From fc303814c3469afa22579f1b244526151dd4cadf Mon Sep 17 00:00:00 2001 From: Richard Bruskiewich Date: Wed, 25 Sep 2019 08:35:28 -0700 Subject: [PATCH 1/3] OpenAPI 3.* has the body name 'requestBody' which Connexion resolves to the argument tag "request_body" so this line of code is not standards compliant, thus non-object JSON request bodies are not captured as arguments (on line 263) without the artificial use of an explicit 'x-body-name' with value 'request_body' --- connexion/operations/openapi.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/connexion/operations/openapi.py b/connexion/operations/openapi.py index 6b185b1f9..8b6ab602d 100644 --- a/connexion/operations/openapi.py +++ b/connexion/operations/openapi.py @@ -244,7 +244,7 @@ def body_definition(self): return {} def _get_body_argument(self, body, arguments, has_kwargs, sanitize): - x_body_name = self.body_schema.get('x-body-name', 'body') + x_body_name = self.body_schema.get('x-body-name', 'request_body') if is_nullable(self.body_schema) and is_null(body): return {x_body_name: None} From e3281642d2e055d5f9c60ce30d8985e5a5063183 Mon Sep 17 00:00:00 2001 From: Richard Bruskiewich Date: Wed, 10 Mar 2021 13:58:38 -0800 Subject: [PATCH 2/3] Patch for zalando/connexion/pull/1222 ('application/x-www-form-urlencoded' body parameters) --- connexion/decorators/validation.py | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/connexion/decorators/validation.py b/connexion/decorators/validation.py index ab0c91345..d6cc2ce09 100644 --- a/connexion/decorators/validation.py +++ b/connexion/decorators/validation.py @@ -3,6 +3,7 @@ import functools import logging import sys +from urllib.parse import parse_qs import six from jsonschema import Draft4Validator, ValidationError, draft4_format_checker @@ -106,6 +107,19 @@ def validate_formdata_parameter_list(self, request): spec_params = self.schema.get('properties', {}).keys() return validate_parameter_list(request_params, spec_params) + def parse_body_parameters(self, body): + parsed_body = parse_qs(body.decode("utf-8")) + # Flatten the parameters and take only the first value + params = dict() + for key,value in parsed_body.items(): + valen = len(value) + if valen: + if valen<=1: + params[key] = value[0] # flatten single element lists + else: + params[key] = value # leave multi-valued lists intact + return params + def __call__(self, function): """ :type function: types.FunctionType @@ -143,7 +157,8 @@ def wrapper(request): if error and not self.has_default: return error elif self.consumes[0] in FORM_CONTENT_TYPES: - data = dict(request.form.items()) or (request.body if len(request.body) > 0 else {}) + data = dict(request.form.items()) or \ + (self.parse_body_parameters(request.body) if len(request.body) > 0 else {}) data.update(dict.fromkeys(request.files, '')) # validator expects string.. logger.debug('%s validating schema...', request.url) From 3d00bccbef04e7cc8c367843b68ec8748badc74d Mon Sep 17 00:00:00 2001 From: Richard Bruskiewich Date: Wed, 10 Mar 2021 21:03:04 -0800 Subject: [PATCH 3/3] US ASCII is a safer encoding for the body parsing --- connexion/decorators/validation.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/connexion/decorators/validation.py b/connexion/decorators/validation.py index d6cc2ce09..85ad721c7 100644 --- a/connexion/decorators/validation.py +++ b/connexion/decorators/validation.py @@ -107,8 +107,8 @@ def validate_formdata_parameter_list(self, request): spec_params = self.schema.get('properties', {}).keys() return validate_parameter_list(request_params, spec_params) - def parse_body_parameters(self, body): - parsed_body = parse_qs(body.decode("utf-8")) + def parse_body_parameters(self, body, encoding="ascii"): + parsed_body = parse_qs(body.decode(encoding)) # Flatten the parameters and take only the first value params = dict() for key,value in parsed_body.items():