Support for ignoring extraneous fields in rest request body (#1608)

## Why make this change?
Add support for allowing extraneous fields in request body as per:
#1606.

## What is this change?
DAB will expose another CLI option in the `init` command
`rest.request-body-strict`, which when set to true/false, would set the
property `runtime.rest.request-body-strict` as `true`/`false` in the
generated runtime config file. What this essentially means is that, as
part of the REST mutations (POST/PUT/PATCH), there can be extraneous
fields present in the request body and they will be ignored. Default
behavior of DAB will continue to be the same as what it is today, i.e.
any extraneous fields in the request body would return an error. So to
say, the default value of `runtime.rest.request-body-strict` is `true`.

## Additional change
Refactored `RequestValidator.cs` class to be a singleton dependent on
`ISqlMetaDataProvider` and `RuntimeConfigProvider` services. Better
presents its dependency on the two services and simplifies the code.

## What are the different extraneous fields?
1. Fields in request body that do not map to any backing column in the
table/view. They will be ignored.
2. Fields that are repeated - present as PK in the request URL for
PUT/PATCH requests and also present in the request body. The ones in the
request body will be ignored.
3. Read-only fields. The support for this will be added in a subsequent
PR: #1596.
-> Read-only field are: **Computed** (or Generated) / **AutoGenerated**
fields in MsSql/MySql/PgSql
 -> **timestamp** fields in MsSql

## Questions:

**1. What about authorization of extraneous fields?**
When operating in flexible mode, the user is _not_ authorized for
extraneous fields NOT defined on table because those fields are ignored.
For all other cases, authorization goes as usual.

## How was this tested?

- [x] Integration Tests - Added tests to validate that extraneous fields
are allowed in the request body for all the 3 relational DBs in the
`{*}RestBodyNonStrictModeTests.cs` classes inheriting from the base
class `RestBodyNonStrictModeTests.cs`. (* = MsSql,MySql,PostgreSql)
- [x] Unit Tests - Added unit test to validate the functionality of the
newly added --`rest.request-body-strict` feature in the init command.

---------

Co-authored-by: Aniruddh Munde <[email protected]>

Author: ayush3797

config-generators/mysql-commands.txt

@@ -1,6 +1,6 @@
 init --config "dab-config.MySql.json" --database-type mysql --connection-string "server=localhost;database=datagatewaytest;uid=root;pwd=REPLACEME" --host-mode Development --cors-origin "http://localhost:5000"
 add Publisher --config "dab-config.MySql.json" --source publishers --permissions "anonymous:read"
-add Stock --config "dab-config.MySql.json" --source stocks --permissions "anonymous:create,read,update"
+add Stock --config "dab-config.MySql.json" --source stocks --permissions "anonymous:create,read,update,delete"
 add Book --config "dab-config.MySql.json" --source books --permissions "anonymous:create,read,update,delete" --graphql "book:books"
 add BookWebsitePlacement --config "dab-config.MySql.json" --source book_website_placements --permissions "anonymous:read"
 add Author --config "dab-config.MySql.json" --source authors --permissions "anonymous:read"

schemas/dab.draft.schema.json

@@ -133,6 +133,11 @@
             "enabled": {
               "type": "boolean",
               "description": "Allow enabling/disabling REST requests for all entities."
+            },
+            "request-body-strict": {
+              "type": "boolean",
+              "description": "Does not allow extraneous fields in request body when set to true.",
+              "default": true
             }
           }
         },

src/Cli.Tests/ConfigGeneratorTests.cs

@@ -155,7 +155,8 @@ public void TestSpecialCharactersInConnectionString()
            ""runtime"": {
                 ""rest"": {
                   ""enabled"": true,
-                  ""path"": ""/api""
+                  ""path"": ""/api"",
+                  ""request-body-strict"": true
                   },
                 ""graphql"": {
                   ""enabled"": true,
@@ -183,6 +184,8 @@ public void TestSpecialCharactersInConnectionString()
         Assert.IsTrue(TryGenerateConfig(options, _runtimeConfigLoader!, _fileSystem!));
 
         StringBuilder actualRuntimeConfigJson = new(_fileSystem!.File.ReadAllText(TEST_RUNTIME_CONFIG_FILE, Encoding.Default));
+        // The order of these replacements should be identical to the ones being done with expectedRuntimeConfigJson to ensure that
+        // the replacements done are identical.
         actualRuntimeConfigJson = actualRuntimeConfigJson.Replace(" ", string.Empty);
         actualRuntimeConfigJson = actualRuntimeConfigJson.Replace("\r\n", string.Empty);
         actualRuntimeConfigJson = actualRuntimeConfigJson.Replace("\n", string.Empty);

