OpenApi requestBody does not enforce format password #5588
Description
API Platform version(s) affected: 3.1.4
Description
I am manually creating an operation with OpenApiFactory for an authentication route. The intention is that the password should be masked when the user inputs it on Swagger UI, but that's not the case. It treats it as an ordinary string, no masking.
The corresponding openapi documentation is in this link.
How to reproduce
On /OpenApi/OpenApiFactory
$schemas['Auth'] = new ArrayObject([
'type' => 'object',
'properties' => [
'email' => [
'type' => 'string',
'format' => 'email',
'readOnly' => false,
],
'password' => [
'type' => 'string',
'format' => 'password',
'readOnly' => false,
],
],
]);
content: new ArrayObject([
'application/json' => [
'schema' => [
'$ref' => '#/components/schemas/Auth',
],
],
]),
The format attribute works fine for the email field or if I apply any other format to the password field, like ( date, date-time).
Note that the same password attribute works fine, meaning it masks the user input, when used in the context of a GET operation parameter, as below:
new Parameter(
name: 'password',
schema: [
'type' => 'string',
'format' => 'password'
],
description: '<p>Password in the format <code>10 digits</code></p>',
in: 'body'
)
],
Possible Solution
Additional Context