Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] [swift] URLSession library does not percent encode HTTP body for application/x-www-form-urlencoded #20357

Open
6 tasks done
Jonas1893 opened this issue Dec 20, 2024 · 0 comments

Comments

@Jonas1893
Copy link
Contributor

Jonas1893 commented Dec 20, 2024

Bug Report Checklist

  • Have you provided a full/minimal spec to reproduce the issue?
  • Have you validated the input using an OpenAPI validator (example)?
  • Have you tested with the latest master to confirm the issue still exists?
  • Have you searched for related issues/PRs?
  • What's the actual output vs expected output?
  • [Optional] Sponsorship to speed up the bug fix or feature request (example) -> silver sponsor
Description

HTTP body for application/x-www-form-urlencoded requests does not get percent encoded using URLSession template. We detected this when migrating from Alamofire to URLSession template, in Alamofire this worked as described below

openapi-generator version

7.10.0

OpenAPI declaration file content or url
openapi: 3.0.3
info:
  title: Minimal spec
  description: |-
    Minimal spec for bug ticket
  version: 1.0.0
servers:
  - url: https://oauth2.basepath.com
paths:
  /any/oauth2.path:
    post:
      requestBody:
        content:
          application/x-www-form-urlencoded; charset=utf-8:
            schema:
              oneOf:
                - $ref: '#/components/schemas/LoginRequestModel'
      responses:
        '200':
          description: Successful operation

components:
  schemas:
    LoginRequestModel:
      type: object
      properties:
        client_id:
          type: string
        grant_type:
          type: string
          enum: ["refresh_token", "password", "urn:ietf:params:oauth:grant-type:device_code", "authorization_code"]
        password:
          type: string
        scope:
          type: string
        username:
          type: string
      required:
        [client_id, grant_type, password, scope, username]
Generation Details

config:

generatorName: swift6
library: urlsession
generateModelAdditionalProperties: false
additionalProperties:
  responseAs: AsyncAwait
  readonlyProperties: true
  nonPublicApi: false
  modelNamePrefix: API
  removeMigrationProjectNameClass: true

Since the code is the same I guess the same issue should happen with swift5

Steps to reproduce

Use the minimal spec with the provided config. The HTTP body of the request sent will be similar to:
client_id=7cfaf41e-aa18-40fd-a871-a21140d8e403&grant_type=password&password=foobarbaz&scope=openid email phone profile offline_access some-uid&username=+511287237674

Note that the spaces between the scopes and the + sign in the username are not percent encoded.

Expected output should be similar to:
client_id=7cfaf41e-aa18-40fd-a871-a21140d8e403&grant_type=password&password=foobarbaz&scope=phone%20some-uid%20openid%20profile%20email%20offline_access&username=%2B511287237674

Suggest a fix

The problem is that in private class FormURLEncoding -> func encode adds the non-escaped query to the httpBody:
urlRequest.httpBody = requestBodyComponents.query?.data(using: .utf8)
This means that any percent encoding needs to be done manually for the parameters. Changing this to
urlRequest.httpBody = requestBodyComponents.percentEncodedQuery?.data(using: .utf8) does not solve the issue entirely since the + sign will not be percent encoded.

I suggest to fix this by manually percent encoding each query item using .addingPercentEncoding(withAllowedCharacters: .alphanumerics) before adding them to requestBodyComponents.queryItems

If this is accepted as a bug I could contribute a fix for it.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant