From 0c87067002c888de4232294d13f35c8abfa292ad Mon Sep 17 00:00:00 2001
From: Jon Ursenbach <erunion@users.noreply.github.com>
Date: Mon, 24 Aug 2020 11:44:01 -0700
Subject: [PATCH] fix: dont return security if no securityschemes are present
 (#259)

---
 packages/tooling/__tests__/operation.test.js | 32 +++++++++++++++++++-
 packages/tooling/src/operation.js            |  4 +++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/packages/tooling/__tests__/operation.test.js b/packages/tooling/__tests__/operation.test.js
index 769dd949..83e5b654 100644
--- a/packages/tooling/__tests__/operation.test.js
+++ b/packages/tooling/__tests__/operation.test.js
@@ -193,6 +193,12 @@ describe('#isJson', () => {
 
 describe('#getSecurity()', () => {
   const security = [{ auth: [] }];
+  const securitySchemes = {
+    auth: {
+      type: 'http',
+      scheme: 'basic',
+    },
+  };
 
   it('should return the security on this operation', () => {
     expect(
@@ -205,6 +211,9 @@ describe('#getSecurity()', () => {
             },
           },
         },
+        components: {
+          securitySchemes,
+        },
       })
         .operation('/things', 'post')
         .getSecurity()
@@ -221,13 +230,16 @@ describe('#getSecurity()', () => {
           },
         },
         security,
+        components: {
+          securitySchemes,
+        },
       })
         .operation('/things', 'post')
         .getSecurity()
     ).toBe(security);
   });
 
-  it('should default to empty array', () => {
+  it('should default to empty array if no security object defined', () => {
     expect(
       new Oas({
         info: { version: '1.0' },
@@ -241,6 +253,24 @@ describe('#getSecurity()', () => {
         .getSecurity()
     ).toStrictEqual([]);
   });
+
+  it('should default to empty array if no securitySchemes are defined', () => {
+    expect(
+      new Oas({
+        info: { version: '1.0' },
+        paths: {
+          '/things': {
+            post: {
+              security,
+            },
+          },
+        },
+        components: {},
+      })
+        .operation('/things', 'post')
+        .getSecurity()
+    ).toStrictEqual([]);
+  });
 });
 
 // https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#securitySchemeObject
diff --git a/packages/tooling/src/operation.js b/packages/tooling/src/operation.js
index ab99416c..7a98498a 100644
--- a/packages/tooling/src/operation.js
+++ b/packages/tooling/src/operation.js
@@ -65,6 +65,10 @@ class Operation {
   }
 
   getSecurity() {
+    if (!('components' in this.oas) || !('securitySchemes' in this.oas.components)) {
+      return [];
+    }
+
     return this.security || this.oas.security || [];
   }