x-www-form-urlencoded-body-fix (#1187)

* [go] x-www-form-urlencoded-body-fix

* [go] run scripts in bin and bin/security

Author: beardeddragon5

modules/openapi-generator/src/main/resources/go/client.mustache

@@ -188,7 +188,7 @@ func (c *APIClient) prepareRequest(
 	}
 
 	// add form parameters and file if available.
-	if len(formParams) > 0 || (len(fileBytes) > 0 && fileName != "") {
+	if strings.HasPrefix(headerParams["Content-Type"], "multipart/form-data") && len(formParams) > 0 || (len(fileBytes) > 0 && fileName != "") {
 		if body != nil {
 			return nil, errors.New("Cannot specify postBody and multipart form at the same time.")
 		}
@@ -227,6 +227,16 @@ func (c *APIClient) prepareRequest(
 		w.Close()
 	}
 
+	if strings.HasPrefix(headerParams["Content-Type"], "application/x-www-form-urlencoded") && len(formParams) > 0 {
+		if body != nil {
+			return nil, errors.New("Cannot specify postBody and x-www-form-urlencoded form at the same time.")
+		}
+		body = &bytes.Buffer{}
+		body.WriteString(formParams.Encode())
+		// Set Content-Length
+		headerParams["Content-Length"] = fmt.Sprintf("%d", body.Len())
+	}
+
 	// Setup path and query parameters
 	url, err := url.Parse(path)
 	if err != nil {
@@ -469,4 +479,4 @@ func (e GenericOpenAPIError) Body() []byte {
 // Model returns the unpacked model of the error
 func (e GenericOpenAPIError) Model() interface{} {
 	return e.model
-}
+}

modules/openapi-generator/src/test/resources/2_0/petstore-security-test.yaml

@@ -36,7 +36,7 @@ paths:
       parameters:
         - name: test code inject */ ' " =end -- \r\n \n \r
           type: string
-          in: formData 
+          in: formData
           description: To test code injection */ ' " =end -- \r\n \n \r
       responses:
         '400':

samples/client/petstore-security-test/go/.openapi-generator/VERSION

@@ -1 +1 @@
-3.0.0-SNAPSHOT
+3.3.1-SNAPSHOT

samples/client/petstore-security-test/go/README.md

@@ -26,7 +26,7 @@ import "./openapi"
 
 ## Documentation for API Endpoints
 
-All URIs are relative to *petstore.swagger.io *_/ ' \" =end -- \\r\\n \\n \\r/v2 *_/ ' \" =end -- \\r\\n \\n \\r*
+All URIs are relative to *http://petstore.swagger.io *_/ ' \" =end -- \\r\\n \\n \\r/v2 *_/ ' \" =end -- \\r\\n \\n \\r*
 
 Class | Method | HTTP request | Description
 ------------ | ------------- | ------------- | -------------

