoint and the second is a title that will be displayed in the document selector
  # NOTE: If you're using rspec-api to expose Swagger files (under swagger_root) as JSON endpoints,
  # then the list below should correspond to the relative paths for those endpoints

  c.swagger_endpoint '/api-docs/v1/swagger.json', 'v1'
  c.config_object.merge!({
                           deepLinking: true,
                           filter: true,
                           syntaxHighlight: {
                             activate: true,
                             theme: 'monokai'
                           },
                           tryItOutEnabled: true,
                           persistAuthorization: true,
                           defaultModelsExpandDepth: 10,
                           defaultModelExpandDepth: 10
                         })
end

# https://github.com/rswag/rswag/issues/704
module ResponseValidator
  def validation_options_from(metadata)
    is_strict = !!metadata.fetch(
      :swagger_strict_schema_validation,
      @config.swagger_strict_schema_validation
    )

    {
      struct: is_strict,
      noAdditionalProperties: true
    }
  end
end

Rswag::Specs::ResponseValidator.prepend ResponseValidator

So i'd suggest adding options for the default options described here: https://github.com/voxpupuli/json-schema/blob/master/lib/json-schema/validator.rb#L22

or adding a freeform object that gets injected directly with a clear reference to the config options from json-schema, this way you don't need to make a abstraction layer ontop of this gem, and you don't own the options or need to change the config when the underlying package changes.

Thanks man, good luck!