CharArray as Field modify the request data input

[cloudshooterhuman]

Background :

• Retrofit version : 2.5.0
• RxJava version : 2.2.0

Code snippet :

private val retrofit: Retrofit by lazy {
        val retrofitBuilder = Retrofit.Builder()
                .baseUrl(url)
                .addConverterFactory(JacksonConverterFactory.create(objectMapper))
                .addConverterFactory(ScalarsConverterFactory.create())
                .addCallAdapterFactory(RxErrorHandlingCallAdapterFactory.create())
                .client(okHttpClient)

        retrofitBuilder.build()
    }

@FormUrlEncoded
@POST("enroll/device")
fun token(@Field("username") username: String, @Field("password") password: CharArray): Single<Token>

Logs

login=merchant1&password=1&password=1&password=1&password=1&password=o&password=4&password=A&password=%26

[cloudshooterhuman]

This is what work for me, I Changed from FormUrlEncoded to @Body :

@POST("enroll/device")
fun token(@Body credentials: Credentials): Single<Token>

And I defined the data class as follow :

data class Credentials(@JsonProperty("login") var login: String,
                          @JsonProperty("password") var password: CharArray)

[JakeWharton]

Yep this is an unfortunate side-effect of our array-handling. The default behavior is to call toString() on everything but arrays, which are iterated (and then call toString()).

Your best bet is to pass in a String. I'm not sure you're gaining anything by avoiding it. Strings aren't interned by default anymore so you aren't leaking the password into a cache or anything. No matter what you do it's going to end up part of a String in OkHttp's FormBody.Builder anyway.