Skip to content

fix(oauth2): avoid processing authorizationUrl when it is not a string#10452

Merged
glowcloud merged 3 commits intomasterfrom
fix-undefined-authorization-url
May 20, 2025
Merged

fix(oauth2): avoid processing authorizationUrl when it is not a string#10452
glowcloud merged 3 commits intomasterfrom
fix-undefined-authorization-url

Conversation

@glowcloud
Copy link
Copy Markdown
Contributor

@glowcloud glowcloud commented May 19, 2025

This PR avoids treating authorizationUrl as a string when it is not a string, e.g. when it is not defined:

openapi: 3.0.4
components:
  securitySchemes:
    oAuthSample: 
      type: oauth2
      flows:
        implicit:
          # authorizationUrl: https://example.com/oauth/authorize  
          scopes:
            read_pets: read your pets
            write_pets: modify pets in your account
paths:
  /pets:
    patch:
      summary: Add a new pet
      security:
        - oAuthSample:
          - write_pets
          - read_pets

@glowcloud glowcloud requested a review from char0n May 19, 2025 12:48
@glowcloud glowcloud self-assigned this May 19, 2025
char0n
char0n reviewed May 20, 2025
View reviewed changes
Comment thread src/core/oauth2-authorize.js Outdated
}
let url = [sanitizedAuthorizationUrl, query.join("&")].join(authorizationUrl.indexOf("?") === -1 ? "?" : "&")
let url = [sanitizedAuthorizationUrl, query.join("&")].join(
typeof authorizationUrl === "string" && authorizationUrl.indexOf("?") === -1
Copy link
Copy Markdown
Contributor

@char0n char0n May 20, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
typeof authorizationUrl === "string" && authorizationUrl.indexOf("?") === -1
typeof authorizationUrl === "string" && !authorizationUrl.includes("?")

char0n
char0n approved these changes May 20, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@char0n char0n left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved with one suggestion

@glowcloud glowcloud merged commit 119052e into master May 20, 2025
8 checks passed
delendik-testops pushed a commit to ModiusOpenData/swagger-ui that referenced this pull request Mar 3, 2026
@glowcloud @kirill-of-turov
fix(oauth2): avoid processing authorizationUrl when it is not a string (
0edc258 
swagger-api#10452)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@char0n char0n char0n approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@glowcloud glowcloud

Labels

cat: auth type: bug version: 5.x

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@glowcloud @char0n