[Bug]: Mutual exclusion by use of additionalProperties: false across union types #803
Description
Actual Behavior
If additionalProperties: false is declared in components and being combined into one by allOf, validation unconditionally fails.
Let's say we have following OpenAPI spec:
---
openapi: 3.0.0
info:
title: Test API
description: Test
version: 0.0.1
servers:
- url: https://www.example.com
paths:
/test:
post:
summary: test
description: test
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/Derived'
required: true
responses:
"200":
description: Success
components:
schemas:
Base:
required:
- foo
type: object
properties:
foo:
type: string
nullable: false
additionalProperties: false
Derived:
type: object
allOf:
- $ref: '#/components/schemas/Base'
- type: object
required:
- bar
properties:
bar:
type: string
nullable: false
additionalProperties: false
This spec compiles without any problem. But when validating actual request with this spec, validator fails with following error message:
RequestValidationResult(errors=[InvalidSchemaValue(value={'bar': '2',
'foo': '1'},
type='object',
schema_errors=(<ValidationError: "Additional properties are not allowed ('bar' was unexpected)">,
<ValidationError: "Additional properties are not allowed ('foo' was unexpected)">))],
body=None,
parameters=Parameters(query={},
header={},
cookie={},
path={}),
security={})
Expected Behavior
I think openapi-core should behave one of following:
- Validation should be successful
- Or forbid use of
additionalProperties: falsein context of union types (allOf) at schema lvel.
Steps to Reproduce
Validate {"foo": "-", "bar": "-"} with spec supplied above.
OpenAPI Core Version
0.19.0
OpenAPI Core Integration
pydantic
Affected Area(s)
validation
References
No response
Anything else we need to know?
No response
Would you like to implement a fix?
Yes