URL with URL-unsafe characters causes invalid URI errors about apivore HOT 6 CLOSED

@amcaplan is it possible to use the to_query rails method?

from apivore.

No. to_query converts a key-value pair into key=value for use in a URL query string. CGI::escape is for a single String. It's also in the Ruby standard library, already used in any Rails app, so I'm not sure why we'd not want to use it.

from apivore.

@amcaplan This would be a breaking change as as any string already escaped would be doubly escaped and then fail. It could be considered for a later Apivore version.

Personally, I don't see:
it { is_expected.to validate(:get, '/resources/{CGI.escape(name)}', 200, params) }
as illegible. It is also explicit that there can be things in name that need special treatment. Often a significant understanding of code can be found by seeing how the tests are written.

There are also many ways to bury and refactor the above into Rails-like URL helpers, thus:

def resources_path(name)
  "/resources/#{CGI.escape(name)}"
end

it { is_expected.to validate(:get, resources_path(name), 200, params) }

and many other options.

from apivore.

Breaking change

from apivore.

@gwshaw I think I understood what you said, but I don't think it was expressed clearly. The validation URL has to exactly match what the Swagger spec has. So if Swagger has a URL '/resources/{name}', the URL to validate has to be '/resources/{name}' exactly, with name set in params. If you try:

it { is_expected.to validate(:get, '/resources/escaped+name', 200, {})

the endpoint to validate won't be recognized by Apivore.

Instead, you have to do:

let(:params) {{ 'name' => 'string with spaces') }}
it { is_expected.to validate(:get, '/resources/{name}', 200, params) }

which of course breaks, because Apivore tries the URI /resources/string with spaces, which isn't a valid URI.

I'm still pretty sure you're right, so I've rephrased a bit.

For posterity, here's my understanding:

1. it { is_expected.to validate(:get, '/resources/{name}', 200, params) } fails if params['name'] is a non-URL-safe String.
2. I suggested calling CGI::escape on URL params to make sure they're URL-safe.
3. @gwshaw pointed out that if you already escaped it (e.g., params['name'] = 'string+with+spaces'), it'll be re-escaped ('string%2Bwith%2Bspaces'), which would be a breaking change.
4. Hence, the recommended solution in this case is to escape it yourself:

let(:params) {{ 'name' => CGI.escape("string with spaces") }}
it { is_expected.to validate(:get, '/resources/{name}', 200, params) }

Is that right?

from apivore.

Sorry, I misinterpreted your code and my examples were then incorrect, but yes, you need to escape it yourself as you show in your example.

from apivore.