Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add global level security schemes to collection level auth #217

Merged
merged 6 commits into from
Jun 1, 2020
Merged

Add global level security schemes to collection level auth #217

merged 6 commits into from
Jun 1, 2020

Conversation

umeshp7
Copy link
Contributor

@umeshp7 umeshp7 commented May 20, 2020
edited
Loading

Fixes: #86
Following openapi schema reproduces this issue.

openapi: 3.0.0
info:
  title: "Reproduce Authorization issue"
  version: 0.0.1
security:
  - BearerAuth: []
paths:
  /status:
    get:
      summary: "status"
      description: "Returns the service version"
      operationId: "get_status"
      responses:
        '200':
          description: "Service info multi-line string"
          content:
            text/plain:
              schema:
                type: "string"
components:
  securitySchemes:
    BearerAuth:
      type: http
      scheme: bearer
      bearerFormat: token

Current behavior:

  • All the requests created from paths in this schema have an Auth object with security scheme present at the global level of the schema.
  • No auth is added for the ones having in: header. And appropriate headers are added for them.
  • No Auth is added at the collection level.

Expected behavior:

  • Global security scheme should be added at the collection auth level.
  • All the requests which don’t have any auth defined should have ‘Inherit From Parent’ selected in Postman.

abhijitkane
abhijitkane reviewed May 26, 2020
View reviewed changes
lib/schemapack.js
generatedStore.collection.auth = {};
}
}
generatedStore.collection.auth = authHelper;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be executed regardless of line 260 🤔
Can you also add a regression test for this specific case? There should be a case that tests for collection.auth eing empty if in='header'/'query'

Also, why are we doing this in the first place? Why can't apiKey auths be left in the collection.auth property?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will make the changes and add the test case.

Adding apiKey to collection.auth property which is not recognized as one of the known formats results in an empty selection in the collection level auth dropdown in Postman app. It doesn't default to 'noauth'.
Screenshot 2020-05-26 at 1 49 53 PM

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if type is apikey, but in isn't header/query?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops! Made changes. @abhijitkane

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@abhijitkane
if type is apikey, but in isn't header/query - we should add the auth to collection. So I have made the required changes. Only in case of api-key and header/query the collection level auth will be 'noauth'. Rest of the cases we will add it directly.

@umeshp7 umeshp7 requested a review from abhijitkane May 29, 2020 09:36
@umeshp7 umeshp7 merged commit 4065596 into develop Jun 1, 2020
@snyk-bot snyk-bot mentioned this pull request Apr 1, 2020
Closed
@umeshp7 umeshp7 deleted the feature/global-security-schemes branch November 24, 2021 06:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@abhijitkane abhijitkane Awaiting requested review from abhijitkane

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Open API v3 - global security section should be applied to the whole collection
2 participants
@umeshp7 @abhijitkane