Upgrade to Swagger-UI 5.29.0

Author: ctyar

src/SwaggerUI.OpenApi/Endpoints.cs

@@ -198,87 +198,20 @@ private static string GetIndexEnd()
     public static string GetOAuthRedirectHtml()
     {
         return """
-        <!doctype html>
-        <html lang="en-US">
-        <head>
-            <title>Swagger UI: OAuth2 Redirect</title>
-        </head>
-        <body>
-        <script>
-            'use strict';
-            function run () {
-                var oauth2 = window.opener.swaggerUIRedirectOauth2;
-                var sentState = oauth2.state;
-                var redirectUrl = oauth2.redirectUrl;
-                var isValid, qp, arr;
-
-                if (/code|token|error/.test(window.location.hash)) {
-                    qp = window.location.hash.substring(1).replace('?', '&');
-                } else {
-                    qp = location.search.substring(1);
-                }
-
-                arr = qp.split("&");
-                arr.forEach(function (v,i,_arr) { _arr[i] = '"' + v.replace('=', '":"') + '"';});
-                qp = qp ? JSON.parse('{' + arr.join() + '}',
-                        function (key, value) {
-                            return key === "" ? value : decodeURIComponent(value);
-                        }
-                ) : {};
-
-                isValid = qp.state === sentState;
-
-                if ((
-                  oauth2.auth.schema.get("flow") === "accessCode" ||
-                  oauth2.auth.schema.get("flow") === "authorizationCode" ||
-                  oauth2.auth.schema.get("flow") === "authorization_code"
-                ) && !oauth2.auth.code) {
-                    if (!isValid) {
-                        oauth2.errCb({
-                            authId: oauth2.auth.name,
-                            source: "auth",
-                            level: "warning",
-                            message: "Authorization may be unsafe, passed state was changed in server. The passed state wasn't returned from auth server."
-                        });
-                    }
-
-                    if (qp.code) {
-                        delete oauth2.state;
-                        oauth2.auth.code = qp.code;
-                        oauth2.callback({auth: oauth2.auth, redirectUrl: redirectUrl});
-                    } else {
-                        let oauthErrorMsg;
-                        if (qp.error) {
-                            oauthErrorMsg = "["+qp.error+"]: " +
-                                (qp.error_description ? qp.error_description+ ". " : "no accessCode received from the server. ") +
-                                (qp.error_uri ? "More info: "+qp.error_uri : "");
-                        }
-
-                        oauth2.errCb({
-                            authId: oauth2.auth.name,
-                            source: "auth",
-                            level: "error",
-                            message: oauthErrorMsg || "[Authorization failed]: no accessCode received from the server."
-                        });
-                    }
-                } else {
-                    oauth2.callback({auth: oauth2.auth, token: qp, isValid: isValid, redirectUrl: redirectUrl});
-                }
-                window.close();
-            }
-
-            if (document.readyState !== 'loading') {
-                run();
-            } else {
-                document.addEventListener('DOMContentLoaded', function () {
-                    run();
-                });
-            }
-        </script>
-        </body>
-        </html>
+            <!doctype html>
+            <html lang="en-US">
+            <body>
+            </body>
+            </html>
+            <script src="oauth2-redirect.js"></script>
+            """;
+    }
 
-        """;
+    public static string GetOAuthRedirectJs()
+    {
+        return """
+            "use strict";function run(){var e,r,t,a=window.opener.swaggerUIRedirectOauth2,o=a.state,n=a.redirectUrl;if((t=(r=/code|token|error/.test(window.location.hash)?window.location.hash.substring(1).replace("?","&"):location.search.substring(1)).split("&")).forEach((function(e,r,t){t[r]='"'+e.replace("=",'":"')+'"'})),e=(r=r?JSON.parse("{"+t.join()+"}",(function(e,r){return""===e?r:decodeURIComponent(r)})):{}).state===o,"accessCode"!==a.auth.schema.get("flow")&&"authorizationCode"!==a.auth.schema.get("flow")&&"authorization_code"!==a.auth.schema.get("flow")||a.auth.code)a.callback({auth:a.auth,token:r,isValid:e,redirectUrl:n});else if(e||a.errCb({authId:a.auth.name,source:"auth",level:"warning",message:"Authorization may be unsafe, passed state was changed in server Passed state wasn't returned from auth server"}),r.code)delete a.state,a.auth.code=r.code,a.callback({auth:a.auth,redirectUrl:n});else{let e;r.error&&(e="["+r.error+"]: "+(r.error_description?r.error_description+". ":"no accessCode received from the server. ")+(r.error_uri?"More info: "+r.error_uri:"")),a.errCb({authId:a.auth.name,source:"auth",level:"error",message:e||"[Authorization failed]: no accessCode received from the server"})}window.close()}"loading"!==document.readyState?run():document.addEventListener("DOMContentLoaded",(function(){run()}));
+            """;
     }
 
     private static List<string> GetDocumentNames(IServiceProvider serviceProvider)

src/SwaggerUI.OpenApi/SwaggerUIEndpointRouteBuilderExtensions.cs

@@ -39,6 +39,9 @@ public static RouteGroupBuilder MapSwaggerUIFromGroup(RouteGroupBuilder group)
         group.MapGet("oauth2-redirect.html", () =>
             Results.Content(Endpoints.GetOAuthRedirectHtml(), "text/html"));
 
+        group.MapGet("oauth2-redirect.js", () =>
+            Results.Content(Endpoints.GetOAuthRedirectJs(), "text/javascript"));
+
         return group;
     }
 }

test/SwaggerUI.OpenApi.Tests/ServiceCollectionExtensionsTests.cs

@@ -425,7 +425,7 @@ public async Task SpecificDocumentWithMultipleDocumentsAndConfigs()
     }
 
     [Fact]
-    public async Task OAuth2RedirectIsLatestVersion()
+    public async Task OAuth2RedirectHtmlIsLatestVersion()
     {
         using var httpClient = new HttpClient();
         var expected = await httpClient.GetStringAsync("https://raw.githubusercontent.com/swagger-api/swagger-ui/master/dist/oauth2-redirect.html", TestContext.Current.CancellationToken);
@@ -448,6 +448,30 @@ public async Task OAuth2RedirectIsLatestVersion()
         Assert.Equal(expected, actual);
     }
 
+    [Fact]
+    public async Task OAuth2RedirectJsIsLatestVersion()
+    {
+        using var httpClient = new HttpClient();
+        var expected = await httpClient.GetStringAsync("https://raw.githubusercontent.com/swagger-api/swagger-ui/master/dist/oauth2-redirect.js", TestContext.Current.CancellationToken);
+        expected = expected.Replace("\n", "\r\n");
+
+        var builder = WebApplication.CreateBuilder();
+        builder.WebHost.UseTestServer();
+        builder.Services.AddOpenApi();
+        builder.Services.AddSwaggerUI();
+
+        var app = builder.Build();
+        app.MapOpenApi();
+        app.MapSwaggerUI();
+
+        app.Start();
+        var client = app.GetTestClient();
+
+        var actual = await client.GetStringAsync("swagger/oauth2-redirect.js", TestContext.Current.CancellationToken);
+
+        Assert.Equal(expected, actual);
+    }
+
     [Fact]
     public async Task AddIdentityServer()
     {