From e433677002fcc02d935cb80f1f38bbf88611286e Mon Sep 17 00:00:00 2001
From: Tony Atkins <tony@raisingthefloor.org>
Date: Fri, 10 May 2019 10:06:58 +0200
Subject: [PATCH 1/8] Updated forward-facing version following 2.0.1 release.
---
package.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package.json b/package.json
index e7d4a8c..3f12182 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "gpii-json-schema",
- "version": "2.0.1",
+ "version": "2.0.2",
"description": "Support validation of JSON within the Fluid and GPII ecosystems.",
"main": "index.js",
"scripts": {
From 68521715e0f763bf8c98dbcf3776d986d08982d1 Mon Sep 17 00:00:00 2001
From: Tony Atkins <tony@raisingthefloor.org>
Date: Thu, 16 May 2019 11:26:18 +0200
Subject: [PATCH 2/8] GPII-3920: Updated handlebars to address handlebars
security vulnerability.
---
package.json | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/package.json b/package.json
index 3f12182..4450c08 100644
--- a/package.json
+++ b/package.json
@@ -20,7 +20,7 @@
"ajv": "6.10.0",
"gpii-binder": "1.0.5",
"gpii-express": "1.0.15",
- "gpii-handlebars": "1.1.3",
+ "gpii-handlebars": "1.1.4",
"infusion": "3.0.0-dev.20190507T155813Z.4781871fd.FLUID-6148",
"kettle": "1.10.1"
},
@@ -31,7 +31,7 @@
"gpii-grunt-lint-all": "1.0.5",
"gpii-testem": "2.1.10-dev.20190404T122608Z.b51705e.GPII-3457",
"grunt": "1.0.4",
- "handlebars": "4.1.0",
+ "handlebars": "4.1.2",
"markdown-it": "8.4.2",
"mkdirp": "0.5.1",
"node-jqunit": "1.1.8",
From 18f60939ed895293354e4ac4fe401d4703c411c8 Mon Sep 17 00:00:00 2001
From: Tony Atkins <tony@raisingthefloor.org>
Date: Thu, 16 May 2019 11:29:28 +0200
Subject: [PATCH 3/8] Updated forward-facing version following 2.0.2 release.
---
package.json | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/package.json b/package.json
index 4450c08..48c5078 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
{
"name": "gpii-json-schema",
- "version": "2.0.2",
+ "version": "2.0.3",
"description": "Support validation of JSON within the Fluid and GPII ecosystems.",
"main": "index.js",
"scripts": {
From 632c0b533a533426ae87b006a82f1fa45293ac03 Mon Sep 17 00:00:00 2001
From: Tony Atkins <tony@raisingthefloor.org>
Date: Tue, 21 May 2019 13:06:27 +0200
Subject: [PATCH 4/8] GPII-3929: Added minimum changes to validation middleware
to support testing schema holder approaches downstream.
---
src/js/server/schemaValidationMiddleware.js | 44 ++++++++++++---------
1 file changed, 26 insertions(+), 18 deletions(-)
diff --git a/src/js/server/schemaValidationMiddleware.js b/src/js/server/schemaValidationMiddleware.js
index a9963fd..d70bc93 100644
--- a/src/js/server/schemaValidationMiddleware.js
+++ b/src/js/server/schemaValidationMiddleware.js
@@ -27,28 +27,35 @@ require("../common/schemaValidatedComponent");
* validation errors.
*
* @param {Object} that - The middleware component itself.
+ * @param {Object|Promise} schema - The GSS schema to validate against, or a promise that will resolve to same.
* @param {Object} req - The Express request object.
* @param {Object} res - The Express response object.
* @param {Function} next - The function to be executed next in the middleware chain.
*
*/
-gpii.schema.validationMiddleware.rejectOrForward = function (that, req, res, next) {
+gpii.schema.validationMiddleware.rejectOrForward = function (that, schema, req, res, next) {
var toValidate = fluid.model.transformWithRules(req, that.options.rules.requestContentToValidate);
- var validationResults = gpii.schema.validator.validate(toValidate, that.options.inputSchema, that.options.ajvOptions);
+ var schemaAsPromise = fluid.isPromise(schema) ? schema : fluid.toPromise(schema);
+ schemaAsPromise.then(
+ function (schema) {
+ var validationResults = gpii.schema.validator.validate(toValidate, schema, that.options.ajvOptions);
- if (validationResults.isError) {
- next(validationResults);
- }
- else if (validationResults.isValid) {
- next();
- }
- else {
- var localisedErrors = gpii.schema.validator.localiseErrors(validationResults.errors, toValidate, that.model.messages, that.options.localisationTransform);
- var localisedPayload = fluid.copy(validationResults);
- localisedPayload.errors = localisedErrors;
- next(localisedPayload);
- }
+ if (validationResults.isError) {
+ next(validationResults);
+ }
+ else if (validationResults.isValid) {
+ next();
+ }
+ else {
+ var localisedErrors = gpii.schema.validator.localiseErrors(validationResults.errors, toValidate, that.model.messages, that.options.localisationTransform);
+ var localisedPayload = fluid.copy(validationResults);
+ localisedPayload.errors = localisedErrors;
+ next(localisedPayload);
+ }
+ },
+ next
+ );
};
/*
@@ -99,7 +106,7 @@ fluid.defaults("gpii.schema.validationMiddleware.base", {
invokers: {
middleware: {
funcName: "gpii.schema.validationMiddleware.rejectOrForward",
- args: ["{that}", "{arguments}.0", "{arguments}.1", "{arguments}.2"] // request, response, next
+ args: ["{that}", "{that}.options.inputSchema", "{arguments}.0", "{arguments}.1", "{arguments}.2"] // schema, request, response, next
}
}
});
@@ -136,14 +143,15 @@ fluid.registerNamespace("gpii.schema.kettle.middleware");
* Call the base validation function and handle its output in the way that is expected for `kettle.middleware` grades.
