Special characters in path parameters not handled correctly

[olipratt]

Hi,

Firstly - thanks for creating pyswagger!

I'm having issues using URL special characters (e.g. ?, / etc.) in path parameters with pyswagger.

Do you agree pyswagger should be URL quoting these parameters with e.g. this function before making requests?

As an example, if I try out the swagger UI here and try the GET /user/{username} operation with username asd?asd, the request made is: GET http://petstore.swagger.io/v2/user/asd%3Fasd.

Now try the same thing with pyswagger, e.g.:

from pyswagger import App, Security
from pyswagger.contrib.client.requests import Client
app = App.create("http://petstore.swagger.io/v2/swagger.json")
client = Client(Security(app))
client.request(app.s('/user/{username}').get(username='asd?asd'))

and pyswagger does exactly GET /v2/user/asd?asd which is really a GET for username asd with a query parameter.

Looking at the code, I think pyswagger should be doing some quoting of path parameters around here.

pyswagger does handle query parameters correctly (I think requests is actually encoding them because they are passed to it separately, but requests can't encode the path as it's provided as one string so relies on pyswagger encoding the right parts):

...
client.request(app.s('/user/login').get(username='asd?asd', password='asd/asd'))

Results in GET /v2/user/login?username=asd%3Fasd&password=asd%2Fasd the same as if you use the swagger UI for /user/login with the same parameters.

[mission-liao]

Thanks for the investigation, it's very clear. I think it's bug since every control characters in url should be escaped. The fix would be included in next release.

[olipratt]

I saw that you made a fix here and release V0.8.28 - I took that version and the fix seems to work great.

Thanks for fixing and the quick turnaround!

[mission-liao]

I should update a comment in issue board directly.