samples/client/petstore-security-test/go/api/openapi.yaml

@@ -1,74 +1,75 @@
 openapi: 3.0.1
 info:
-  title: OpenAPI Petstore */ ' " =end -- \r\n \n \r
+  contact:
+    email: [email protected] */ ' " =end -- \r\n \n \r
   description: "This spec is mainly for testing Petstore server and contains fake\
     \ endpoints, models. Please do not use this for any other purpose. Special characters:\
     \ \" \\  */ ' \" =end -- \r\n \n \r"
-  termsOfService: http://url.to/terms/ */ ' " =end -- \r\n \n \r
-  contact:
-    email: [email protected] */ ' " =end -- \r\n \n \r
   license:
     name: Apache-2.0 */ ' " =end -- \r\n \n \r
     url: http://www.apache.org/licenses/LICENSE-2.0.html */ ' " =end -- \r\n \n \r
+  termsOfService: http://url.to/terms/ */ ' " =end -- \r\n \n \r
+  title: OpenAPI Petstore */ ' " =end -- \r\n \n \r
   version: 1.0.0 */ ' " =end -- \r\n \n \r
 externalDocs:
   description: Find out more about OpenAPI  */ ' " =end -- \r\n \n \r
   url: https://openapis.org
 servers:
-- url: petstore.swagger.io */ ' " =end -- \r\n \n \r/v2 */ ' " =end -- \r\n \n \r
+- url: //petstore.swagger.io */ ' " =end -- \r\n \n \r/v2 */ ' " =end -- \r\n \n \r
 tags:
-- name: fake
-  description: Everything about your Pets */ ' " =end -- \r\n \n \r
+- description: Everything about your Pets */ ' " =end -- \r\n \n \r
   externalDocs:
     description: Find out more */ ' " =end -- \r\n \n \r
     url: https://openapis.org
+  name: fake
 paths:
   /fake:
     put:
-      tags:
-      - fake
-      summary: To test code injection */ ' " =end -- \r\n \n \r
+      description: To test code injection */ ' " =end -- \r\n \n \r
       operationId: testCodeInject */ ' " =end -- \r\n \n \r
       requestBody:
         content:
           application/json:
             schema:
               properties:
                 test code inject */ ' " =end -- \r\n \n \r:
-                  type: string
                   description: To test code injection */ ' " =end -- \r\n \n \r
+                  type: string
           ? "*/ ' \" =end -- \r\n \n \r"
           : schema:
               properties:
                 test code inject */ ' " =end -- \r\n \n \r:
-                  type: string
                   description: To test code injection */ ' " =end -- \r\n \n \r
+                  type: string
       responses:
         400:
-          description: To test code injection */ ' " =end -- \r\n \n \r
           content: {}
+          description: To test code injection */ ' " =end -- \r\n \n \r
+      summary: To test code injection */ ' " =end -- \r\n \n \r
+      tags:
+      - fake
 components:
   schemas:
     Return:
-      type: object
+      description: Model for testing reserved words  */ ' " =end -- \r\n \n \r
       properties:
         return:
-          type: integer
           description: property description  */ ' " =end -- \r\n \n \r
           format: int32
-      description: Model for testing reserved words  */ ' " =end -- \r\n \n \r
+          type: integer
+      type: object
       xml:
         name: Return
   securitySchemes:
     petstore_auth:
-      type: oauth2
       flows:
         implicit:
           authorizationUrl: http://petstore.swagger.io/api/oauth/dialog
           scopes:
             write:pets: modify pets in your account  */ ' " =end -- \r\n \n \r
             read:pets: read your pets  */ ' " =end -- \r\n \n \r
+      type: oauth2
     api_key:
-      type: apiKey
-      name: api_key  */ ' " =end -- \r\n \n \r
       in: header
+      name: api_key  */ ' " =end -- \r\n \n \r
+      type: apiKey

samples/client/petstore-security-test/go/api_fake.go

@@ -16,6 +16,7 @@ import (
 	"net/http"
 	"net/url"
 	"strings"
+	"github.com/antihax/optional"
 )
 
 // Linger please
@@ -25,23 +26,25 @@ var (
 
 type FakeApiService service
 
-/* 
-FakeApiService To test code injection *_/ ' \" =end -- \\r\\n \\n \\r
+/*
+FakeApiService To test code injection *_/ ' \" =end -- \\r\\n \\n \\r
+To test code injection *_/ ' \" =end -- \\r\\n \\n \\r
  * @param ctx context.Context - for authentication, logging, cancellation, deadlines, tracing, etc. Passed from http.Request or context.Background().
  * @param optional nil or *TestCodeInjectEndRnNROpts - Optional Parameters:
- * @param "UNKNOWNBASETYPE" (optional.Interface of interface{}) - 
+ * @param "UNKNOWNBASETYPE" (optional.Interface of UNKNOWN_BASE_TYPE) - 
 */
 
 type TestCodeInjectEndRnNROpts struct {
-    UNKNOWNBASETYPE optional.Interface
+	UNKNOWNBASETYPE optional.Interface
 }
 
 func (a *FakeApiService) TestCodeInjectEndRnNR(ctx context.Context, localVarOptionals *TestCodeInjectEndRnNROpts) (*http.Response, error) {
 	var (
-		localVarHttpMethod = strings.ToUpper("Put")
-		localVarPostBody   interface{}
-		localVarFileName   string
-		localVarFileBytes  []byte
+		localVarHttpMethod   = strings.ToUpper("Put")
+		localVarPostBody     interface{}
+		localVarFormFileName string
+		localVarFileName     string
+		localVarFileBytes    []byte
 	)
 