*
* @param {Object} that - The `kettle.middleware` component (see below).
+ * @param {Object} schema - The GSS schema to validate against.
* @param {Object} req - The Express request object.
* @return {Promise} - A `fluid.promise` that is resolved if the request is validated and rejected if the request is
* invalid.
*/
-gpii.schema.kettle.middleware.handle = function (that, req) {
+gpii.schema.kettle.middleware.handle = function (that, schema, req) {
var validationPromise = fluid.promise();
- gpii.schema.validationMiddleware.rejectOrForward(that, req.req, undefined, function (error) {
+ gpii.schema.validationMiddleware.rejectOrForward(that, schema, req.req, undefined, function (error) {
if (error) {
validationPromise.reject(fluid.extend({}, error, that.options.errorTemplate));
}
@@ -165,7 +173,7 @@ fluid.defaults("gpii.schema.kettle.middleware", {
invokers: {
handle: {
funcName: "gpii.schema.kettle.middleware.handle",
- args: ["{that}", "{arguments}.0"] // request
+ args: ["{that}", "{that}.options.inputSchema", "{arguments}.0"] // schema, request
}
}
});
From 11d82d948cb06aae05e6b22413cc25cfb331247b Mon Sep 17 00:00:00 2001
From: Tony Atkins <tony@raisingthefloor.org>
Date: Tue, 21 May 2019 13:54:02 +0200
Subject: [PATCH 5/8] GPII-3931: Allow empty strings in error keys.
---
src/js/common/gss-metaschema.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/js/common/gss-metaschema.js b/src/js/common/gss-metaschema.js
index 60daf44..a89f8ae 100644
--- a/src/js/common/gss-metaschema.js
+++ b/src/js/common/gss-metaschema.js
@@ -21,7 +21,7 @@ var fluid = fluid || {};
},
"messageKey": {
"type": "string",
- "pattern": "^[a-zA-Z0-9-_\.]+"
+ "pattern": "^[a-zA-Z0-9-_\.]*"
},
"messageKeyMap": {
"type": "object",
From 67a737c6dbd1d5685e393e2fffa4ff520721d963 Mon Sep 17 00:00:00 2001
From: Tony Atkins <tony@raisingthefloor.org>
Date: Fri, 24 May 2019 12:26:39 +0200
Subject: [PATCH 6/8] GPII-3948: Relaxed checks against `options.components`.
---
src/js/common/schemaValidatedComponent.js | 17 +++--------------
1 file changed, 3 insertions(+), 14 deletions(-)
diff --git a/src/js/common/schemaValidatedComponent.js b/src/js/common/schemaValidatedComponent.js
index 018f9d5..43d0f63 100644
--- a/src/js/common/schemaValidatedComponent.js
+++ b/src/js/common/schemaValidatedComponent.js
@@ -127,20 +127,9 @@ var fluid = fluid || {};
}
},
"components": {
- "type": "object",
- "additionalProperties": {
- "type": "object"
- // We cannot inspect the components in the "shadow" record any further because the
- // sub-component options have not yet been merged, and are instead instances of
- // `fluid.mergingArray`.
- //
- //"properties": {
- // "type": { "type": "string", "required": true },
- // "createOnEvent": { "type": "string" },
- // "container": { "type": "string" },
- // "options": { "type": "object"}
- //}
- }
+ "type": "object"
+ // We cannot impose any further constraints on `options.components`. Sub-components are
+ // expected to provide validation rules for their own options.
},
"container": { "type": "string" },
"distributeOptions": {
From 3d42d5e66c19fa257782b7e28835e14f14dd34f5 Mon Sep 17 00:00:00 2001
From: Tony Atkins <tony@raisingthefloor.org>
Date: Fri, 24 May 2019 16:13:10 +0200
Subject: [PATCH 7/8] GPII-3931: Removed wrong-headed change that didn't
actually improve `errors` definitions in GSS.
---
src/js/common/gss-metaschema.js | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/js/common/gss-metaschema.js b/src/js/common/gss-metaschema.js
index a89f8ae..60daf44 100644
--- a/src/js/common/gss-metaschema.js
+++ b/src/js/common/gss-metaschema.js
@@ -21,7 +21,7 @@ var fluid = fluid || {};
},
"messageKey": {
"type": "string",
- "pattern": "^[a-zA-Z0-9-_\.]*"
+ "pattern": "^[a-zA-Z0-9-_\.]+"
},
"messageKeyMap": {
"type": "object",
From a5f05dafdfc5e44d66998381282bfd0fcd326446 Mon Sep 17 00:00:00 2001
From: Tony Atkins <tony@raisingthefloor.org>
Date: Tue, 28 May 2019 18:43:04 +0200
Subject: [PATCH 8/8] GPII-3842: Install grunt globally in VM for linting
checks in CI.
---
.vagrant.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.vagrant.yml b/.vagrant.yml
index 5a05b38..c97ec72 100644
--- a/.vagrant.yml
+++ b/.vagrant.yml
@@ -19,6 +19,7 @@ setup_job:
script:
- choco install nodejs-lts -y
- choco install chromedriver -y
+ - npm install -g grunt
test_job:
stage: test # name of the stage