Bug: "Request body property must match exactly one schema in oneOf" with seemingly fine request body

[KirillSapranov]

Our company tries to setup a Prism mock server for GMO payment system based on the OpenAPI 3.1.0 specification located here
https://static.mul-pay.jp/doc/openapi-type/

Currently we use only the /credit/verifyCard endpoint.

At first we didn't notice any problems as Prism properly showed the normal type errors for our requests like "field value must be a number, not a string". But when we solved those errors we noticed that one error persists: "Request body property creditVerificationInformation must match exactly one schema in oneOf". We double checked the key names in the request and OpenAPI schema and everything seems fine (although we are not experts in OpenAPI). On the other hand, we can't find a way to get a more detailed error message from Prism to fix the problem.

The request body was copied from GMO's API docs. There were some type errors which we fixed already.

If it's not a bug, is there a way to solve this problem?

Context

We can't create a mock server for the tests and that slows down our development team.

Current Behavior

The mock server returns the following response.

HTTP/1.1 400 Bad Request
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: *
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: *
Connection: close
Content-Length: 109
Content-Type: application/problem+json
Date: Tue, 29 Oct 2024 03:34:49 GMT
Sl-Violations: [{"location":["request","body","creditVerificationInformation"],"severity":"Error","code":"oneOf","message":"Request body property creditVerificationInformation must match exactly one schema in oneOf"}]

{"title":"missing_parameter","detail":"Missing required request parameters.","instance":"/credit/verifyCard"}

Expected Behavior

201 response according to the specification.

Possible Workaround/Solution

It's not exactly a solution but it would be nice to have a more detailed error message which shows what keys inside the property don't match the schema.

Steps to Reproduce

1. Download and mock the OpenAPI specification from the GMO payment system. Link: https://static.mul-pay.jp/doc/openapi-type/ (current version 1.5.1)
2. Install Prisma via npm.
3. Run prism mock locally with downloaded JSON file.
4. Send the following test request to the /credit/VerifyCard endpoint

Tried to send the same test request via curl and HTTPie desktop client with the same result (the auth data is random).

POST /credit/verifyCard HTTP/1.1
Authorization: Bearer asdasdasd
Content-Length: 3853
Content-Type: application/json
Host: 127.0.0.1:4010
Idempotency-Key: 1241241242asdasdasdasd
User-Agent: HTTPie

{
  "merchant": {
    "name": "サンプルストア",
    "nameKana": "ジーエムオーストア",
    "nameAlphabet": "Sample Store",
    "nameShort": "サンプル",
    "contactName": "サポート窓口",
    "contactEmail": "[email protected]",
    "contactUrl": "https://example.com/contact",
    "contactPhone": "0120-123-456",
    "contactOpeningHours": "10:00-18:00",
    "callbackUrl": "https://example.com/callback",
    "webhookUrl": "https://example.com/webhook",
    "csrfToken": "bdb04c5f-42f0-29e2-0979-edae3e7760bf"
  },
  "order": {
    "orderId": "order-001",
    "clientFields": {
      "clientField1": "加盟店自由項目1",
      "clientField2": "加盟店自由項目2",
      "clientField3": "加盟店自由項目3"
    },
    "items": [
      {
        "name": "コーヒー豆",
        "description": "コーヒー豆の説明",
        "quantity": 3,
        "type": "DIGITAL",
        "price": "2000",
        "category": "5451",
        "productId": "123456789012",
        "productCode": "1234567890123"
      }
    ],
    "transactionType": "CIT",
    "shippingAddress": {
      "name": "見本 太郎",
      "line1": "道玄坂1丁目2-3",
      "line2": "渋谷ビル1F",
      "line3": "1号室",
      "city": "渋谷区",
      "state": "013",
      "postCode": "150-0043",
      "country": "392"
    },
    "addressMatch": false,
    "billingAddress": {
      "name": "見本 太郎",
      "line1": "道玄坂1丁目2-3",
      "line2": "渋谷ビル1F",
      "line3": "1号室",
      "city": "渋谷区",
      "state": "013",
      "postCode": "150-0043",
      "country": "392"
    }
  },
  "payer": {
    "name": "見本 太郎",
    "nameKana": "ミホン　タロウ",
    "nameAlphabet": "Taro Mihon",
    "gender": "MALE",
    "dateOfBirth": "19950308",
    "email": "[email protected]",
    "deliveryEmail": "[email protected]",
    "phones": [
      {
        "type": "MOBILE",
        "countryCode": "81",
        "number": "090-1234-5678"
      }
    ],
    "accountId": "account_123",
    "ip": "172.16.0.1",
    "deviceType": "PC_WEB",
    "httpUserAgent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.61 Safari/537.36"
  },
  "creditVerificationInformation": {
    "tokenizedCard": {
      "type": "MP_TOKEN",
      "token": "Lg9sRgo5nx6yfefJ51z8bj/1VdNFAaCZYWZ+qLKJyqWwBS7yYvxSiC0zeMVH+O4F"
    },
    "creditVerificationOptions": {
      "useTds2": true,
      "itemCode": "0000999"
    },
    "onfileCardOptions": {
      "memberId": "member001",
      "memberName": "TARO MIHON",
      "cardId": "1",
      "createNewMember": true,
      "setDefault": true,
      "duplicationCheckOptions": {
        "enableDuplicationCheck": false,
        "includeDeletedCards": false,
        "excludedMemberIds": [
          "asdb000"
        ]
      }
    }
  },
  "tds2Information": {
    "tds2Options": {
      "skipNotEnrolledCard": false,
      "allowAttempt": "FOLLOW",
      "requiresChallenge": false,
      "autoAuthorization": true
    },
    "tds2Data": {
      "chAccChange": "20230101",
      "chAccDate": "20230101",
      "chAccPwChange": "20230101",
      "nbPurchaseAccount": 6,
      "paymentAccAge": "20230101",
      "provisionAttemptsDay": 5,
      "shipAddressUsage": "20230101",
      "shipNameInd": "01",
      "suspiciousAccActivity": "01",
      "txnActivityDay": 1,
      "txnActivityYear": 12,
      "threeDSReqAuthData": "",
      "threeDSReqAuthMethod": "01",
      "threeDSReqAuthTimestamp": "",
      "deliveryTimeframe": "01",
      "giftCardAmount": 999999999999999,
      "giftCardCount": 99,
      "giftCardCurr": "392",
      "preOrderDate": "20230101",
      "preOrderPurchaseInd": "01",
      "reorderItemsInd": "01",
      "shipInd": "01"
    }
  },
  "additionalOptions": {}
}

5. Error response should appear with the error in the header like this:

[{"location":["request","body","creditVerificationInformation"],"severity":"Error","code":"oneOf","message":"Request body property creditVerificationInformation must match exactly one schema in oneOf"}]

Environment

• Version used: prism 5.10.0 (installed via npm install -g @stoplight/prism-cli)
• Environment name and version (e.g. Chrome 39, node.js 5.4): HTTPie desktop client (version 2024.01), curl 8.5.0, Node.js v20.17.0
• Operating System and version (desktop or mobile): HTTPie client - windows 11 home, curl and prism - Ubuntu 24.04.1 LTS on WSL on the same desktop PC
• Link to your environment/workspace/project:

[polarweasel]

Encountering nearly the same bug in Prism 5.10.0, but ours is a query parameter with two schema options. Removing the oneOf and forcing a single schema for the query parameter works. Guessing this is the same code path that's producing these two bugs!

(Realized that we weren't being strict enough in our string-format specifications, thanks to the note from Brenda Rearden on #2469)