Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix uri parsing for query parameter with empty brackets #1501

Merged
merged 1 commit into from
Apr 4, 2022
Merged

Fix uri parsing for query parameter with empty brackets #1501

merged 1 commit into from
Apr 4, 2022

Conversation

RobbeSneyders
Copy link
Member

Fixes an issue where query parameters with empty brackets are not sanitized correctly.

In the example below, the ids[] parameter was sanitized to ids_ since this change.

parameters:
  - name: ids[]
    in: query
    type: array
      items: string
    collectionFormat: multi
?ids[]=a&ids[]=b

This PR fixes the sanitization so it's ids[] becomes ids.

@RobbeSneyders RobbeSneyders added this to the Connexion 2.x milestone Mar 24, 2022
vmarkovtsev added a commit to athenianco/especifico that referenced this pull request Apr 3, 2022
@vmarkovtsev
[DEV-3938] Backport spec-first#1501
2355d4b
@vmarkovtsev vmarkovtsev mentioned this pull request Apr 3, 2022
Merged
vmarkovtsev added a commit to athenianco/especifico that referenced this pull request Apr 3, 2022
@vmarkovtsev
Merge pull request #8 from athenianco/backport-1501
fe476a0 
[DEV-3938] Backport spec-first#1501
Ruwann
Ruwann approved these changes Apr 4, 2022
View reviewed changes
Copy link
Member

@Ruwann Ruwann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

FWIW, not sure what the correct way should be to handle it in general, but because this one is breaking old behaviour, it should be reverted.

@Ruwann Ruwann merged commit 0b509f2 into v2 Apr 4, 2022
@Ruwann Ruwann deleted the bugfix/square-bracket branch April 4, 2022 16:51
RobbeSneyders added a commit that referenced this pull request May 4, 2022
@RobbeSneyders @Ruwann @p4l1ly
Merge V2 to main (#1518)
156bf79 
* Fix uri parsing for query parameter with empty brackets (#1501)

* Update tests for changed werkzeug behavior in 2.1 (#1506)

pallets/werkzeug#2352

* Bugfix/async security check (#1512)

* Add failing tests

* Use for else construct

* openapi: remove JSON body second validation and type casting (#1170)

* openapi: remove body preprocessing

Body is already validated using jsonschema. There was also some type
casting but it was wrong: e.g. not recurring deeply into dicts and lists,
relying on existence of "type" in schema (which is not there e.g. if
oneOf is used). Anyway, the only reason why types should be casted is
converting integer values to float if the type is number. But this is in
most cases irrelevant.

Added an example, which did not work before this commit (echoed `{}`)
e.g. for
```
curl localhost:8080/api/foo -H 'content-type: application/json' -d
'{"foo": 1}'
```
but now the example works (echoes `{"foo": 1}`).

* test with oneOf in the requestBody

* remove oneof examples: superseded by tests

Co-authored-by: Pavol Vargovcik <pavol.vargovcik@kiwi.com>

Co-authored-by: Ruwann <ruwanlambrichts@gmail.com>
Co-authored-by: Pavol Vargovčík <pavol.vargovcik@gmail.com>
Co-authored-by: Pavol Vargovcik <pavol.vargovcik@kiwi.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Ruwann Ruwann Ruwann approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
Connexion 2.x
Development

Successfully merging this pull request may close these issues.
2 participants
@RobbeSneyders @Ruwann