swagger-ui icon indicating copy to clipboard operation
swagger-ui copied to clipboard
verified publisher icon swagger-api

v5.17.7 broke path template processing

Open igor-tatarnikov-idt opened this issue 1 year ago • 3 comments

Q&A (please complete the following information)

  • OS: MacOS, Windows
  • Browser: Chrome, Safari
  • Version: 126.0.6478.127
  • Method of installation: Docker image or Swashbuckle ASP.NET package
  • Swagger-UI version: 5.17.7
  • Swagger/OpenAPI version: OpenAPI 3.0.1

Content & configuration

Example Swagger/OpenAPI definition:

{
  "openapi": "3.0.1",
  "info": {
    "title": "repro-swagger-issue",
    "version": "1.0"
  },
  "paths": {
    "/hello/name={name}": {
      "get": {
        "tags": [
          ""
        ],
        "parameters": [
          {
            "name": "name",
            "in": "path",
            "required": true,
            "style": "simple",
            "schema": {
              "type": "string"
            }
          }
        ],
        "responses": {
          "200": {
            "description": "Success"
          }
        }
      }
    }
  },
  "components": { }
}

Swagger-UI configuration options:

Ran Swagger UI from Docker images v5.17.7 and v5.17.6 against locally running ASP.NET Core test web app

Describe the bug you're encountering

In v5.17.6 a path parameter gets populated with the value provided in the input. In v5.17.7+ it doesn't, the template {name} is sent in the request URL.

Expected behavior

Input path parameter value gets populated into the request URL

Screenshots

v5.17.7+ image

v5.17.6 image

Additional context or thoughts

I suppose the openapi-path-templating package is used for resolving path values (here in swagger-js). So, I thought maybe the template of type /api/hello/name={name} is no longer recognized as valid - tried to run the following locally:

const templatingEngine = require('openapi-path-templating');

const parseResult = templatingEngine.parse('/hello/name={name}');
console.log(parseResult.result.success);

console.log(templatingEngine.resolve('/hello/name={name}', { name: 'Bob'}));

Got:

true
/hello/name=Bob

So, I feel like the path template is fine. Looking at the v5.17.7 release I can't see anything related to the issue from above.

igor-tatarnikov-idt avatar Jul 11 '24 13:07 igor-tatarnikov-idt

Any updates?

maksim-sovkov avatar Aug 14 '24 19:08 maksim-sovkov

We were also hit by the same issue and I did some analysis:

  • In swagger-ui 5.17.7 swagger-js was updated from 3.27.3 to 3.27.7.
  • There, https://github.com/swagger-api/swagger-js/pull/3504 moved from regex parsing to openapi-path-templating library.
  • openapi-path-templating at that time had a broken BNF for the template: https://github.com/swaggerexpert/openapi-path-templating/blob/16f894f81b9e4679f313c55db2abd59854131796/src/path-templating.bnf path-literal does not allow = so the template is not resolved.
  • Apparently this was fixed already in https://github.com/swaggerexpert/openapi-path-templating/pull/83/files which already got included in swagger-ui: https://github.com/swagger-api/swagger-js/pull/3549 https://github.com/swagger-api/swagger-ui/pull/10007

So it looks like this should be fixed in the upcoming swagger-ui version?

sratz avatar Aug 21 '24 12:08 sratz

Any updates on this ?

praveeng-nair avatar Sep 10 '24 02:09 praveeng-nair

We're also affected by this issue, which seems similar to https://github.com/swagger-api/swagger-ui/issues/9979

falbert-ptc avatar Oct 21 '24 17:10 falbert-ptc

OpenAPI path templating is defined as follows:

Path templating refers to the usage of template expressions, delimited by curly braces ({}), to mark a section of a URL path as replaceable using path parameters.

Notice the section "section of a URL path as replaceable" specifically. According to OpenAPI spec, only sections of the URL path are replaceable. There MUST be no support for path template expression within the query or fragment (fragment is disqualified out of the box as it's a client only concept) part of URL.

As for the query - that is what Parameter Object is for with in=query. During the runtime the Parameter Objects (of in=query) are appended to the URL automatically.

char0n avatar Oct 31 '24 12:10 char0n

This issue is about the path, not the query. A path may also contain = characters. E.g., in the example given in the original issue description: /hello/name={name}

Or, for example, in an OData service call: "/MaintenanceOrderLongText(MaintenanceOrder='{MaintenanceOrder}',TextObjectType='{TextObjectType}',Language='{Language}')/to_MaintenanceOrder

So it would be really great if swagger-ui released a new version.

There has been many (indirect) changes since 5.17.14: https://github.com/swagger-api/swagger-ui/compare/v5.17.14...master

But all of them were dependency updates, nothing local to this repo, which is why -- I presume -- no release was (auto?)-scheduled.

sratz avatar Oct 31 '24 12:10 sratz

@sratz you're absolutely right, I somehow seen the ? character which is actually not there.

The release is technically not needed. If you do npm i locally it will automatically pull the latest version of openapi-path-templating library and autofix the issue. Only current deployments are affected.

char0n avatar Oct 31 '24 13:10 char0n

I am not using npm, We bundle https://mvnrepository.com/artifact/org.webjars/swagger-ui in our product which is created based on released distributions of swagger-ui.

sratz avatar Oct 31 '24 13:10 sratz

This should be resolved now. There's been multiple releases since the last message in this issue.

char0n avatar Dec 03 '24 14:12 char0n