search

swagger-api / swagger-ui

Swagger UI is a collection of HTML, JavaScript, and CSS assets that dynamically generate beautiful documentation from a Swagger-compliant API.
https://swagger.io
Apache License 2.0
26.63k stars 8.96k forks source link

authorizeRequest can't parse error responses containing complex objects #10125

Open btonasse opened 2 months ago

btonasse commented 2 months ago

Q&A (please complete the following information)

Content & configuration

Example Swagger/OpenAPI definition:

paths:
  /:
  /token:
    post:
      summary: Login
      operationId: login_token_post
      requestBody:
        content:
          application/x-www-form-urlencoded:
            schema:
              $ref: '#/components/schemas/Body_login_token_post'
        required: true
      responses:
        '200':
          description: Successful Response
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Token'
        '422':
          description: Validation Error
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/HTTPValidationError'
components:
  schemas:
    HTTPValidationError:
      properties:
        detail:
          items:
            $ref: '#/components/schemas/ValidationError'
          type: array
          title: Detail
      type: object
      title: HTTPValidationError

Swagger-UI configuration options:

All defaults

Describe the bug you're encountering

If the authorization endpoint returns an error response and that response's body is a complex object (such as an array), Swagger UI will fail to stringify it and the result will be:

swagger_auth_err

If, however, the status code of the response is 200, the response body is correctly stringified:

swagger_if_200

To reproduce...

My API is not public, but any endpoint that returns complex objects in an error response (see schema above) will cause the bug to occur.

Expected behavior

Complex objects in error response

Screenshots

Embedded above

Additional context or thoughts

I believe the issue is here: https://github.com/swagger-api/swagger-ui/blob/master/src/core/plugins/auth/actions.js

If the status code is 200, line #205 is executed and since we have a non-null error property, Swagger correctly identifies the authorization failed and, since response.ok is true, the error is stringified. This is not the case, however, if the status code is an error (such as 422 or 400).

Stack Overflow question: https://stackoverflow.com/questions/78960147/objects-in-error-response-cant-be-parsed-by-swagger-ui