Swagger-php: Define Request Payload directly in Request

Created on 22 Aug 2018  路  6Comments  路  Source: zircote/swagger-php

Hi,

first, thanks for the awesome package!

I need to define the Scheme of a request payload which does not corresponds to a model.
Because of this I have to define the payload directly in the @OA\Post annotation:

  /**
     * @OA\Post(
     *     path="/login",
     *     tags={"user"},
     *     summary="login a registered user",
     *     operationId="register",
     *     @OA\Response(
     *         response=200,
     *         description="Successfully activated"
     *     )
     * )
     */

In this example I need to define that the request MUST contain an email address and a password.
There is a Paramter object, but for location it only has path, query, header and cookie.
This is why I don't know how to define the content of the body...
I can't find an example in the pet store 3.0 which does this.

Anyone out there who knows how to solve this?

Most helpful comment

Ok, I solved it by myself:

    /**
     * @OA\Post(
     *     path="/login",
     *     tags={"user"},
     *     summary="login a registered user",
     *     operationId="login",
     *     @OA\RequestBody(
     *         description="Input data format",
     *         @OA\MediaType(
     *             mediaType="application/json",
     *             @OA\Schema(
     *                 type="object",
     *                 @OA\Property(
     *                     property="email",
     *                     description="The email of the user",
     *                     type="string",
     *                 ),
     *                 @OA\Property(
     *                     property="password",
     *                     description="The password of the user",
     *                     type="string"
     *                 )
     *             )
     *         )
     *     ),
     *     @OA\Response(
     *         response=200,
     *         description="Successfully activated"
     *     )
     * )
     */

All 6 comments

Ok, I solved it by myself:

    /**
     * @OA\Post(
     *     path="/login",
     *     tags={"user"},
     *     summary="login a registered user",
     *     operationId="login",
     *     @OA\RequestBody(
     *         description="Input data format",
     *         @OA\MediaType(
     *             mediaType="application/json",
     *             @OA\Schema(
     *                 type="object",
     *                 @OA\Property(
     *                     property="email",
     *                     description="The email of the user",
     *                     type="string",
     *                 ),
     *                 @OA\Property(
     *                     property="password",
     *                     description="The password of the user",
     *                     type="string"
     *                 )
     *             )
     *         )
     *     ),
     *     @OA\Response(
     *         response=200,
     *         description="Successfully activated"
     *     )
     * )
     */

Ok, I solved it by myself:

    /**
     * @OA\Post(
     *     path="/login",
     *     tags={"user"},
     *     summary="login a registered user",
     *     operationId="login",
     *     @OA\RequestBody(
     *         description="Input data format",
     *         @OA\MediaType(
     *             mediaType="application/json",
     *             @OA\Schema(
     *                 type="object",
     *                 @OA\Property(
     *                     property="email",
     *                     description="The email of the user",
     *                     type="string",
     *                 ),
     *                 @OA\Property(
     *                     property="password",
     *                     description="The password of the user",
     *                     type="string"
     *                 )
     *             )
     *         )
     *     ),
     *     @OA\Response(
     *         response=200,
     *         description="Successfully activated"
     *     )
     * )
     */

please help me to install cookie jsessionid auth thru this Darkonline Swagger...
in Postman all works correctly,
but when I try login thru the Swagger, I ve got 419 error...

Sounds more like a UI issue to me - have you asked over there?

I suggest the following steps to debug:

  1. ccomparing the request made by postman with the on done by swagger-ui to see what the difference is.
  2. If there are differences manually modify the openapi spec to make the ui work
  3. Change the annotations to generate the correct spec

In order to help we'd need at least:

  • the expected request (non standard headers, exact JSON format)
  • the openapi yaml/json

Finally, it would be better to raise a new issue rather than commenting on a closed one. Updates on closed issues are not visible on github unless you are subscribed, so this reduces visibility and gives your question less exposure.

Sounds more like a UI issue to me - have you asked over there?

I suggest the following steps to debug:

  1. ccomparing the request made by postman with the on done by swagger-ui to see what the difference is.
  2. If there are differences manually modify the openapi spec to make the ui work
  3. Change the annotations to generate the correct spec

In order to help we'd need at least:

  • the expected request (non standard headers, exact JSON format)
  • the openapi yaml/json

Finally, it would be better to raise a new issue rather than commenting on a closed one. Updates on closed issues are not visible on github unless you are subscribed, so this reduces visibility and gives your question less exposure.

I solved the problem. It was necessary to disable the CSRF token check in the VerifyCSRFToken class. I added my url there and it worked.

class VerifyCsrfToken extends Middleware
{
    /**
     * The URIs that should be excluded from CSRF verification.
     *
     * @var array
     */
    protected $except = [
        '/api/login',
    ];
}

Thanks for reply anyway!

glad you found the problem. From a security point of view excluding the login form doesn't sound like a good idea, though

glad you found the problem. From a security point of view excluding the login form doesn't sound like a good idea, though

Yep, I know about security vulnerabilities. At this stage of the project, I have not yet worked on the development of an additional protection system. I am creating an API in Laravel, on top of another API that uses a cookie and JSESSIONID authentication system. And this API layer was developed by another company, and for a long time. I have not yet thought about how to further protect it. You may need to store some kind of token after authorization. But the whole trick is that authorization in the system takes place on the other side of the API layer, in the external Database, which is in no way connected with Laravel. And Laravel is only used here to simplify working with the first layer of the API.
I know no one does that. But these are the conditions that the company I work for.

Was this page helpful?
0 / 5 - 0 ratings