Description
Factoring openapi_validated into a request method going from 0.11 to 0.12 comes with a few issues. I was wondering whether you would consider going back to the old implementation that set openapi_validated as an attribute on the request and accessing request.openapi_validated did not have side effects.
There are two problems that come to mind with the current implementation:
- Accessing
request.openapi_validatedin a route that hasview_config(openapi=False)will break the route.
@view_config(route_name="my_route", openapi=False)
def my_route(request):
request.openapi_validated
return HTTPOk()request.openapi_validated is now always available on every request regardless of the openapi route setting. Accessing it will set the pyramid_openapi3.validate_response environ setting, breaking the route because it will attempt to validate the response, causing confusing errors. Of course there is no good reason to access request.openapi_validated directly in a view that has openapi=False set, but I can think of reasons why someone would want to access it upstream of the individual view callable in code that is shared across several views.
- Setting
pyramid_openapi3.enable_request_validationto False will also deactivate response validation.
def configure(config):
config.registry.settings["pyramid_openapi3.enable_request_validation"] = False
@view_config(route_name="my_route", openapi=True)
def my_route(request):
return make_complicated_response()In this example request.openapi_validated is not accessed in the view deriver because it bails out after seeing that request validation is disabled. Since it's also not explicitly accessed inside the view pyramid_openapi3.validate_response is never set in the request environ and response validation is skipped.
I'm not too familiar with the reasoning behind moving to the new implementation (other than that it's certainly cleaner) and I may be missing problems that the old implementation had.