Redirect is adding extra 200 response

[m4tthumphrey]

v0.11.24

The following line in a controller method is adding an additional "schema" to the 200 object inside responses. When I remove the redirect line, the { "type": "string" } is removed from the 200 schema.

return redirect()->to($request->get('redirect_url') . '?access_token=' . $access->access_token);

"200": {
      "description": "",
      "content": {
          "application/json": {
              "schema": {
                  "anyOf": [
                      {
                          "type": "object",
                          "properties": {
                              "status": {
                                  "type": "string",
                                  "example": "success"
                              },
                              "access_token": {
                                  "type": "string"
                              },
                              "refresh_token": {
                                  "type": "string"
                              },
                              "token_type": {
                                  "type": "string",
                                  "example": "bearer"
                              },
                              "expires_in": {
                                  "type": "string"
                              }
                          },
                          "required": [
                              "status",
                              "access_token",
                              "refresh_token",
                              "token_type",
                              "expires_in"
                          ]
                      },
                      {
                          "type": "string"
                      }
                  ]
              }
          }
      }
  }

[romalytvynenko]

@m4tthumphrey what is the correct result?

[m4tthumphrey]

Should it not be ignored? Redirects cannot be used in an API, no?

[romalytvynenko]

@m4tthumphrey redirect is simply a response with 301 status code. Perfectly valid http stuff, I'd say :-)

Now I'm wondering about this controllers method code and what it does, and what doc you expect.

[m4tthumphrey]

Of course it’s valid HTTP but it shouldn’t be documented as a valid return type/response in the API doc, especially under 200.

[romalytvynenko]

@m4tthumphrey Why not? You can find some people submitting prs here to support redirect method properly.

Anyways, it would be helpful if you share your controller methods code and expected docs

[m4tthumphrey]

The method is just some boilerplate OAuth and the doc generated is exactly as expected other than the random string 200 response for the redirect. I will take a look at other redirect usage.

[m4tthumphrey]

Is there anyway to ignore certain responses currently? Ie prevent some responses from being part of docs? Similar to @ignoreParam etc?

[romalytvynenko]

@m4tthumphrey i really cannot help without examples

No way currently and I have no ideas what's needed due to no real examples

[m4tthumphrey]

Ok I am on my phone at the moment so will post an example when I’m back to my desk.

[m4tthumphrey]

So this is a chunk from the login/auth endpoint of my controller and further down are some of the error methods. The error methods document perfectly, as does the success response in the login/auth method. However, the redirect line, I would like the doc generator to completely ignore.

if ($user && $refresh) {
    $access = $user->generateAccessToken();

    GlobalUsersAccessLog::saveToData($user->id, 'api');

    UserIp::create([
        'user_id'      => $user->id,
        'ip_address'   => $request->header('x-real-ip') ?? $request->ip(),
        'logged_in_at' => Carbon::now()->toDateTimeString(),
    ]);

    if ($request->has('redirect_url')) {
        return redirect()->to($request->get('redirect_url') . '?access_token=' . $access->access_token);
    }

    return response()->json([
        'status'        => 'success',
        'access_token'  => $access->access_token,
        'refresh_token' => $refresh->refresh_token,
        'token_type'    => 'bearer',
        'expires_in'    => env('API_ACCESS_TOKEN_TTL') * 60,
    ]);
}

Error methods:

private function userInvalidCredentials(): JsonResponse
{
    return $this->error('invalid credentials');
}

/**
 * User is blocked
 *
 * @return JsonResponse
 */
private function userBlocked(): JsonResponse
{
    return $this->error('user blocked');
}

/**
 * Token has been revoked
 *
 * @return JsonResponse
 */
private function tokenRevoked(): JsonResponse
{
    return $this->error('token revoked [refresh_token]');
}

/**
 * Token has expired
 *
 * @return JsonResponse
 */
private function tokenExpired(): JsonResponse
{
    return $this->error('token expired [refresh_token]');
}

/**
 * @param string $message
 * @return JsonResponse
 */
private function error(string $message): JsonResponse
{
    return response()->json([
        'status'  => 'error',
        'message' => $message,
    ], 401);
}