Fix form-media oneOf greedy behavior

Author: p1c2u

openapi_core/deserializing/media_types/deserializers.py

@@ -223,10 +223,68 @@ def get_form_media_one_of_match(
         if self.schema is None or "oneOf" not in self.schema:
             return None
 
+        matches: list[FormMediaSchemaMatch] = []
         for subschema in self.schema / "oneOf":
             match = self.get_form_media_schema_match(subschema, location)
             if match is not None:
-                return match
+                matches.append(match)
+
+        if len(matches) == 1:
+            return matches[0]
+
+        return self.get_preferred_form_media_one_of_match(matches)
+
+    def get_preferred_form_media_one_of_match(
+        self,
+        matches: list[FormMediaSchemaMatch],
+    ) -> Optional[FormMediaSchemaMatch]:
+        if len(matches) < 2:
+            return None
+
+        preferred_match = matches[0]
+        for match in matches[1:]:
+            preferred_match = self.prefer_form_media_one_of_match(
+                preferred_match,
+                match,
+            )
+            if preferred_match is None:
+                return None
+
+        return preferred_match
+
+    def prefer_form_media_one_of_match(
+        self,
+        current: FormMediaSchemaMatch,
+        new: FormMediaSchemaMatch,
+    ) -> Optional[FormMediaSchemaMatch]:
+        current_keys = set(current.decoded_candidate)
+        new_keys = set(new.decoded_candidate)
+        if current_keys != new_keys:
+            return None
+
+        preferred = current
+        preferred_has_binary = False
+
+        for prop_name in current_keys:
+            current_value = current.decoded_candidate[prop_name]
+            new_value = new.decoded_candidate[prop_name]
+
+            if current_value == new_value:
+                continue
+
+            if isinstance(current_value, bytes) and isinstance(new_value, str):
+                preferred_has_binary = True
+                continue
+
+            if isinstance(current_value, str) and isinstance(new_value, bytes):
+                preferred = new
+                preferred_has_binary = True
+                continue
+
+            return None
+
+        if preferred_has_binary:
+            return preferred
 
         return None
 

openapi_core/validation/schemas/validators.py

@@ -294,31 +294,15 @@ def get_one_of_schema(
         if "oneOf" not in self.schema:
             return None
 
-        one_of_schemas = self.schema / "oneOf"
-        for subschema in one_of_schemas:
-            validator = self.evolve(subschema)
-            try:
-                test_value = value
-                # Only cast if caster provided (opt-in behavior)
-                if caster is not None:
-                    try:
-                        # Convert to dict if it's not exactly a plain dict
-                        # (e.g., ImmutableMultiDict from werkzeug)
-                        if type(value) is not dict:
-                            test_value = dict(value)
-                        else:
-                            test_value = value
-                        test_value = caster.evolve(subschema).cast(test_value)
-                    except (ValueError, TypeError, Exception):
-                        # If casting fails, try validation with original value
-                        # We catch generic Exception to handle CastError without circular import
-                        test_value = value
-
-                validator.validate(test_value)
-            except ValidateError:
-                continue
-            else:
-                return subschema
+        matched_schemas = list(
+            self.iter_matching_composed_schemas(
+                "oneOf",
+                value,
+                caster=caster,
+            )
+        )
+        if len(matched_schemas) == 1:
+            return matched_schemas[0]
 
         log.warning("valid oneOf schema not found")
         return None

tests/integration/unmarshalling/test_request_unmarshaller.py

@@ -582,13 +582,6 @@ def test_request_body_urlencoded_allof_typeless_fragments(self):
         assert result.errors == []
         assert result.body == {"a": 1, "b": True}
 
-    @pytest.mark.xfail(
-        reason=(
-            "Form-media oneOf behavior is greedy and selects the first "
-            "matching branch instead of enforcing oneOf exclusivity"
-        ),
-        strict=True,
-    )
     def test_request_body_urlencoded_oneof_rejects_ambiguous_matches(self):
         from openapi_core import OpenAPI
 

tests/unit/deserializing/test_media_types_deserializers.py

@@ -721,6 +721,38 @@ def test_urlencoded_allof_typeless_fragments(
             "b": True,
         }
 
+    def test_urlencoded_oneof_does_not_match_ambiguous_fields(
+        self, spec, deserializer_factory
+    ):
+        mimetype = "application/x-www-form-urlencoded"
+        schema_dict = {
+            "oneOf": [
+                {
+                    "type": "object",
+                    "required": ["a"],
+                    "properties": {
+                        "a": {"type": "string"},
+                    },
+                },
+                {
+                    "type": "object",
+                    "required": ["b"],
+                    "properties": {
+                        "b": {"type": "string"},
+                    },
+                },
+            ]
+        }
+        schema = SchemaPath.from_dict(schema_dict)
+        schema_validator = oas31_schema_validators_factory.create(spec, schema)
+        deserializer = deserializer_factory(
+            mimetype, schema=schema, schema_validator=schema_validator
+        )
+
+        result = deserializer.deserialize(b"a=x&b=y")
+
+        assert result == {}
+
     def test_multipart_oneof_binary_field(self, spec, deserializer_factory):
         mimetype = "multipart/form-data"
         schema_dict = {