src/Cli.Tests/EndToEndTests.cs

@@ -829,4 +829,32 @@ public void TestEnabledDisabledFlagsForApis(
             }
         }
     }
+
+    /// <summary>
+    /// Test to validate that whenever the option rest.request-body-strict is included in the init command,
+    /// the runtimeconfig is initialized with the appropriate value of the above option in the rest runtime section, as it is assigned in the init command.
+    /// When the above mentioned option is not included in the init command, the default behavior - that of not allowing any extraneous fields in request body, is observed.
+    /// </summary>
+    /// <param name="includeRestRequestBodyStrictFlag">Whether or not to include --rest.request-body-strict option in the init command.</param>
+    /// <param name="isRequestBodyStrict">Value of the rest.request-body-strict option in the init command.</param>
+    [DataTestMethod]
+    [DataRow(true, false, DisplayName = "dab init command specifies --rest.request-body-strict as false - REST request body allows extraneous fields.")]
+    [DataRow(true, true, DisplayName = "dab init command specifies --rest.request-body-strict as true - REST request body doesn't allow extraneous fields.")]
+    [DataRow(false, true, DisplayName = "dab init command does not include --rest.request-body-strict flag. The default behavior is followed - REST request body doesn't allow extraneous fields.")]
+    public void TestRestRequestBodyStrictMode(bool includeRestRequestBodyStrictFlag, bool isRequestBodyStrict)
+    {
+        string[] initArgs = { "init", "-c", TEST_RUNTIME_CONFIG_FILE, "--host-mode", "development", "--database-type", "mssql",
+            "--connection-string", SAMPLE_TEST_CONN_STRING};
+
+        if (includeRestRequestBodyStrictFlag)
+        {
+            string[] restRequestBodyArgs = { "--rest.request-body-strict", isRequestBodyStrict.ToString() };
+            initArgs = initArgs.Concat(restRequestBodyArgs).ToArray();
+        }
+
+        Program.Execute(initArgs, _cliLogger!, _fileSystem!, _runtimeConfigLoader!);
+
+        Assert.IsTrue(_runtimeConfigLoader!.TryLoadConfig(TEST_RUNTIME_CONFIG_FILE, out RuntimeConfig? runtimeConfig));
+        Assert.AreEqual(isRequestBodyStrict, runtimeConfig.Runtime.Rest.RequestBodyStrict);
+    }
 }

src/Cli.Tests/Snapshots/AddEntityTests.AddEntityWithAnExistingNameButWithDifferentCase.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.AddEntityWithPolicyAndFieldProperties_70de36ebf1478d0d.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.AddEntityWithPolicyAndFieldProperties_9f612e68879149a3.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.AddEntityWithPolicyAndFieldProperties_bea2d26f3e5462d8.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.AddNewEntityWhenEntitiesEmpty.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.AddNewEntityWhenEntitiesNotEmpty.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.AddNewEntityWhenEntitiesWithSourceAsStoredProcedure.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.TestAddNewSpWithDifferentRestAndGraphQLOptions_0c9cbb8942b4a4e5.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.TestAddNewSpWithDifferentRestAndGraphQLOptions_286d268a654ece27.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.TestAddNewSpWithDifferentRestAndGraphQLOptions_3048323e01b42681.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.TestAddNewSpWithDifferentRestAndGraphQLOptions_3440d150a2282b9c.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.TestAddNewSpWithDifferentRestAndGraphQLOptions_381c28d25063be0c.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.TestAddNewSpWithDifferentRestAndGraphQLOptions_458373311f6ed4ed.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.TestAddNewSpWithDifferentRestAndGraphQLOptions_66799c963a6306ae.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.TestAddNewSpWithDifferentRestAndGraphQLOptions_66f598295b8682fd.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.TestAddNewSpWithDifferentRestAndGraphQLOptions_73f95f7e2cd3ed71.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.TestAddNewSpWithDifferentRestAndGraphQLOptions_79d59edde7f6a272.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.TestAddNewSpWithDifferentRestAndGraphQLOptions_7ec82512a1df5293.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.TestAddNewSpWithDifferentRestAndGraphQLOptions_cbb6e5548e4d3535.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.TestAddNewSpWithDifferentRestAndGraphQLOptions_dc629052f38cea32.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.TestAddNewSpWithDifferentRestAndGraphQLOptions_e4a97c7e3507d2c6.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.TestAddNewSpWithDifferentRestAndGraphQLOptions_f8d0d0c2a38bd3b8.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/AddEntityTests.TestAddStoredProcedureWithRestMethodsAndGraphQLOperations.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/EndToEndTests.TestAddingStoredProcedureWithRestMethodsAndGraphQLOperations.verified.txt

@@ -10,7 +10,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/EndToEndTests.TestConfigGeneratedAfterAddingEntityWithSourceAsStoredProcedure.verified.txt

@@ -10,7 +10,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/EndToEndTests.TestConfigGeneratedAfterAddingEntityWithSourceWithDefaultType.verified.txt

@@ -10,7 +10,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/EndToEndTests.TestConfigGeneratedAfterAddingEntityWithoutIEnumerables.verified.txt

@@ -10,7 +10,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/EndToEndTests.TestInitForCosmosDBNoSql.verified.txt

@@ -15,7 +15,8 @@
   Runtime: {
     Rest: {
       Enabled: false,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/EndToEndTests.TestUpdatingStoredProcedureWithRestMethods.verified.txt

@@ -10,7 +10,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/EndToEndTests.TestUpdatingStoredProcedureWithRestMethodsAndGraphQLOperations.verified.txt

@@ -10,7 +10,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/InitTests.CosmosDbNoSqlDatabase.verified.txt

@@ -15,7 +15,8 @@
   Runtime: {
     Rest: {
       Enabled: false,
-      Path: /api
+      Path: /api,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,

src/Cli.Tests/Snapshots/InitTests.CosmosDbPostgreSqlDatabase.verified.txt

@@ -5,7 +5,8 @@
   Runtime: {
     Rest: {
       Enabled: true,
-      Path: /rest-endpoint
+      Path: /rest-endpoint,
+      RequestBodyStrict: true
     },
     GraphQL: {
       Enabled: true,