Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add global level security schemes to collection level auth #217

Merged
merged 6 commits into from
Jun 1, 2020
Merged

Add global level security schemes to collection level auth #217

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
b5f546d
Add global level security schemes to collection level auth
umeshp7 May 20, 2020
f4b0ab2
Add unit test case file for testing
umeshp7 May 21, 2020
4e4cc31
Add test case for empty auth at collection level
umeshp7 May 29, 2020
f9bc544
Remove inherit test case as, inherit is not a type in postman
umeshp7 May 29, 2020
65dfe98
Add test case file
umeshp7 May 31, 2020
8782534
Update auth assignment at collection level
umeshp7 Jun 1, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 3 additions & 8 deletions lib/schemaUtils.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -501,8 +501,6 @@ module.exports = {
// params - these contain path/header/body params
operationItem.parameters = this.getRequestParams(operationItem.parameters, commonParams,
componentsAndPaths, options);
// auth info - local security object takes precedence over the parent object
operationItem.security = operationItem.security || spec.security;
summary = operationItem.summary || operationItem.description;
currentNode.addMethod({
name: summary,
Expand Down Expand Up @@ -667,8 +665,6 @@ module.exports = {
operationItem.parameters = this.getRequestParams(operationItem.parameters, commonParams,
components, options);

// auth info - local security object takes precedence over the parent object
operationItem.security = operationItem.security || spec.security;
summary = operationItem.summary || operationItem.description;

// add the request which has not any tags
Expand Down Expand Up @@ -896,12 +892,11 @@ module.exports = {
var securityDef,
helper;

// return noAuth if security set is not defined
// return false if security set is not defined
// or is an empty array
// this will set the request's auth to default which is 'inherit from parent'
if (!securitySet || (Array.isArray(securitySet) && securitySet.length === 0)) {
return {
type: 'noauth'
};
return {};
}

securitySet.forEach((security) => {
Expand Down
17 changes: 16 additions & 1 deletion lib/schemapack.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -216,6 +216,7 @@ class SchemaPack {
generatedStore = {},
collectionJSON,
componentsAndPaths,
authHelper,
schemaCache = {
schemaResolutionCache: this.schemaResolutionCache,
schemaFakerCache: this.schemaFakerCache
Expand Down Expand Up @@ -251,7 +252,21 @@ class SchemaPack {
}
});


if (openapi.security) {
authHelper = schemaUtils.getAuthHelper(openapi, openapi.security);
if (authHelper) {
if (authHelper.type === 'api-key') {
// if authHelper has type apikey and has properties in header or query
// we override authHelper to 'noauth'
if (authHelper.properties.in === 'header' || authHelper.properties.in === 'query') {
authHelper = {
type: 'noauth'
};
}
}
generatedStore.collection.auth = authHelper;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will be executed regardless of line 260 🤔
Can you also add a regression test for this specific case? There should be a case that tests for collection.auth eing empty if in='header'/'query'

Also, why are we doing this in the first place? Why can't apiKey auths be left in the collection.auth property?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will make the changes and add the test case.

Adding apiKey to collection.auth property which is not recognized as one of the known formats results in an empty selection in the collection level auth dropdown in Postman app. It doesn't default to 'noauth'.
Screenshot 2020-05-26 at 1 49 53 PM

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What happens if type is apikey, but in isn't header/query?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oops! Made changes. @abhijitkane

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@abhijitkane
if type is apikey, but in isn't header/query - we should add the auth to collection. So I have made the required changes. Only in case of api-key and header/query the collection level auth will be 'noauth'. Rest of the cases we will add it directly.

}
}
// ---- Collection Variables ----
// adding the collection variables for all the necessary root level variables
// and adding them to the collection variables
Expand Down
43 changes: 43 additions & 0 deletions test/data/valid_openapi/empty-security-test-case.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
openapi: 3.0.0
info:
title: "Reproduce Authorization issue"
version: 0.0.1
security:
- MyAuth: []
paths:
/health:
get:
summary: "health"
description: "Health check - always returns OK"
operationId: "get_healthz"
responses:
'200':
description: "OK"
content:
text/plain:
schema:
type: "string"
default: "OK"
/status:
get:
summary: "status"
description: "Returns the service version"
operationId: "get_status"
responses:
'200':
description: "Service info multi-line string"
content:
text/plain:
schema:
type: "string"
components:
securitySchemes:
BearerAuth:
type: http
scheme: bearer
bearerFormat: token
MyAuth:
type: apiKey
description: "This is my auth"
name: Mera-Auth
in: header
44 changes: 44 additions & 0 deletions test/data/valid_openapi/security-test-cases.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
openapi: 3.0.0
info:
title: "Reproduce Authorization issue"
version: 0.0.1
security:
- MyAuth: []
- BearerAuth: []
paths:
/health:
get:
summary: "health"
description: "Health check - always returns OK"
operationId: "get_healthz"
responses:
'200':
description: "OK"
content:
text/plain:
schema:
type: "string"
default: "OK"
/status:
get:
summary: "status"
description: "Returns the service version"
operationId: "get_status"
responses:
'200':
description: "Service info multi-line string"
content:
text/plain:
schema:
type: "string"
components:
securitySchemes:
BearerAuth:
type: http
scheme: bearer
bearerFormat: token
MyAuth:
type: apiKey
description: "This is my auth"
name: Mera-Auth
in: header
39 changes: 38 additions & 1 deletion test/unit/base.test.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,44 @@ describe('CONVERT FUNCTION TESTS ', function() {
issue152 = path.join(__dirname, VALID_OPENAPI_PATH, '/path-refs-error.yaml'),
issue193 = path.join(__dirname, VALID_OPENAPI_PATH, '/issue#193.yml'),
tooManyRefs = path.join(__dirname, VALID_OPENAPI_PATH, '/too-many-refs.json'),
tagsFolderSpec = path.join(__dirname, VALID_OPENAPI_PATH + '/petstore-detailed.yaml');
tagsFolderSpec = path.join(__dirname, VALID_OPENAPI_PATH + '/petstore-detailed.yaml'),
securityTestCases = path.join(__dirname, VALID_OPENAPI_PATH + '/security-test-cases.yaml'),
emptySecurityTestCase = path.join(__dirname, VALID_OPENAPI_PATH + '/empty-security-test-case.yaml');


it('Should add collection level auth with type as `bearer`' +
securityTestCases, function(done) {
var openapi = fs.readFileSync(securityTestCases, 'utf8');
Converter.convert({ type: 'string', data: openapi }, {}, (err, conversionResult) => {

expect(err).to.be.null;
expect(conversionResult.result).to.equal(true);
expect(conversionResult.output.length).to.equal(1);
expect(conversionResult.output[0].type).to.equal('collection');
expect(conversionResult.output[0].data).to.have.property('info');
expect(conversionResult.output[0].data).to.have.property('item');
expect(conversionResult.output[0].data.auth).to.have.property('type');
expect(conversionResult.output[0].data.auth.type).to.equal('bearer');
done();
});
});

it('Should have noauth at the collection level if auth type is api-key and properties in header' +
emptySecurityTestCase, function(done) {
var openapi = fs.readFileSync(emptySecurityTestCase, 'utf8');
Converter.convert({ type: 'string', data: openapi }, {}, (err, conversionResult) => {

expect(err).to.be.null;
expect(conversionResult.result).to.equal(true);
expect(conversionResult.output.length).to.equal(1);
expect(conversionResult.output[0].type).to.equal('collection');
expect(conversionResult.output[0].data).to.have.property('info');
expect(conversionResult.output[0].data).to.have.property('item');
expect(conversionResult.output[0].data.auth).to.have.property('type');
expect(conversionResult.output[0].data.auth.type).to.equal('noauth');
done();
});
});

it('Should generate collection conforming to schema for and fail if not valid ' +
tooManyRefs, function(done) {
Expand Down