Leverage security definitions for headers in example requests

2026-01-25 07:16:40 +00:00 · 2017-02-15 15:38:03 -05:00
parent e40c5fc26e
commit de7ec5f15d
11 changed files with 209 additions and 34 deletions
--- a/test-app/app/controllers/application_controller.rb
+++ b/test-app/app/controllers/application_controller.rb
@@ -1,7 +1,7 @@
 class ApplicationController < ActionController::Base
  # Prevent CSRF attacks by raising an exception.
  # For APIs, you may want to use :null_session instead.
-  protect_from_forgery with: :exception
+  protect_from_forgery with: :null_session

  wrap_parameters format: [ :json ]
 end
--- a/test-app/app/controllers/auth_tests_controller.rb
+++ b/test-app/app/controllers/auth_tests_controller.rb
@@ -0,0 +1,13 @@
+class AuthTestsController < ApplicationController
+  wrap_parameters Blog
+  respond_to :json
+
+  # POST /auth-tests/basic
+  def basic
+    if authenticate_with_http_basic { |u, p| u == 'jsmith' && p == 'jspass' }
+      head :no_content
+    else
+      request_http_basic_authentication
+    end
+  end
+end
--- a/test-app/config/routes.rb
+++ b/test-app/config/routes.rb
@@ -1,6 +1,8 @@
 TestApp::Application.routes.draw do
  resources :blogs, defaults: { :format => :json }

+  post 'auth-tests/basic', to: 'auth_tests#basic'
+
  mount Rswag::Api::Engine => 'api-docs'
  mount Rswag::Ui::Engine => 'api-docs'
 end
--- a/test-app/spec/integration/auth_tests_spec.rb
+++ b/test-app/spec/integration/auth_tests_spec.rb
@@ -0,0 +1,22 @@
+require 'swagger_helper'
+
+describe 'Auth Tests API', type: :request, swagger_doc: 'v1/swagger.json' do
+
+  path '/auth-tests/basic' do
+    post 'Authenticates with basic auth' do
+      tags 'Auth Test'
+      operationId 'testBasicAuth'
+      security [ basic_auth: [] ]
+
+      response '204', 'Valid credentials' do
+        let(:Authorization) { "Basic #{::Base64.strict_encode64('jsmith:jspass')}" }
+        run_test!
+      end
+
+      response '401', 'Invalid credentials' do
+        let(:Authorization) { "Basic #{::Base64.strict_encode64('foo:bar')}" }
+        run_test!
+      end
+    end
+  end
+end
--- a/test-app/spec/swagger_helper.rb
+++ b/test-app/spec/swagger_helper.rb
@@ -45,6 +45,9 @@ RSpec.configure do |config|
        }
      },
      securityDefinitions: {
+        basic_auth: {
+          type: :basic
+        },
        api_key: {
          type: :apiKey,
          name: 'api_key',
--- a/test-app/swagger/v1/swagger.json
+++ b/test-app/swagger/v1/swagger.json
@@ -5,6 +5,30 @@
    "version": "v1"
  },
  "paths": {
+    "/auth-tests/basic": {
+      "post": {
+        "summary": "Authenticates with basic auth",
+        "tags": [
+          "Auth Test"
+        ],
+        "operationId": "testBasicAuth",
+        "security": [
+          {
+            "basic_auth": [
+
+            ]
+          }
+        ],
+        "responses": {
+          "204": {
+            "description": "Valid credentials"
+          },
+          "401": {
+            "description": "Invalid credentials"
+          }
+        }
+      }
+    },
    "/blogs": {
      "post": {
        "summary": "Creates a blog",
@@ -158,6 +182,9 @@
    }
  },
  "securityDefinitions": {
+    "basic_auth": {
+      "type": "basic"
+    },
    "api_key": {
      "type": "apiKey",
      "name": "api_key",