 	// create path and map variables
@@ -70,14 +73,14 @@ func (a *FakeApiService) TestCodeInjectEndRnNR(ctx context.Context, localVarOpti
 	}
 	// body params
 	if localVarOptionals != nil && localVarOptionals.UNKNOWNBASETYPE.IsSet() {
-		localVarOptionalUNKNOWNBASETYPE, localVarOptionalUNKNOWNBASETYPEok := localVarOptionals.UNKNOWNBASETYPE.Value().(interface{})
+		localVarOptionalUNKNOWNBASETYPE, localVarOptionalUNKNOWNBASETYPEok := localVarOptionals.UNKNOWNBASETYPE.Value().(UNKNOWN_BASE_TYPE)
 		if !localVarOptionalUNKNOWNBASETYPEok {
-			return nil, reportError("uNKNOWNBASETYPE should be interface{}")
+			return nil, reportError("uNKNOWNBASETYPE should be UNKNOWN_BASE_TYPE")
 		}
 		localVarPostBody = &localVarOptionalUNKNOWNBASETYPE
 	}
 
-	r, err := a.client.prepareRequest(ctx, localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFileName, localVarFileBytes)
+	r, err := a.client.prepareRequest(ctx, localVarPath, localVarHttpMethod, localVarPostBody, localVarHeaderParams, localVarQueryParams, localVarFormParams, localVarFormFileName, localVarFileName, localVarFileBytes)
 	if err != nil {
 		return nil, err
 	}
@@ -95,7 +98,7 @@ func (a *FakeApiService) TestCodeInjectEndRnNR(ctx context.Context, localVarOpti
 
 	if localVarHttpResponse.StatusCode >= 300 {
 		newErr := GenericOpenAPIError{
-			body: localVarBody,
+			body:  localVarBody,
 			error: localVarHttpResponse.Status,
 		}
 		return localVarHttpResponse, newErr

samples/client/petstore-security-test/go/client.go

@@ -139,6 +139,8 @@ func parameterToString(obj interface{}, collectionFormat string) string {
 
 	if reflect.TypeOf(obj).Kind() == reflect.Slice {
 		return strings.Trim(strings.Replace(fmt.Sprint(obj), " ", delimiter, -1), "[]")
+	} else if t, ok := obj.(time.Time); ok {
+		return t.Format(time.RFC3339)
 	}
 
 	return fmt.Sprintf("%v", obj)
@@ -162,6 +164,7 @@ func (c *APIClient) prepareRequest(
 	headerParams map[string]string,
 	queryParams url.Values,
 	formParams url.Values,
+	formFileName string,
 	fileName string,
 	fileBytes []byte) (localVarRequest *http.Request, err error) {
 
@@ -182,7 +185,7 @@ func (c *APIClient) prepareRequest(
 	}
 
 	// add form parameters and file if available.
-	if len(formParams) > 0 || (len(fileBytes) > 0 && fileName != "") {
+	if strings.HasPrefix(headerParams["Content-Type"], "multipart/form-data") && len(formParams) > 0 || (len(fileBytes) > 0 && fileName != "") {
 		if body != nil {
 			return nil, errors.New("Cannot specify postBody and multipart form at the same time.")
 		}
@@ -204,7 +207,7 @@ func (c *APIClient) prepareRequest(
 		if len(fileBytes) > 0 && fileName != "" {
 			w.Boundary()
 			//_, fileNm := filepath.Split(fileName)
-			part, err := w.CreateFormFile("file", filepath.Base(fileName))
+			part, err := w.CreateFormFile(formFileName, filepath.Base(fileName))
 			if err != nil {
 				return nil, err
 			}
@@ -221,6 +224,16 @@ func (c *APIClient) prepareRequest(
 		w.Close()
 	}
 
+	if strings.HasPrefix(headerParams["Content-Type"], "application/x-www-form-urlencoded") && len(formParams) > 0 {
+		if body != nil {
+			return nil, errors.New("Cannot specify postBody and x-www-form-urlencoded form at the same time.")
+		}
+		body = &bytes.Buffer{}
+		body.WriteString(formParams.Encode())
+		// Set Content-Length
+		headerParams["Content-Length"] = fmt.Sprintf("%d", body.Len())
+	}
+
 	// Setup path and query parameters
 	url, err := url.Parse(path)
 	if err != nil {
@@ -424,8 +437,9 @@ func CacheExpires(r *http.Response) time.Time {
 		lifetime, err := time.ParseDuration(maxAge + "s")
 		if err != nil {
 			expires = now
+		} else {
+			expires = now.Add(lifetime)
 		}
-		expires = now.Add(lifetime)
 	} else {
 		expiresHeader := r.Header.Get("Expires")
 		if expiresHeader != "" {
@@ -462,4 +476,4 @@ func (e GenericOpenAPIError) Body() []byte {
 // Model returns the unpacked model of the error
 func (e GenericOpenAPIError) Model() interface{} {
 	return e.model
-}
+}

samples/client/petstore-security-test/go/configuration.go

@@ -25,7 +25,7 @@ func (c contextKey) String() string {
 }
 
 var (
-	// ContextOAuth2 takes a oauth2.TokenSource as authentication for the request.
+	// ContextOAuth2 takes an oauth2.TokenSource as authentication for the request.
 	ContextOAuth2 = contextKey("token")
 
 	// ContextBasicAuth takes BasicAuth as authentication for the request.
@@ -61,7 +61,7 @@ type Configuration struct {
 
 func NewConfiguration() *Configuration {
 	cfg := &Configuration{
-		BasePath:      "petstore.swagger.io *_/ ' \" =end -- \\r\\n \\n \\r/v2 *_/ ' \" =end -- \\r\\n \\n \\r",
+		BasePath:      "http://petstore.swagger.io *_/ ' \" =end -- \\r\\n \\n \\r/v2 *_/ ' \" =end -- \\r\\n \\n \\r",
 		DefaultHeader: make(map[string]string),
 		UserAgent:     "OpenAPI-Generator/1.0.0/go",
 	}

samples/client/petstore-security-test/go/docs/FakeApi.md

@@ -1,6 +1,6 @@
 # \FakeApi
 
-All URIs are relative to *petstore.swagger.io *_/ ' \" =end -- \\r\\n \\n \\r/v2 *_/ ' \" =end -- \\r\\n \\n \\r*
+All URIs are relative to *http://petstore.swagger.io *_/ ' \" =end -- \\r\\n \\n \\r/v2 *_/ ' \" =end -- \\r\\n \\n \\r*
 
 Method | HTTP request | Description
 ------------- | ------------- | -------------
@@ -11,6 +11,8 @@ Method | HTTP request | Description
 > TestCodeInjectEndRnNR(ctx, optional)
 To test code injection *_/ ' \" =end -- \\r\\n \\n \\r
 
+To test code injection *_/ ' \" =end -- \\r\\n \\n \\r
+
 ### Required Parameters
 
 Name | Type | Description  | Notes
@@ -23,7 +25,7 @@ Optional parameters are passed through a pointer to a TestCodeInjectEndRnNROpts
 
 Name | Type | Description  | Notes
 ------------- | ------------- | ------------- | -------------
- **uNKNOWNBASETYPE** | [**optional.Interface of interface{}**](UNKNOWN_BASE_TYPE.md)|  | 
+ **uNKNOWNBASETYPE** | [**optional.Interface of UNKNOWN_BASE_TYPE**](UNKNOWN_BASE_TYPE.md)|  | 
 
 ### Return type
 

samples/client/petstore/go/go-petstore-withXml/.openapi-generator/VERSION

@@ -1 +1 @@
-3.3.0-SNAPSHOT
+3.3.1-SNAPSHOT