From efdaac4bc5990df618d578e0332e9f2d36e7ed4a Mon Sep 17 00:00:00 2001 From: Justin Pettit Date: Wed, 17 Oct 2018 08:45:49 -0700 Subject: [PATCH 1/2] bearer auth for openapi 3.0 --- .../spec/start/normalize/params/security.js | 48 ++++++++++++++++++- 1 file changed, 46 insertions(+), 2 deletions(-) diff --git a/src/core/spec/start/normalize/params/security.js b/src/core/spec/start/normalize/params/security.js index a6c48a6..e29902d 100644 --- a/src/core/spec/start/normalize/params/security.js +++ b/src/core/spec/start/normalize/params/security.js @@ -10,17 +10,40 @@ const IN_TO_LOCATION = require('./in_to_location') // Normalize OpenAPI security request parameters into specification-agnostic // format const getSecParams = function({ - spec: { securityDefinitions, security: apiSecurity = [] }, + spec: { + securityDefinitions, + security: apiSecurity = [], + components: { + securitySchemes: secSchemes + } + }, operation: { security = apiSecurity }, }) { const secRefs = getSecRefs({ security }) + const secDef = getSecDefs({ securityDefinitions, securitySchemes: secSchemes}) const secParams = secRefs.map(([secName, scopes]) => - getSecParam({ secName, scopes, securityDefinitions }), + getSecParam({ secName, scopes, securityDefinitions: secDef }), ) const secParamsA = Object.assign({}, ...secParams) return secParamsA } +const getSecDefs = function({ securityDefinitions, securitySchemes }) { + // Check if either 2.0 or 3.0 exist + if ((securityDefinitions === undefined) && (securitySchemes === undefined)) { + throw new TestOpenApiError( + `Could not find OpenAPI 2 'securityDefinitions' or OpenAPI 3 'components.securitySchemes' from the spec root` + ) + } + + // Check for 2.0 + if (securityDefinitions === undefined) { + return securitySchemes + } + + return securityDefinitions +} + const getSecRefs = function({ security }) { const securityA = security.map(Object.entries) const securityB = [].concat(...securityA) @@ -62,10 +85,31 @@ const getDefApiKey = function({ name, in: paramIn }) { return { [key]: { type: 'string', optional: true } } } +const getDefHttpKey = function({ scheme }) { + const scheme_type = HTTP_SCHEME_TYPES[scheme] + + if (scheme_type === undefined) { + throw new TestOpenApiError( + `Other HTTP schemes defined by RFC 7235 not yet supported`, + ) + } + + const location = IN_TO_LOCATION['headers'] + const key = locationToKey({ name: 'Authorization', location}) + + return { [key]: { type: 'string', optional: false } } +} + const SECURITY_DEFS = { apiKey: getDefApiKey, + http: getDefHttpKey } +const HTTP_SCHEME_TYPES = Object.freeze({ + "basic": 1, + "bearer": 2 +}) + module.exports = { getSecParams, } From ea968eb667f125fccd8d1f8535ef39ccf0881383 Mon Sep 17 00:00:00 2001 From: Justin Pettit Date: Thu, 18 Oct 2018 10:23:01 -0700 Subject: [PATCH 2/2] Fix auth header naming --- src/core/spec/start/normalize/params/security.js | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/core/spec/start/normalize/params/security.js b/src/core/spec/start/normalize/params/security.js index e29902d..f4f8ad4 100644 --- a/src/core/spec/start/normalize/params/security.js +++ b/src/core/spec/start/normalize/params/security.js @@ -94,8 +94,8 @@ const getDefHttpKey = function({ scheme }) { ) } - const location = IN_TO_LOCATION['headers'] - const key = locationToKey({ name: 'Authorization', location}) + const location = IN_TO_LOCATION['header'] + const key = locationToKey({ name: 'authorization', location}) return { [key]: { type: 'string', optional: false } } }