search

quarkiverse / quarkus-openapi-generator

OpenAPI Generator - REST Client Generator
Apache License 2.0
108 stars 69 forks source link

ApiKey/Cookie authentication issue #568

Closed ssternal closed 5 months ago

ssternal commented 7 months ago

I have a specfication using a cookie for authentication. This compiles fine, but at runtime I get an error when trying to invoke an operation. The relevant part of the specification file looks like the following:

{
  "openapi": "3.0.1",
  "security": [
    {
      "cookie": []
    }
  ],
  "components": {
    "securitySchemes": {
      "cookie": {
        "type": "apiKey",
        "name": "TASKLIST-SESSION",
        "in": "cookie"
      }
    }
  }
}

When trying to invoke an operation, the following exception is thrown:

2023-11-17 13:13:47,217 ERROR [io.qua.ver.htt.run.QuarkusErrorHandler] (vert.x-eventloop-thread-0) HTTP Request to /create-file-structure failed, error id: ba033723-899c-4e55-b113-7da5bb8808bc-1: jakarta.ws.rs.ProcessingException: java.lang.UnsupportedOperationException
    [...]
Caused by: java.lang.UnsupportedOperationException
    at java.base/java.util.AbstractMap.put(AbstractMap.java:209)
    at io.quarkiverse.openapi.generator.providers.ApiKeyAuthenticationProvider.filter(ApiKeyAuthenticationProvider.java:47)
    at io.quarkiverse.openapi.generator.providers.AbstractCompositeAuthenticationProvider.filter(AbstractCompositeAuthenticationProvider.java:41)
    [...]

When having a look at ApiKeyAuthenticationProvider#filter in case of cookie it tries to add the key as a cookie: https://github.com/quarkiverse/quarkus-openapi-generator/blob/9451de81a69182cdb96bd8b0051b99921bbc558a/runtime/src/main/java/io/quarkiverse/openapi/generator/providers/ApiKeyAuthenticationProvider.java#L40-L58

This likely is expected to throw an exception, because when reading the JavaDoc for ClientRequestContext#getCookies it states to return a read-only map:

Returns: a read-only map of cookie name (String) to Cookie

There is a test for using cookie authentication, but this test mocks the request's cookie with a simple hash map, i.e. returning a mutable map: https://github.com/quarkiverse/quarkus-openapi-generator/blob/e622e6a450b7747751645371c5f5ac9404132776/runtime/src/test/java/io/quarkiverse/openapi/generator/providers/ApiKeyAuthenticationProviderTest.java#L89-L100

For me this looks like a mistake or is there something I'm missing?

ricardozanini commented 7 months ago

Yes, it looks like a bug. Are you willing to send a PR?

github-actions[bot] commented 5 months ago

@ricardozanini @hbelmiro This is being labeled as Stale.

ricardozanini commented 5 months ago

@ssternal are you still working on this?

ssternal commented 5 months ago

See the referenced PR for more details. The requested integration test for the fix still fails. I'm currently not working on this. Therefore, the stale label is quite correct. I'm thinking about giving up on this due to the amount of time I've already spent on it.

mcruzdev commented 5 months ago

Hi @ssternal, how are you? do you want help to solve this one?

ssternal commented 5 months ago

Sure, you are more than welcome to help me out :) The new test's content should be fine to ensure the fix. The only issue as mentioned in the PR is the configuration of the IT itself. If you are able to fix that setup stuff, it should be ready to go.

mcruzdev commented 5 months ago

Sure, you are more than welcome to help me out :) The new test's content should be fine to ensure the fix. The only issue as mentioned in the PR is the configuration of the IT itself. If you are able to fix that setup stuff, it should be ready to go.

Perfect, I will take a look at this on this week!