[fix] x-www-form-urlencoded body encoding in HTTP form POST

[srosenda]

Description of change

Fix the FormPost body encoding when content type is x-www-form-urlencoded. The current implementation does not handle correctly line endings, special characters (e.g. '+') and does not convert spaces to '+' characters.

See https://url.spec.whatwg.org/#application/x-www-form-urlencoded

Additional changes and their rationale

Changes mandatory for implementing the fix:

• Change FormPost initialization to throwing and to take contentType: ContentType parameter to enable encoding the FormPost.body according to the content type and change the initializer calls in this repository accordingly.
• ContentType.key = "Content-Type" was erroneously defined as a case of enum ContentType although it is not a content type, but a HTTP header key for content types. Changed it to static let key = "Content-Type".

Other improvements:

• Make the properties of FormPost that are immutable by its conformance to the Request protocol also immutable (let instead of var). The properties were not mutated either by the code in this repository. Immutability is also a better default in Swift, unless mutability is required.
• Unify the FormPost interface with its protocol conformance Request:
  • define the properties in the same order in both and use the same ordering for initializer parameters
  • Move property documentation from the FormPost implementation to the Request protocol, as it should define the semantics of the interface.
• The property FormPost.formData: [String: Any] was only used for input and producing FormPost.body. Changed it from a property to init parameter. Also initialize the body property eagerly already in the initializer as it will be queried in any sensible use case of FormPost anyways.
• Remove the Dictionary extension toQueryItems() -> [URLQueryItem] that failed to encode the body correctly and that was used only by FormPost.

Fixes #55.

Type of change

Please delete options that are not relevant.

• [x] Bug fix
• [x] Breaking change: potentially, as contains changes to public APIs of this package. Did a search across the eu-digital-identity-wallet organization and it seems that the changed components were used only within this package. Note that the FormPost struct could not be used external to its module as it does not define a public initializer.

How Has This Been Tested?

Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration

• [x] Tests in this repository pass (except for tests that have been failing in the main branch since 054a2b2)
• [x] Works with the Finnish EUDIWallet backend. Failed before this fix, because its credential metadata contained a scope "pid.vc+sd-jwt" with an illegal character ('+') if not encoded properly.

Checklist:

• [x] I have performed a self-review of my own code
• [x] I have commented my code, particularly in hard-to-understand areas
• [ ] I have made corresponding changes to the readme
• [x] My changes generate no new warnings
• [ ] I have added unit tests that prove my fix is effective or that my feature works (the changed code was and is covered by unit tests of other parts of the library)
• [x] New and existing unit tests pass locally with my changes (except for tests that have been failing in the main branch since 054a2b2)

[srosenda]

Note that there is almost a verbatim copy in the eudi-lib-ios-siop-openid4vp-swift library of the same FormPost component and its dependencies, including Request protocol that are fixed in this PR, see https://github.com/eu-digital-identity-wallet/eudi-lib-ios-siop-openid4vp-swift/blob/427be9f7e6ac298f9f807a145c479519a8657274/Sources/Main/Services/VerifierFormPost.swift. Should this kind of common utility classes be extracted to a common library?

[dtsiflit]

Great work here @srosenda , we wanted to revisit FormPost ourselves for ages :) Please bear with us because it will be several days before we look into this PR. Thanks!

[srosenda]

Rebased with main. Planning to add some tests to validate the non-trivial x-www-form-urlencoded encoding.

[srosenda]

Test for FormPost added in 1769c56 and the implementation changed to follow the whatwg/url specification more closely.

[dtsiflit]

Note that there is almost a verbatim copy in the eudi-lib-ios-siop-openid4vp-swift library of the same FormPost component and its dependencies, including Request protocol that are fixed in this PR, see https://github.com/eu-digital-identity-wallet/eudi-lib-ios-siop-openid4vp-swift/blob/427be9f7e6ac298f9f807a145c479519a8657274/Sources/Main/Services/VerifierFormPost.swift. Should this kind of common utility classes be extracted to a common library?

Thanks for this feedback @srosenda, unfortunately no plans for a common library at the moment.

[srosenda]

Thanks a lot for approving and merging this PR @dtsiflit! I was able to switch our iOS wallet implementation using this library (still at PoC state) to use the upstream repository instead of a patch branch in a fork repository.