buildRequest tries to parse every text as JSON and sends wrong data if it is parsable #4136
Description
Q&A (please complete the following information)
- OS: Windows
- Environment: Edge
- Method of installation: Swashbuckle.AspNetCore.SwaggerUI NuGet package
- Swagger-Client version: 3.36.0 (via swagger-ui)
- Swagger/OpenAPI version: OpenAPI 3.0
Swagger Doc Fragment
"/api/run-test-mapping": {
"post": {
"operationId": "",
"requestBody": {
"content": {
"multipart/form-data": {
"schema": {
"required": [
"someFile",
"settings"
],
"type": "object",
"properties": {
"settings": {
"allOf": [
{
"$ref": "#/components/schemas/Settings"
}
]
},
"someFile": {
"type": "string",
"format": "binary"
}
}
},
"encoding": {
"settings": {
"style": "form"
},
"someFile": {
"style": "form"
}
}
}
}
},
"responses": {
"200": {
"description": "OK"
}
}
}
}
...
"components": {
"schemas": {
"Settings": {
"required": [
"contextVariables"
],
"type": "object",
"properties": {
"contextVariables": {
"minLength": 1,
"type": "string"
}
},
"additionalProperties": false
}
},
...Describe the bug you're encountering
I have a multipart/form-data request that has a file and an data object settings with a text property contextVariables. Both go in a request body as it is a multipart request.
The issue is, that in src/executre/oas3/build-request.js on line 69, it tries to parse a text - every(!) text. I actually want to use a text field to provide a json string and serialize it in my API then manually (because of other bugs).
swagger-js/src/execute/oas3/build-request.js
Lines 67 to 72 in 2f29b77
Because of this, it tries to parse the data object - successfully so! But this causes the string to become an object and then it processes it further more. This further processing sees an object now and skips the root object and only adds the sub(!)-properties. So when swagger client finally comes to send the request, it does not send the data object, it sends every sub-properties of the actual json-like data! So the payload has a part for contextVariables (which is unexpected) instead of a part called settings.
If the text of settings is not json-parsable, the request is fine (a multipart with name settings is sent)!
Wrong Payload (if json-parsable)
------WebKitFormBoundaryEDfMDPBY0ise33G7
Content-Disposition: form-data; name="contextVariables"
{}
------WebKitFormBoundaryEDfMDPBY0ise33G7
Content-Disposition: form-data; name="scenarioDefinitionFile"; filename="abc.zip"
Content-Type: application/x-zip-compressed
------WebKitFormBoundaryEDfMDPBY0ise33G7--
Right (Expected) Payload (if not json-parsable)
Note "NO_JSON"
------WebKitFormBoundaryZeKwB59vSRbEpWyj
Content-Disposition: form-data; name="settings"
NO_JSON{
"contextVariables": "{}"
}
------WebKitFormBoundaryZeKwB59vSRbEpWyj
Content-Disposition: form-data; name="scenarioDefinitionFile"; filename="cpq.zip"
Content-Type: application/x-zip-compressed
------WebKitFormBoundaryZeKwB59vSRbEpWyj--
Expected behavior
If the spec says, that it is a plain string it should not try to parse it - or at least provide a configuration (in the schema) to instruct it to refrain from it.
Additional context or thoughts
As this sends something different from what is visible in the UI (-> other keys and split-up data) it should be changed.
It may be a breaking change, but then someone relied on a bug that does something different than what the OpenAPI schema would suggest.