diff --git a/core/server/api/shared/validators/input/all.js b/core/server/api/shared/validators/input/all.js index 436255ad4e..8a918cac08 100644 --- a/core/server/api/shared/validators/input/all.js +++ b/core/server/api/shared/validators/input/all.js @@ -118,10 +118,14 @@ module.exports = { add(apiConfig, frame) { debug('validate add'); - if (_.isEmpty(frame.data) || _.isEmpty(frame.data[apiConfig.docName]) || _.isEmpty(frame.data[apiConfig.docName][0])) { - return Promise.reject(new common.errors.BadRequestError({ - message: common.i18n.t('errors.api.utils.noRootKeyProvided', {docName: apiConfig.docName}) - })); + // NOTE: this block should be removed completely once JSON Schema validations + // are introduced for all of the endpoints + if (!['posts', 'tags'].includes(apiConfig.docName)) { + if (_.isEmpty(frame.data) || _.isEmpty(frame.data[apiConfig.docName]) || _.isEmpty(frame.data[apiConfig.docName][0])) { + return Promise.reject(new common.errors.BadRequestError({ + message: common.i18n.t('errors.api.utils.noRootKeyProvided', {docName: apiConfig.docName}) + })); + } } const jsonpath = require('jsonpath'); @@ -166,11 +170,17 @@ module.exports = { return result; } - if (frame.options.id && frame.data[apiConfig.docName][0].id - && frame.options.id !== frame.data[apiConfig.docName][0].id) { - return Promise.reject(new common.errors.BadRequestError({ - message: common.i18n.t('errors.api.utils.invalidIdProvided') - })); + // NOTE: this block should be removed completely once JSON Schema validations + // are introduced for all of the endpoints. `id` property is currently + // stripped from the request body and only the one provided in `options` + // is used in later logic + if (!['posts', 'tags'].includes(apiConfig.docName)) { + if (frame.options.id && frame.data[apiConfig.docName][0].id + && frame.options.id !== frame.data[apiConfig.docName][0].id) { + return Promise.reject(new common.errors.BadRequestError({ + message: common.i18n.t('errors.api.utils.invalidIdProvided') + })); + } } }, diff --git a/core/server/api/v2/tags.js b/core/server/api/v2/tags.js index f189d6abf3..3407e422da 100644 --- a/core/server/api/v2/tags.js +++ b/core/server/api/v2/tags.js @@ -77,11 +77,6 @@ module.exports = { include: { values: ALLOWED_INCLUDES } - }, - data: { - name: { - required: true - } } }, permissions: true, diff --git a/core/server/api/v2/utils/validators/utils/json-schema.js b/core/server/api/v2/utils/validators/utils/json-schema.js index d3ba9a32a9..e4b4c5fe01 100644 --- a/core/server/api/v2/utils/validators/utils/json-schema.js +++ b/core/server/api/v2/utils/validators/utils/json-schema.js @@ -20,6 +20,8 @@ const validate = (schema, definitions, data) => { if (dataPath) { key = dataPath.split('.').pop(); + } else { + key = schema.$id.split('.')[0]; } return Promise.reject(new common.errors.ValidationError({ diff --git a/core/test/unit/api/shared/validators/input/all_spec.js b/core/test/unit/api/shared/validators/input/all_spec.js index 3c426bfd4b..32f56bc901 100644 --- a/core/test/unit/api/shared/validators/input/all_spec.js +++ b/core/test/unit/api/shared/validators/input/all_spec.js @@ -379,7 +379,7 @@ describe('Unit: api/shared/validators/input/all', function () { describe('edit', function () { it('id mismatch', function () { const apiConfig = { - docName: 'posts' + docName: 'users' }; const frame = {