#12656 fix HTML-escaped token and authorization URLs in Java based libraries (#12677)

JochenReinhardt · web-flow · commit 88ae36eec06b · 2022-06-25T10:21:14.000+08:00
diff --git a/modules/openapi-generator/src/main/resources/Java/libraries/feign/ApiClient.mustache b/modules/openapi-generator/src/main/resources/Java/libraries/feign/ApiClient.mustache
@@ -83,7 +83,7 @@ public class ApiClient {
         auth = new ApiKeyAuth({{#isKeyInHeader}}"header"{{/isKeyInHeader}}{{#isKeyInQuery}}"query"{{/isKeyInQuery}}{{#isKeyInCookie}}"cookie"{{/isKeyInCookie}}, "{{keyParamName}}");
       {{/isApiKey}}
       {{#isOAuth}}
-        auth = buildOauthRequestInterceptor(OAuthFlow.{{#lambda.uppercase}}{{#lambda.snakecase}}{{flow}}{{/lambda.snakecase}}{{/lambda.uppercase}}, "{{authorizationUrl}}", "{{tokenUrl}}", "{{#scopes}}{{scope}}{{^-last}}, {{/-last}}{{/scopes}}");
+        auth = buildOauthRequestInterceptor(OAuthFlow.{{#lambda.uppercase}}{{#lambda.snakecase}}{{flow}}{{/lambda.snakecase}}{{/lambda.uppercase}}, "{{{authorizationUrl}}}", "{{{tokenUrl}}}", "{{#scopes}}{{scope}}{{^-last}}, {{/-last}}{{/scopes}}");
       {{/isOAuth}}
       } else {{/authMethods}}{
         throw new RuntimeException("auth name \"" + authName + "\" not found in available auth names");
diff --git a/modules/openapi-generator/src/main/resources/Java/libraries/jersey2/ApiClient.mustache b/modules/openapi-generator/src/main/resources/Java/libraries/jersey2/ApiClient.mustache
@@ -227,7 +227,7 @@ public class ApiClient{{#jsr310}} extends JavaTimeFormatter{{/jsr310}} {
     if (auth instanceof OAuth) {
       authentications.put("{{name}}", auth);
     } else {
-      authentications.put("{{name}}", new OAuth(basePath, "{{tokenUrl}}"));
+      authentications.put("{{name}}", new OAuth(basePath, "{{{tokenUrl}}}"));
     }
     {{/isOAuth}}
     {{/authMethods}}
diff --git a/modules/openapi-generator/src/main/resources/Java/libraries/jersey3/ApiClient.mustache b/modules/openapi-generator/src/main/resources/Java/libraries/jersey3/ApiClient.mustache
@@ -227,7 +227,7 @@ public class ApiClient{{#jsr310}} extends JavaTimeFormatter{{/jsr310}} {
     if (auth instanceof OAuth) {
       authentications.put("{{name}}", auth);
     } else {
-      authentications.put("{{name}}", new OAuth(basePath, "{{tokenUrl}}"));
+      authentications.put("{{name}}", new OAuth(basePath, "{{{tokenUrl}}}"));
     }
     {{/isOAuth}}
     {{/authMethods}}
diff --git a/modules/openapi-generator/src/main/resources/Java/libraries/okhttp-gson/ApiClient.mustache b/modules/openapi-generator/src/main/resources/Java/libraries/okhttp-gson/ApiClient.mustache
@@ -180,7 +180,7 @@ public class ApiClient {
         }
 
 {{#hasOAuthMethods}}
-        String tokenUrl = "{{tokenUrl}}";
+        String tokenUrl = "{{{tokenUrl}}}";
         if (!"".equals(tokenUrl) && !URI.create(tokenUrl).isAbsolute()) {
             URI uri = URI.create(getBasePath());
             tokenUrl = uri.getScheme() + ":" +
diff --git a/modules/openapi-generator/src/main/resources/Java/libraries/retrofit/ApiClient.mustache b/modules/openapi-generator/src/main/resources/Java/libraries/retrofit/ApiClient.mustache
@@ -73,7 +73,7 @@ public class ApiClient {
                 auth = new ApiKeyAuth({{#isKeyInHeader}}"header"{{/isKeyInHeader}}{{#isKeyInQuery}}"query"{{/isKeyInQuery}}{{#isKeyInCookie}}"cookie"{{/isKeyInCookie}}, "{{keyParamName}}");
             {{/isApiKey}}
             {{#isOAuth}}
-                auth = new OAuth(OAuthFlow.{{flow}}, "{{authorizationUrl}}", "{{tokenUrl}}", "{{#scopes}}{{scope}}{{^-last}}, {{/-last}}{{/scopes}}");
+                auth = new OAuth(OAuthFlow.{{flow}}, "{{{authorizationUrl}}}", "{{{tokenUrl}}}", "{{#scopes}}{{scope}}{{^-last}}, {{/-last}}{{/scopes}}");
             {{/isOAuth}}
             } else {{/authMethods}}{
                 throw new RuntimeException("auth name \"" + authName + "\" not found in available auth names");
diff --git a/modules/openapi-generator/src/main/resources/Java/libraries/retrofit2/ApiClient.mustache b/modules/openapi-generator/src/main/resources/Java/libraries/retrofit2/ApiClient.mustache
@@ -77,7 +77,7 @@ public class ApiClient {
         auth = new ApiKeyAuth({{#isKeyInHeader}}"header"{{/isKeyInHeader}}{{#isKeyInQuery}}"query"{{/isKeyInQuery}}{{#isKeyInCookie}}"cookie"{{/isKeyInCookie}}, "{{keyParamName}}");
         {{/isApiKey}}
         {{#isOAuth}}
-        auth = new OAuth(OAuthFlow.{{#lambda.uppercase}}{{#lambda.snakecase}}{{flow}}{{/lambda.snakecase}}{{/lambda.uppercase}}, "{{authorizationUrl}}", "{{tokenUrl}}", "{{#scopes}}{{scope}}{{^-last}}, {{/-last}}{{/scopes}}");
+        auth = new OAuth(OAuthFlow.{{#lambda.uppercase}}{{#lambda.snakecase}}{{flow}}{{/lambda.snakecase}}{{/lambda.uppercase}}, "{{{authorizationUrl}}}", "{{{tokenUrl}}}", "{{#scopes}}{{scope}}{{^-last}}, {{/-last}}{{/scopes}}");
         {{/isOAuth}}
       } else {{/authMethods}}{
         throw new RuntimeException("auth name \"" + authName + "\" not found in available auth names");

Original file line number	Diff line number	Diff line change
`@@ -227,7 +227,7 @@ public class ApiClient{{#jsr310}} extends JavaTimeFormatter{{/jsr310}} {`
`227`	`227`	`if (auth instanceof OAuth) {`
`228`	`228`	`authentications.put("{{name}}", auth);`
`229`	`229`	`} else {`
`230`		`- authentications.put("{{name}}", new OAuth(basePath, "{{tokenUrl}}"));`
	`230`	`+ authentications.put("{{name}}", new OAuth(basePath, "{{{tokenUrl}}}"));`
`231`	`231`	`}`
`232`	`232`	`{{/isOAuth}}`
`233`	`233`	`{{/authMethods}}`
Original file line number	Diff line number	Diff line change
`@@ -180,7 +180,7 @@ public class ApiClient {`
`180`	`180`	`}`
`181`	`181`
`182`	`182`	`{{#hasOAuthMethods}}`
`183`		`- String tokenUrl = "{{tokenUrl}}";`
	`183`	`+ String tokenUrl = "{{{tokenUrl}}}";`
`184`	`184`	`if (!"".equals(tokenUrl) && !URI.create(tokenUrl).isAbsolute()) {`
`185`	`185`	`URI uri = URI.create(getBasePath());`
`186`	`186`	`tokenUrl = uri.getScheme() + ":" +`