Merge branch 'GPII-3948'

* GPII-3948: GPII-3842: Install grunt globally in VM for linting checks in CI. GPII-3931: Removed wrong-headed change that didn't actually improve `errors` definitions in GSS. GPII-3948: Relaxed checks against `options.components`. GPII-3931: Allow empty strings in error keys. GPII-3929: Added minimum changes to validation middleware to support testing schema holder approaches downstream. Updated forward-facing version following 2.0.2 release. GPII-3920: Updated handlebars to address handlebars security vulnerability. Updated forward-facing version following 2.0.1 release.
fluid-project · Jun 17, 2019 · 91727c6 · 91727c6
2 parents 01ac990 + a5f05da
commit 91727c6
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 35 deletions.
diff --git a/.vagrant.yml b/.vagrant.yml
@@ -19,6 +19,7 @@ setup_job:
   script:
     - choco install nodejs-lts -y
     - choco install chromedriver -y
+    - npm install -g grunt
 
 test_job:
   stage: test          # name of the stage

diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
     "name": "gpii-json-schema",
-    "version": "2.0.1",
+    "version": "2.0.3",
     "description": "Support validation of JSON within the Fluid and GPII ecosystems.",
     "main": "index.js",
     "scripts": {
@@ -20,7 +20,7 @@
         "ajv": "6.10.0",
         "gpii-binder": "1.0.5",
         "gpii-express": "1.0.15",
-        "gpii-handlebars": "1.1.3",
+        "gpii-handlebars": "1.1.4",
         "infusion": "3.0.0-dev.20190507T155813Z.4781871fd.FLUID-6148",
         "kettle": "1.10.1"
     },
@@ -31,7 +31,7 @@
         "gpii-grunt-lint-all": "1.0.5",
         "gpii-testem": "2.1.10-dev.20190404T122608Z.b51705e.GPII-3457",
         "grunt": "1.0.4",
-        "handlebars": "4.1.0",
+        "handlebars": "4.1.2",
         "markdown-it": "8.4.2",
         "mkdirp": "0.5.1",
         "node-jqunit": "1.1.8",

diff --git a/src/js/common/schemaValidatedComponent.js b/src/js/common/schemaValidatedComponent.js
@@ -127,20 +127,9 @@ var fluid  = fluid  || {};
                             }
                         },
                         "components": {
-                            "type": "object",
-                            "additionalProperties": {
-                                "type": "object"
-                                // We cannot inspect the components in the "shadow" record any further because the
-                                // sub-component options have not yet been merged, and are instead instances of
-                                // `fluid.mergingArray`.
-                                //
-                                //"properties": {
-                                //    "type": { "type": "string", "required": true },
-                                //    "createOnEvent": { "type": "string" },
-                                //    "container": { "type": "string" },
-                                //    "options": { "type": "object"}
-                                //}
-                            }
+                            "type": "object"
+                            // We cannot impose any further constraints on `options.components`.  Sub-components are
+                            // expected to provide validation rules for their own options.
                         },
                         "container": { "type": "string" },
                         "distributeOptions": {

diff --git a/src/js/server/schemaValidationMiddleware.js b/src/js/server/schemaValidationMiddleware.js
@@ -27,28 +27,35 @@ require("../common/schemaValidatedComponent");
  * validation errors.
  *
  * @param {Object} that - The middleware component itself.
+ * @param {Object|Promise} schema - The GSS schema to validate against, or a promise that will resolve to same.
  * @param {Object} req - The Express request object.
  * @param {Object} res - The Express response object.
  * @param {Function} next - The function to be executed next in the middleware chain.
  *
  */
-gpii.schema.validationMiddleware.rejectOrForward  = function (that, req, res, next) {
+gpii.schema.validationMiddleware.rejectOrForward  = function (that, schema, req, res, next) {
     var toValidate = fluid.model.transformWithRules(req, that.options.rules.requestContentToValidate);
 
-    var validationResults = gpii.schema.validator.validate(toValidate, that.options.inputSchema, that.options.ajvOptions);
+    var schemaAsPromise = fluid.isPromise(schema) ? schema : fluid.toPromise(schema);
+    schemaAsPromise.then(
+        function (schema) {
+            var validationResults = gpii.schema.validator.validate(toValidate, schema, that.options.ajvOptions);
 
-    if (validationResults.isError) {
-        next(validationResults);
-    }
-    else if (validationResults.isValid) {
-        next();
-    }
-    else {
-        var localisedErrors = gpii.schema.validator.localiseErrors(validationResults.errors, toValidate, that.model.messages, that.options.localisationTransform);
-        var localisedPayload = fluid.copy(validationResults);
-        localisedPayload.errors = localisedErrors;
-        next(localisedPayload);
-    }
+            if (validationResults.isError) {
+                next(validationResults);
+            }
+            else if (validationResults.isValid) {
+                next();
+            }
+            else {
+                var localisedErrors = gpii.schema.validator.localiseErrors(validationResults.errors, toValidate, that.model.messages, that.options.localisationTransform);
+                var localisedPayload = fluid.copy(validationResults);
+                localisedPayload.errors = localisedErrors;
+                next(localisedPayload);
+            }
+        },
+        next
+    );
 };
 
 /*
@@ -99,7 +106,7 @@ fluid.defaults("gpii.schema.validationMiddleware.base", {
     invokers: {
         middleware: {
             funcName: "gpii.schema.validationMiddleware.rejectOrForward",
-            args:     ["{that}", "{arguments}.0", "{arguments}.1", "{arguments}.2"] // request, response, next
+            args:     ["{that}", "{that}.options.inputSchema", "{arguments}.0", "{arguments}.1", "{arguments}.2"] // schema, request, response, next
         }
     }
 });
@@ -136,14 +143,15 @@ fluid.registerNamespace("gpii.schema.kettle.middleware");
  * Call the base validation function and handle its output in the way that is expected for `kettle.middleware` grades.
  *
  * @param {Object} that - The `kettle.middleware` component (see below).
+ * @param {Object} schema - The GSS schema to validate against.
  * @param {Object} req  - The Express request object.
  * @return {Promise}    - A `fluid.promise` that is resolved if the request is validated and rejected if the request is
  *                        invalid.
  */
-gpii.schema.kettle.middleware.handle  = function (that, req) {
+gpii.schema.kettle.middleware.handle  = function (that, schema, req) {
     var validationPromise = fluid.promise();
 
-    gpii.schema.validationMiddleware.rejectOrForward(that, req.req, undefined, function (error) {
+    gpii.schema.validationMiddleware.rejectOrForward(that, schema, req.req, undefined, function (error) {
         if (error) {
             validationPromise.reject(fluid.extend({}, error, that.options.errorTemplate));
         }
@@ -165,7 +173,7 @@ fluid.defaults("gpii.schema.kettle.middleware", {
     invokers: {
         handle: {
             funcName: "gpii.schema.kettle.middleware.handle",
-            args: ["{that}", "{arguments}.0"] // request
+            args: ["{that}", "{that}.options.inputSchema", "{arguments}.0"] // schema, request
         }
     }
 });