Prevent a panic in the error encoder (#262)

Author: richard-rance

openapi3filter/fixtures/petstore.json

@@ -67,7 +67,21 @@
         ],
         "requestBody": {
           "$ref": "#/components/requestBodies/PetWithRequired"
-        }
+        },
+        "parameters": [
+          {
+            "schema": {
+              "type": "string",
+              "enum": [
+                "demo",
+                "prod"
+              ]
+            },
+            "in": "header",
+            "name": "x-environment",
+            "description": "Where to send the data for processing"
+          }
+        ]
       },
       "patch": {
         "tags": [
@@ -1136,7 +1150,7 @@
           },
           "name": {
             "type": "string",
-            "example": "doggie",
+            "example": "doggie"
           },
           "photoUrls": {
             "type": "array",
@@ -1196,7 +1210,7 @@
           },
           "name": {
             "type": "string",
-            "example": "doggie",
+            "example": "doggie"
           },
           "photoUrls": {
             "type": "array",
@@ -1330,4 +1344,4 @@
       }
     }
   }
-}
+}

openapi3filter/validation_error_encoder.go

@@ -148,7 +148,7 @@ func convertSchemaError(e *RequestError, innerErr *openapi3.SchemaError) *Valida
 	}
 
 	// Add error source
-	if e.Parameter != nil && e.Parameter.In == "query" {
+	if e.Parameter != nil {
 		// We have a JSONPointer in the query param too so need to
 		// make sure 'Parameter' check takes priority over 'Pointer'
 		cErr.Source = &ValidationErrorSource{
@@ -172,7 +172,8 @@ func convertSchemaError(e *RequestError, innerErr *openapi3.SchemaError) *Valida
 		cErr.Detail = fmt.Sprintf("Value '%v' at %s must be one of: %s",
 			innerErr.Value, toJSONPointer(innerErr.JSONPointer()), strings.Join(enums, ", "))
 		value := fmt.Sprintf("%v", innerErr.Value)
-		if (e.Parameter.Explode == nil || *e.Parameter.Explode == true) &&
+		if e.Parameter != nil &&
+			(e.Parameter.Explode == nil || *e.Parameter.Explode == true) &&
 			(e.Parameter.Style == "" || e.Parameter.Style == "form") &&
 			strings.Contains(value, ",") {
 			parts := strings.Split(value, ",")

openapi3filter/validation_error_test.go

@@ -74,6 +74,9 @@ func getValidationTests(t *testing.T) []*validationTest {
 	unsupportedContentType := newPetstoreRequest(t, http.MethodPost, "/pet", bytes.NewBufferString(`{}`))
 	unsupportedContentType.Header.Set("Content-Type", "text/plain")
 
+	unsupportedHeaderValue := newPetstoreRequest(t, http.MethodPost, "/pet", bytes.NewBufferString(`{}`))
+	unsupportedHeaderValue.Header.Set("x-environment", "watdis")
+
 	return []*validationTest{
 		//
 		// Basics
@@ -270,10 +273,43 @@ func getValidationTests(t *testing.T) []*validationTest {
 			},
 		},
 
+		//
+		// Request header params
+		//
+		{
+			name: "error - invalid enum value for header string parameter",
+			args: validationArgs{
+				r: unsupportedHeaderValue,
+			},
+			wantErrParam:        "x-environment",
+			wantErrParamIn:      "header",
+			wantErrSchemaReason: "JSON value is not one of the allowed values",
+			wantErrSchemaPath:   "/",
+			wantErrSchemaValue:  "watdis",
+			wantErrResponse: &ValidationError{Status: http.StatusBadRequest,
+				Title:  "JSON value is not one of the allowed values",
+				Detail: "Value 'watdis' at / must be one of: demo, prod",
+				Source: &ValidationErrorSource{Parameter: "x-environment"}},
+		},
+
 		//
 		// Request bodies
 		//
 
+		{
+			name: "error - invalid enum value for header object attribute",
+			args: validationArgs{
+				r: newPetstoreRequest(t, http.MethodPost, "/pet", bytes.NewBufferString(`{"status":"watdis"}`)),
+			},
+			wantErrReason:       "doesn't match the schema",
+			wantErrSchemaReason: "JSON value is not one of the allowed values",
+			wantErrSchemaValue:  "watdis",
+			wantErrSchemaPath:   "/status",
+			wantErrResponse: &ValidationError{Status: http.StatusUnprocessableEntity,
+				Title:  "JSON value is not one of the allowed values",
+				Detail: "Value 'watdis' at /status must be one of: available, pending, sold",
+				Source: &ValidationErrorSource{Pointer: "/status"}},
+		},
 		{
 			name: "error - missing required object attribute",
 			args: validationArgs{