connexion
connexion copied to clipboard
spec-first
Parameters are treated as deep object even if not configured
Description
We define array parameters which names contain brackets, like this:
SurnameFilterInQuery:
name: filter[surname]
description: ...
in: query
required: false
explode: false
schema:
type: array
items:
$ref: "#/components/schemas/Surname"
# ...
Surname:
type: string
description: ...
Note that we do not define deepObject style and simply want to pass comma-separated array items.
Now we perform slightly malformed queries to our service, like this:
curl -H "https://api.example.com/?filter[surname]_bogus=greinacher" # url-decoded for readability
Actual behaviour
Connexion crashes with this message:
ERROR:asyncio:'dict' object has no attribute 'split'
Which is caused by this line: https://github.com/spec-first/connexion/blob/v2/connexion/decorators/uri_parsing.py#L259.
Expected behaviour
Connexion does not crash but fail because the parameter filter[surname]_bogus is not declared.
Steps to reproduce
See above
Additional info:
Output of the commands:
-
poetry run python --version:Python 3.9.13 -
poetry show connexion | grep "^version":version : 2.14.0
What do you think about changing https://github.com/spec-first/connexion/blob/v2/connexion/decorators/uri_parsing.py#L191 to check the parameter style before doing any transformations?
@RobbeSneyders What do you think? I'm happy to prepare a PR but want to see what maintainers think first 🙏
Thanks for the report @fgreinacher.
I'm currently on my phone, so hard to dive into the code. But based on a quick look, I don't think this is due to treatment as a deepobject. The method that fails is used to split form style parameters, which seems correct here.
Could you post the full stack trace so I can see which code path is followed?
@RobbeSneyders Sure, here is a stack trace:
Traceback (most recent call last):
File "/home/repo/.venv/lib/python3.9/site-packages/connexion/apis/aiohttp_api.py", line 55, in problems_middleware
response = await handler(request)
File "/home/repo/.venv/lib/python3.9/site-packages/aiohttp/web_middlewares.py", line 108, in impl
return await handler(request)
File "/home/repo/.venv/lib/python3.9/site-packages/connexion/decorators/decorator.py", line 53, in wrapper
connexion_response = function(connexion_request)
File "/home/repo/.venv/lib/python3.9/site-packages/connexion/decorators/uri_parsing.py", line 146, in wrapper
request.query = self.resolve_query(query)
File "/home/repo/.venv/lib/python3.9/site-packages/connexion/decorators/uri_parsing.py", line 229, in resolve_query
return self.resolve_params(query_data, 'query')
File "/home/repo/.venv/lib/python3.9/site-packages/connexion/decorators/uri_parsing.py", line 120, in resolve_params
resolved_param[k] = self._split(values, param_defn, _in)
File "/home/repo/.venv/lib/python3.9/site-packages/connexion/decorators/uri_parsing.py", line 259, in _split
return value.split(delimiter)
AttributeError: 'dict' object has no attribute 'split'
@RobbeSneyders Sorry for bothering you, but we're currently thinking about whether we do a local workaround or wait for this, and it would be great to get a rough feeling from the maintainers here (/you 😄). Thanks a ton!
@fgreinacher no worries, thanks for the reminder. I didn't have access to my laptop before due to holidays.
Looking at the stack trace, you're indeed right that we're processing the parameter as a deep object even when it isn't. I would propose to fix this here though: https://github.com/spec-first/connexion/blob/1ce3e2ed2d985bb288fe93756179c5618b2ef3bb/connexion/decorators/uri_parsing.py#L227-L229
You can see an example of how to check the style here: https://github.com/spec-first/connexion/blob/1ce3e2ed2d985bb288fe93756179c5618b2ef3bb/connexion/decorators/uri_parsing.py#L243-L244
Feel free to submit a PR if you'd like. I would propose to target the v2 branch, so we can release this as a minor 2.X release. We can cherrypick to main for 3.X later.