Parse defined security requirements correctly

2026-01-25 07:16:40 +00:00 · 2016-10-14 17:44:27 -07:00
parent 312f68ae72
commit 23f4120fe3
5 changed files with 21 additions and 15 deletions
--- a/rswag-specs/lib/rswag/specs/request_factory.rb
+++ b/rswag-specs/lib/rswag/specs/request_factory.rb
@@ -65,9 +65,13 @@ module Rswag
      def resolve_api_key_parameters
        @api_key_params ||= begin
-          global_requirements = (@global_metadata[:security] || {})
+          # First figure out the security requirement applicable to the operation
-          requirements = global_requirements.merge(@api_metadata[:operation][:security] || {})
+          global_requirements = (@global_metadata[:security] || [] ).map { |r| r.keys.first }
-          definitions = (@global_metadata[:securityDefinitions] || {}).slice(*requirements.keys)
+          operation_requirements = (@api_metadata[:operation][:security] || [] ).map { |r| r.keys.first }
          requirements = global_requirements | operation_requirements
          # Then obtain the scheme definitions for those requirements
          definitions = (@global_metadata[:securityDefinitions] || {}).slice(*requirements)
          definitions.values.select { |d| d[:type] == :apiKey }
        end
      end
--- a/rswag-specs/spec/rswag/specs/example_helpers_spec.rb
+++ b/rswag-specs/spec/rswag/specs/example_helpers_spec.rb
@@ -26,9 +26,9 @@ module Rswag
              { name: 'q1', in: :query, type: 'string' },
              { name: :blog, in: :body, schema: { type: 'object' } }
            ],
-            security: {
+            security: [
-              api_key: []
+              { api_key: [] }
-            }
+            ]
          }
        }
      end
--- a/rswag-specs/spec/rswag/specs/request_factory_spec.rb
+++ b/rswag-specs/spec/rswag/specs/request_factory_spec.rb
@@ -102,7 +102,7 @@ module Rswag
          end
          context 'global requirement' do
-            before { global_metadata[:security] = { api_key: [] } }
+            before { global_metadata[:security] = [ { api_key: [] } ] }
            it "appends the api_key using metadata and example value" do
              expect(path).to eq('/blogs/1/comments/2?api_key=fookey')
@@ -110,7 +110,7 @@ module Rswag
          end
          context 'operation-specific requirement' do
-            before { api_metadata[:operation][:security] = { api_key: [] } }
+            before { api_metadata[:operation][:security] = [ { api_key: [] } ] }
            it "appends the api_key using metadata and example value" do
              expect(path).to eq('/blogs/1/comments/2?api_key=fookey')
--- a/test-app/spec/swagger_helper.rb
+++ b/test-app/spec/swagger_helper.rb
@@ -51,9 +51,9 @@ RSpec.configure do |config|
          in: :query
        }
      },
-      security: {
+      security: [
-        api_key: []
+        { api_key: [] }
-      }
+      ]
    }
  }
 end
--- a/test-app/swagger/v1/swagger.json
+++ b/test-app/swagger/v1/swagger.json
@@ -145,9 +145,11 @@
      "in": "query"
    }
  },
-  "security": {
+  "security": [
-    "api_key": [
+    {
      "api_key": [
-    ]
+      ]
-  }
+    }
  ]
 }