Closed srosenda closed 2 weeks ago
Note that there is almost a verbatim copy in the eudi-lib-ios-siop-openid4vp-swift library of the same FormPost
component and its dependencies, including Request
protocol that are fixed in this PR, see https://github.com/eu-digital-identity-wallet/eudi-lib-ios-siop-openid4vp-swift/blob/427be9f7e6ac298f9f807a145c479519a8657274/Sources/Main/Services/VerifierFormPost.swift. Should this kind of common utility classes be extracted to a common library?
Great work here @srosenda , we wanted to revisit FormPost ourselves for ages :) Please bear with us because it will be several days before we look into this PR. Thanks!
Rebased with main. Planning to add some tests to validate the non-trivial x-www-form-urlencoded
encoding.
Test for FormPost added in 1769c56 and the implementation changed to follow the whatwg/url specification more closely.
Note that there is almost a verbatim copy in the eudi-lib-ios-siop-openid4vp-swift library of the same
FormPost
component and its dependencies, includingRequest
protocol that are fixed in this PR, see https://github.com/eu-digital-identity-wallet/eudi-lib-ios-siop-openid4vp-swift/blob/427be9f7e6ac298f9f807a145c479519a8657274/Sources/Main/Services/VerifierFormPost.swift. Should this kind of common utility classes be extracted to a common library?
Thanks for this feedback @srosenda, unfortunately no plans for a common library at the moment.
Thanks a lot for approving and merging this PR @dtsiflit! I was able to switch our iOS wallet implementation using this library (still at PoC state) to use the upstream repository instead of a patch branch in a fork repository.
Description of change
Fix the
FormPost
body encoding when content type isx-www-form-urlencoded
. The current implementation does not handle correctly line endings, special characters (e.g.'+'
) and does not convert spaces to'+'
characters.See https://url.spec.whatwg.org/#application/x-www-form-urlencoded
Additional changes and their rationale
Changes mandatory for implementing the fix:
FormPost
initialization to throwing and to takecontentType: ContentType
parameter to enable encoding theFormPost.body
according to the content type and change the initializer calls in this repository accordingly.ContentType.key = "Content-Type"
was erroneously defined as acase
ofenum ContentType
although it is not a content type, but a HTTP header key for content types. Changed it tostatic let key = "Content-Type"
.Other improvements:
FormPost
that are immutable by its conformance to theRequest
protocol also immutable (let
instead ofvar
). The properties were not mutated either by the code in this repository. Immutability is also a better default in Swift, unless mutability is required.FormPost
interface with its protocol conformanceRequest
:FormPost
implementation to theRequest
protocol, as it should define the semantics of the interface.FormPost.formData: [String: Any]
was only used for input and producingFormPost.body
. Changed it from a property toinit
parameter. Also initialize thebody
property eagerly already in the initializer as it will be queried in any sensible use case ofFormPost
anyways.Dictionary
extensiontoQueryItems() -> [URLQueryItem]
that failed to encode the body correctly and that was used only byFormPost
.Fixes #55.
Type of change
Please delete options that are not relevant.
FormPost
struct could not be used external to its module as it does not define a public initializer.How Has This Been Tested?
Please describe the tests that you ran to verify your changes. Provide instructions so we can reproduce. Please also list any relevant details for your test configuration
"pid.vc+sd-jwt"
with an illegal character ('+'
) if not encoded properly.Checklist: