Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Query string parameter getting duplicated in downstream path #1174

Closed
sunilk3 opened this issue Mar 29, 2020 · 3 comments · Fixed by #1182
Closed

Query string parameter getting duplicated in downstream path #1174

sunilk3 opened this issue Mar 29, 2020 · 3 comments · Fixed by #1182
Assignees
Labels
bug Identified as a potential bug merged Issue has been merged to dev and is waiting for the next release
Milestone

Comments

@sunilk3
Copy link

sunilk3 commented Mar 29, 2020

Expected Behavior

Query string parameter should not duplicate.

Upstream Request: contracts?projectNumber=45&startDate=2019-12-12&endDate=2019-12-12
Downstream Request: api/contracts?projectNumber=45&startDate=2019-12-12&endDate=2019-12-12

Upstream Request: contracts?$filter=ProjectNumber eq 45 and DateOfSale ge 2020-03-01T00:00:00z and DateOfSale le 2020-03-15T00:00:00z
Downstream Request: api/contracts?$filter=ProjectNumber eq 45 and DateOfSale ge 2020-03-01T00:00:00z and DateOfSale le 2020-03-15T00:00:00z

Actual Behavior

Query string parameter is duplicated. This works fine with web api endpoints even if query string parameter gets duplicated but fails on OData endpoints.

Upstream Request: contracts?projectNumber=45&startDate=2019-12-12&endDate=2019-12-12
Downstream Request: api/contracts?projectNumber=45&startDate=2019-12-12&endDate=2019-12-12&projectNumber=45

Upstream Request: contracts?$filter=ProjectNumber eq 45 and DateOfSale ge 2020-03-01T00:00:00z and DateOfSale le 2020-03-15T00:00:00z
Downstream Request: api/contracts?$filter=ProjectNumber eq 45 and DateOfSale ge 2020-03-01T00:00:00z and DateOfSale le 2020-03-15T00:00:00z&$filter=ProjectNumber eq 45 and DateOfSale ge 2020-03-01T00:00:00z and DateOfSale le 2020-03-15T00:00:00z

Please see console log below

info: Ocelot.RateLimit.Middleware.ClientRateLimitMiddleware[0]
      requestId: 0HLUK013URU17:00000001, previousRequestId: no previous request id, message: EndpointRateLimiting is not enabled for /api/contracts?{everythingelse}
info: Ocelot.Authentication.Middleware.AuthenticationMiddleware[0]
      requestId: 0HLUK013URU17:00000001, previousRequestId: no previous request id, message: No authentication needed for /contracts
info: Ocelot.Authorisation.Middleware.AuthorisationMiddleware[0]
      requestId: 0HLUK013URU17:00000001, previousRequestId: no previous request id, message: /api/contracts?{everythingelse} route does not require user to be authorised
info: Ocelot.Requester.Middleware.HttpRequesterMiddleware[0]
      requestId: 0HLUK013URU17:00000001, previousRequestId: no previous request id, message: 200 (OK) status code, request uri: http://localhost:45626/api/contracts?**projectNumber=45**&startDate=2019-12-12&endDate=2019-12-12**&projectNumber=45**
info: Ocelot.RateLimit.Middleware.ClientRateLimitMiddleware[0]
      requestId: 0HLUK013URU18:00000001, previousRequestId: no previous request id, message: EndpointRateLimiting is not enabled for /api/contracts?{everythingelse}
info: Ocelot.Authentication.Middleware.AuthenticationMiddleware[0]
      requestId: 0HLUK013URU18:00000001, previousRequestId: no previous request id, message: No authentication needed for /contracts
info: Ocelot.Authorisation.Middleware.AuthorisationMiddleware[0]
      requestId: 0HLUK013URU18:00000001, previousRequestId: no previous request id, message: /api/contracts?{everythingelse} route does not require user to be authorised
warn: Ocelot.Requester.Middleware.HttpRequesterMiddleware[0]
      requestId: 0HLUK013URU18:00000001, previousRequestId: no previous request id, message: 404 (Not Found) status code, request uri: http://localhost:45626/api/contracts?**$filter=ProjectNumber eq 45 and DateOfSale ge 2020-03-01T00:00:00z and DateOfSale le 2020-03-15T00:00:00z**&$**filter=ProjectNumber eq 45 and DateOfSale ge 2020-03-01T00:00:00z and DateOfSale le 2020-03-15T00:00:00z**

Steps to Reproduce the Problem

  1. Create an api controller with two actions, one normal web api and other one as OData.
  2. Define Reroute as below
{ 
      "DownstreamPathTemplate": "/api/contracts?{everythingelse}",
      "DownstreamScheme": "http",
      "DownstreamHostAndPorts": [
        {
          "Host": "localhost",
          "Port": 45626
        }
      ],
      "UpstreamPathTemplate": "/contracts?{everythingelse}",
      "UpstreamHttpMethod": [ "Get" ]
}
  1. Fire get request on OData endpoint with $filter query string parameter and it return 404 not found while directly hitting same endpoint by removing duplicate query string it works fine.

Specifications

  • Version: 14.1.0
  • Platform: .NET Core 3.1 on Windows

More Details

While debugging I found following code block in DownstreamUrlCreatorMiddleware is causing query string duplication.

  if (string.IsNullOrEmpty(context.DownstreamRequest.Query))
  {
       context.DownstreamRequest.Query = GetQueryString(dsPath);
  }
  else
  {
      context.DownstreamRequest.Query += GetQueryString(dsPath).Replace('?', '&');
  }

Removing this code block solved the problem but i don't know what other negative impact it would cause.

@wast
Copy link
Contributor

wast commented Apr 1, 2020

@TomPallister what is the purpose of this line exactly?
context.DownstreamRequest.Query += GetQueryString(dsPath).Replace('?', '&');

I feel like RemoveQueryStringParametersThatHaveBeenUsedInTemplate(context); should also be called to remove duplication.

Also duplicate of #952

@sunilk3
Copy link
Author

sunilk3 commented Apr 2, 2020

@wast Removing this causes the following unit test to fail but resolves the issue I am facing.

DownstreamUrlCreatorMiddlewareTests.issue_473_should_not_remove_additional_query_string

@sunilk3
Copy link
Author

sunilk3 commented Apr 20, 2020

Using DelegatingHandler I was able to workaround this problem.

raman-m pushed a commit to wast/Ocelot that referenced this issue Jul 26, 2023
raman-m pushed a commit to wast/Ocelot that referenced this issue Oct 12, 2023
raman-m pushed a commit to wast/Ocelot that referenced this issue Oct 26, 2023
raman-m pushed a commit to wast/Ocelot that referenced this issue Oct 27, 2023
@raman-m raman-m added bug Identified as a potential bug accepted Bug or feature would be accepted as a PR or is being worked on labels Oct 29, 2023
raman-m added a commit to wast/Ocelot that referenced this issue Oct 31, 2023
raman-m added a commit that referenced this issue Nov 1, 2023
* Fix issue  #952 and #1174

* Fix compiling errors

* Fix warnings

* Fix errors

* Remove and Sort Usings

* CA1845 Use span-based 'string.Concat' and 'AsSpan' instead of 'Substring'.
Use 'AsSpan' with 'string.Concat'

* IDE1006 Naming rule violation: These words must begin with upper case characters: {should_*}.
Fix name violation

* Add namespace

* Fix build errors

* Test class should match the name of tested class

* Simplify too long class names, and they should match

* Move to the parent folder which was empty

* Fix warnings

* Process dictionaries using LINQ to Objects approach

* Fix code review issues from @RaynaldM

* Remove tiny private helper with one reference

* Fix warning & messages

* Define theory instead of 2 facts

* Add unit test for issue #952

* Add additional unit test for #952 to keep param

* Add tests for issue #1174

* Remove unnecessary parameter

* Copy routing.rst from released version

* Refactor the middleware body for query params

* Update routing.rst: Describe query string user scenarios

---------

Co-authored-by: Stjepan Majdak <stjepan.majdak@a1.hr>
Co-authored-by: raman-m <dotnet044@gmail.com>
@raman-m raman-m added merged Issue has been merged to dev and is waiting for the next release and removed accepted Bug or feature would be accepted as a PR or is being worked on labels Nov 1, 2023
ibnuda pushed a commit to ibnuda/Ocelot that referenced this issue Nov 8, 2023
…ate values (ThreeMammals#1182)

* Fix issue  ThreeMammals#952 and ThreeMammals#1174

* Fix compiling errors

* Fix warnings

* Fix errors

* Remove and Sort Usings

* CA1845 Use span-based 'string.Concat' and 'AsSpan' instead of 'Substring'.
Use 'AsSpan' with 'string.Concat'

* IDE1006 Naming rule violation: These words must begin with upper case characters: {should_*}.
Fix name violation

* Add namespace

* Fix build errors

* Test class should match the name of tested class

* Simplify too long class names, and they should match

* Move to the parent folder which was empty

* Fix warnings

* Process dictionaries using LINQ to Objects approach

* Fix code review issues from @RaynaldM

* Remove tiny private helper with one reference

* Fix warning & messages

* Define theory instead of 2 facts

* Add unit test for issue ThreeMammals#952

* Add additional unit test for ThreeMammals#952 to keep param

* Add tests for issue ThreeMammals#1174

* Remove unnecessary parameter

* Copy routing.rst from released version

* Refactor the middleware body for query params

* Update routing.rst: Describe query string user scenarios

---------

Co-authored-by: Stjepan Majdak <stjepan.majdak@a1.hr>
Co-authored-by: raman-m <dotnet044@gmail.com>
@raman-m raman-m added the Oct'23 label Nov 10, 2023
@raman-m raman-m added this to the October'23 milestone Nov 18, 2023
raman-m added a commit that referenced this issue Nov 28, 2023
* #1712 Bump to Polly 8.0 (#1714)

* #1712 Migrate to Polly 8.0

* code review post merge

* post PR

* #1712 Migrate to Polly 8.0

* code review post merge

* Update src/Ocelot.Provider.Polly/PollyQoSProvider.cs

Co-authored-by: Raman Maksimchuk <dotnet044@gmail.com>

* namespaces

* Refactor QoS provider

* Refactor AddPolly extension

* Remove single quote because semicolon ends sentence

---------

Co-authored-by: Ray <rmessie@traceparts.com>
Co-authored-by: Raman Maksimchuk <dotnet044@gmail.com>

* Cache by header value: a new Header property in (File)CacheOptions configuration of a route (#1172)

@EngRajabi, Mohsen Rajabi (7):
      add header to file cache option
      fix private set
      fix
      <none>
      <none>
      fix build fail
      fix: fix review comment. add unit test for change

@raman-m, Raman Maksimchuk (1):
      Update caching.rst

@raman-m (7):
      Fix errors
      Fix errors
      Fix styling warnings
      Refactor tests
      Add Delimiter
      Refactor generator
      Add unit tests

* Find available port in integration tests (#1173)

* use random ports in integration tests

* Remove and Sort Usings

* Code modern look

* code review

* code review: fix messages

* code review: fix some messages

* code review: Use simple `using` statement

* Add Ocelot.Testing project

---------

Co-authored-by: raman-m <dotnet044@gmail.com>

* #952 #1174 Merge query strings without duplicate values (#1182)

* Fix issue  #952 and #1174

* Fix compiling errors

* Fix warnings

* Fix errors

* Remove and Sort Usings

* CA1845 Use span-based 'string.Concat' and 'AsSpan' instead of 'Substring'.
Use 'AsSpan' with 'string.Concat'

* IDE1006 Naming rule violation: These words must begin with upper case characters: {should_*}.
Fix name violation

* Add namespace

* Fix build errors

* Test class should match the name of tested class

* Simplify too long class names, and they should match

* Move to the parent folder which was empty

* Fix warnings

* Process dictionaries using LINQ to Objects approach

* Fix code review issues from @RaynaldM

* Remove tiny private helper with one reference

* Fix warning & messages

* Define theory instead of 2 facts

* Add unit test for issue #952

* Add additional unit test for #952 to keep param

* Add tests for issue #1174

* Remove unnecessary parameter

* Copy routing.rst from released version

* Refactor the middleware body for query params

* Update routing.rst: Describe query string user scenarios

---------

Co-authored-by: Stjepan Majdak <stjepan.majdak@a1.hr>
Co-authored-by: raman-m <dotnet044@gmail.com>

* #1550 #1706 Addressing the QoS options ExceptionsAllowedBeforeBreaking issue (#1753)

* When using the QoS option "ExceptionsAllowedBeforeBreaking" the circuit breaker never opens the circuit.

* merge issue, PortFinder

* some code improvements, using httpresponsemessage status codes as a base for circuit breaker

* Adding more unit tests, and trying to mitigate the test issues with the method "GivenThereIsAPossiblyBrokenServiceRunningOn"

* fixing some test issues

* setting timeout value to 5000 to avoid side effects

* again timing issues

* timing issues again

* ok, first one ok

* Revert "ok, first one ok"

This reverts commit 2e4a673.

* inline method

* putting back logging for http request exception

* removing logger configuration, back to default

* adding a bit more tests to check the policy wrap

* Removing TimeoutStrategy from parameters, it's set by default to pessimistic, at least one policy will be returned, so using First() in circuit breaker and removing the branch Policy == null from delegating handler.

* Fix StyleCop warnings

* Format parameters

* Sort usings

* since we might have two policies wrapped,  timeout and circuit breaker, we can't use the name CircuitBreaker for polly qos provider, it's not right. Using PollyPolicyWrapper and AsnycPollyPolicy instead.

* modifying circuit breaker delegating handler name, usin Polly policies instead

* renaming CircuitBreakerFactory to PolicyWrapperFactory in tests

* DRY for FileConfiguration, using FileConfigurationFactory

* Add copy constructor

* Refactor setup

* Use expression body for method

* Fix acceptance test

* IDE1006 Naming rule violation: These words must begin with upper case characters

* CA1816 Change ReturnsErrorTests.Dispose() to call GC.SuppressFinalize(object)

* Sort usings

* Use expression body for method

* Return back named arguments

---------

Co-authored-by: raman-m <dotnet044@gmail.com>

* #1179 Add missing documentation for Secured WebSocket #1180

* Add "WebSocket Secure" and "SSL Errors" sections (#1180)

Co-authored-by: raman-m <dotnet044@gmail.com>

* Resolve issues with projects after auto-merging. Format Document

* #1744 Avoid calls to 'Logger.Log' if LogLevel not enabled in appsettings.json (#1745)

* changing string parameter for IOcelotLogger function to Func<string>, modifying asp dot net logger, only one main method and verifying if LogLevel is enabled. If log level isn't enabled, then return.

    pick 847dac7 changing string parameter for IOcelotLogger function to Func<string>, modifying asp dot net logger, only one main method and verifying if LogLevel is enabled. If log level isn't enabled, then return.
    pick d7a8397 adding back the logger methods with string as parameter, avoiding calling the factory when plain string are used.
    pick d413201 simplify method calls

* adding back the logger methods with string as parameter, avoiding calling the factory when plain string are used.

* simplify method calls

* adding unit test case, If minimum log level not set then no logs are written

* adding logging benchmark

* code cleanup in steps and naming issues fixes

   pick c4f6dc9 adding loglevel acceptance tests, verifying that the logs are returned according to the minimum log level set in appsettings
   pick 478f139 enhanced unit tests, verifying 1) that the log method is only called when log level enabled 2) that the string function is only invoked when log level enabled

* adding loglevel acceptance tests, verifying that the logs are returned according to the minimum log level set in appsettings

* enhanced unit tests, verifying 1) that the log method is only called when log level enabled 2) that the string function is only invoked when log level enabled

* weird issue with the merge.

* adding comment

* Update src/Ocelot/ServiceDiscovery/ServiceDiscoveryProviderFactory.cs

Co-authored-by: Raman Maksimchuk <dotnet044@gmail.com>

* Update src/Ocelot/Claims/Middleware/ClaimsToClaimsMiddleware.cs

Co-authored-by: Raman Maksimchuk <dotnet044@gmail.com>

* Update src/Ocelot/Configuration/Repository/FileConfigurationPoller.cs

Co-authored-by: Raman Maksimchuk <dotnet044@gmail.com>

* Update src/Ocelot/DownstreamRouteFinder/Finder/DownstreamRouteProviderFactory.cs

Co-authored-by: Raman Maksimchuk <dotnet044@gmail.com>

* Update src/Ocelot/Logging/AspDotNetLogger.cs

Co-authored-by: Raman Maksimchuk <dotnet044@gmail.com>

* Update test/Ocelot.AcceptanceTests/LogLevelTests.cs

Co-authored-by: Raman Maksimchuk <dotnet044@gmail.com>

* Update src/Ocelot/Configuration/Repository/FileConfigurationPoller.cs

Co-authored-by: Raman Maksimchuk <dotnet044@gmail.com>

* As mentioned, using OcelotLogger instead of AspDotNeLogger as default logger name

* Some code refactoring and usage of factories in LogLevelTests

* Update src/Ocelot/Claims/Middleware/ClaimsToClaimsMiddleware.cs

Co-authored-by: Raman Maksimchuk <dotnet044@gmail.com>

* using overrided method WriteLog for strings, some changes as requested,

* code changes after review 2

    pick ad0e060 Update test/Ocelot.UnitTests/Middleware/OcelotPiplineBuilderTests.cs

* checking test cases

* adding ms logger benchmarks with console provider. Unfortunately, benchmark.net doesn't support "quiet" mode yet.

* 2 small adjustments

* Adding multi targets support for serilog

* Fix warnings

* Review new logger

* Fix unit tests

* The last change but not least

* Update logging.rst: Add draft

* Update logging.rst: Add RequestId section

* Update logging.rst: "Best Practices" section

* Update logging.rst: "Top Logging Performance?" subsection

* Update logging.rst: Rewrite "Request ID" section

* Update requestid.rst: Review and up to date

* Update logging.rst: "Run Benchmarks" section

---------

Co-authored-by: Raman Maksimchuk <dotnet044@gmail.com>

* #1783 Less logs for circuit breakers (Polly exceptions) (#1786)

* #1783 More accurate logs for circuit breakers (and other "polly" exceptions)
Remove try/catch in PollyPoliciesDelegatingHandler and add a more generic AddPolly<T> to be able to use a specific PollyQoSProvider

* fix should_be_invalid_re_route_using_downstream_http_version UT

* fix remarks on PR

* arrange code

* fix UT

* merge with release/net8 branch

* switch benchmark to Net8

* Fix warnings

* Final review

---------

Co-authored-by: Ray <rmessie@traceparts.com>
Co-authored-by: raman-m <dotnet044@gmail.com>

* Revert #1172 feature (#1807)

* Revert #1172

* Remove Header

* Take actual version of caching.rst and remove Header info

* Release 22.0 | +semver: breaking

---------

Co-authored-by: Raynald Messié <redbird_project@yahoo.fr>
Co-authored-by: Ray <rmessie@traceparts.com>
Co-authored-by: Mohsen Rajabi <m.kabir8895@gmail.com>
Co-authored-by: jlukawska <56401969+jlukawska@users.noreply.github.com>
Co-authored-by: Stjepan <majdak.stjepan@gmail.com>
Co-authored-by: Stjepan Majdak <stjepan.majdak@a1.hr>
Co-authored-by: Guillaume Gnaegi <58469901+ggnaegi@users.noreply.github.com>
Co-authored-by: Samuel Poirier <sam9291p@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Identified as a potential bug merged Issue has been merged to dev and is waiting for the next release
Projects
None yet
Development

Successfully merging a pull request may close this issue.

3 participants