Parse defined security requirements correctly

2026-01-23 06:16:42 +00:00 · 2016-10-14 17:44:27 -07:00 · 2016-10-14 17:44:27 -07:00 · 23f4120fe3
commit 23f4120fe3
parent 312f68ae72
5 changed files with 21 additions and 15 deletions
--- a/rswag-specs/lib/rswag/specs/request_factory.rb
+++ b/rswag-specs/lib/rswag/specs/request_factory.rb
@ -65,9 +65,13 @@ module Rswag

      def resolve_api_key_parameters
        @api_key_params ||= begin
-          global_requirements = (@global_metadata[:security] || {})
-          requirements = global_requirements.merge(@api_metadata[:operation][:security] || {})
-          definitions = (@global_metadata[:securityDefinitions] || {}).slice(*requirements.keys)
+          # First figure out the security requirement applicable to the operation
+          global_requirements = (@global_metadata[:security] || [] ).map { |r| r.keys.first }
+          operation_requirements = (@api_metadata[:operation][:security] || [] ).map { |r| r.keys.first }
+          requirements = global_requirements | operation_requirements
+
+          # Then obtain the scheme definitions for those requirements
+          definitions = (@global_metadata[:securityDefinitions] || {}).slice(*requirements)
          definitions.values.select { |d| d[:type] == :apiKey }
        end
      end
--- a/rswag-specs/spec/rswag/specs/example_helpers_spec.rb
+++ b/rswag-specs/spec/rswag/specs/example_helpers_spec.rb
@ -26,9 +26,9 @@ module Rswag
              { name: 'q1', in: :query, type: 'string' },
              { name: :blog, in: :body, schema: { type: 'object' } }
            ],
-            security: {
-              api_key: []
-            }
+            security: [
+              { api_key: [] }
+            ]
          }
        }
      end
--- a/rswag-specs/spec/rswag/specs/request_factory_spec.rb
+++ b/rswag-specs/spec/rswag/specs/request_factory_spec.rb
@ -102,7 +102,7 @@ module Rswag
          end

          context 'global requirement' do
-            before { global_metadata[:security] = { api_key: [] } }
+            before { global_metadata[:security] = [ { api_key: [] } ] }

            it "appends the api_key using metadata and example value" do
              expect(path).to eq('/blogs/1/comments/2?api_key=fookey')
@ -110,7 +110,7 @@ module Rswag
          end

          context 'operation-specific requirement' do
-            before { api_metadata[:operation][:security] = { api_key: [] } }
+            before { api_metadata[:operation][:security] = [ { api_key: [] } ] }

            it "appends the api_key using metadata and example value" do
              expect(path).to eq('/blogs/1/comments/2?api_key=fookey')
--- a/test-app/spec/swagger_helper.rb
+++ b/test-app/spec/swagger_helper.rb
@ -51,9 +51,9 @@ RSpec.configure do |config|
          in: :query
        }
      },
-      security: {
-        api_key: []
-      }
+      security: [
+        { api_key: [] }
+      ]
    }
  }
 end
--- a/test-app/swagger/v1/swagger.json
+++ b/test-app/swagger/v1/swagger.json
@ -145,9 +145,11 @@
      "in": "query"
    }
  },
-  "security": {
-    "api_key": [
+  "security": [
+    {
+      "api_key": [

-    ]
-  }
+      ]
+    }
+  ]
 }