search

quarkiverse / quarkus-openapi-generator

OpenAPI Generator - REST Client Generator
Apache License 2.0
123 stars 86 forks source link

ApiKey/Cookie authentication issue #568

Closed ssternal closed 9 months ago

ssternal commented 12 months ago

I have a specfication using a cookie for authentication. This compiles fine, but at runtime I get an error when trying to invoke an operation. The relevant part of the specification file looks like the following:

{
  "openapi": "3.0.1",
  "security": [
    {
      "cookie": []
    }
  ],
  "components": {
    "securitySchemes": {
      "cookie": {
        "type": "apiKey",
        "name": "TASKLIST-SESSION",
        "in": "cookie"
      }
    }
  }
}

When trying to invoke an operation, the following exception is thrown:

2023-11-17 13:13:47,217 ERROR [io.qua.ver.htt.run.QuarkusErrorHandler] (vert.x-eventloop-thread-0) HTTP Request to /create-file-structure failed, error id: ba033723-899c-4e55-b113-7da5bb8808bc-1: jakarta.ws.rs.ProcessingException: java.lang.UnsupportedOperationException
    [...]
Caused by: java.lang.UnsupportedOperationException
    at java.base/java.util.AbstractMap.put(AbstractMap.java:209)
    at io.quarkiverse.openapi.generator.providers.ApiKeyAuthenticationProvider.filter(ApiKeyAuthenticationProvider.java:47)
    at io.quarkiverse.openapi.generator.providers.AbstractCompositeAuthenticationProvider.filter(AbstractCompositeAuthenticationProvider.java:41)
    [...]

When having a look at ApiKeyAuthenticationProvider#filter in case of cookie it tries to add the key as a cookie: https://github.com/quarkiverse/quarkus-openapi-generator/blob/9451de81a69182cdb96bd8b0051b99921bbc558a/runtime/src/main/java/io/quarkiverse/openapi/generator/providers/ApiKeyAuthenticationProvider.java#L40-L58

This likely is expected to throw an exception, because when reading the JavaDoc for ClientRequestContext#getCookies it states to return a read-only map:

Returns: a read-only map of cookie name (String) to Cookie

There is a test for using cookie authentication, but this test mocks the request's cookie with a simple hash map, i.e. returning a mutable map: https://github.com/quarkiverse/quarkus-openapi-generator/blob/e622e6a450b7747751645371c5f5ac9404132776/runtime/src/test/java/io/quarkiverse/openapi/generator/providers/ApiKeyAuthenticationProviderTest.java#L89-L100

For me this looks like a mistake or is there something I'm missing?

ricardozanini commented 12 months ago

Yes, it looks like a bug. Are you willing to send a PR?

github-actions[bot] commented 10 months ago

@ricardozanini @hbelmiro This is being labeled as Stale.

ricardozanini commented 10 months ago

@ssternal are you still working on this?

ssternal commented 10 months ago

See the referenced PR for more details. The requested integration test for the fix still fails. I'm currently not working on this. Therefore, the stale label is quite correct. I'm thinking about giving up on this due to the amount of time I've already spent on it.

mcruzdev commented 10 months ago

Hi @ssternal, how are you? do you want help to solve this one?

ssternal commented 10 months ago

Sure, you are more than welcome to help me out :) The new test's content should be fine to ensure the fix. The only issue as mentioned in the PR is the configuration of the IT itself. If you are able to fix that setup stuff, it should be ready to go.

mcruzdev commented 10 months ago

Sure, you are more than welcome to help me out :) The new test's content should be fine to ensure the fix. The only issue as mentioned in the PR is the configuration of the IT itself. If you are able to fix that setup stuff, it should be ready to go.

Perfect, I will take a look at this on this week!