Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Include the scheme when using http security #10

Merged
merged 2 commits into from
Mar 3, 2021
Merged

Include the scheme when using http security #10

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c2686fd
Include the scheme when using http security
tommyengstrom Jan 16, 2021
f163ab5
Add HttpSchemeCustom and optional bearerFormat
tommyengstrom Feb 26, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions src/Data/OpenApi.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -91,6 +91,7 @@ module Data.OpenApi (
-- ** Security
SecurityScheme(..),
SecuritySchemeType(..),
HttpSchemeType(..),
SecurityDefinitions(..),
SecurityRequirement(..),

Expand Down
32 changes: 28 additions & 4 deletions src/Data/OpenApi/Internal.hs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -838,8 +838,16 @@ data OAuth2Flows = OAuth2Flows
, _oAuth2FlowsAuthorizationCode :: Maybe (OAuth2Flow OAuth2AuthorizationCodeFlow)
} deriving (Eq, Show, Generic, Data, Typeable)

type BearerFormat = Text

data HttpSchemeType
= HttpSchemeBearer (Maybe BearerFormat)
| HttpSchemeBasic
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The spec (https://swagger.io/specification/#security-scheme-object) for scheme property with http type says:

The values used SHOULD be registered in the IANA Authentication Scheme registry.

So I'd say we should either add other options as well (Digest, HOBA, ...) or at least provide HttpSchemeCustom Text constructor.

Also, for Bearer scheme the spec mentions an optional field bearerFormat:

A hint to the client to identify how the bearer token is formatted. Bearer tokens are usually generated by an authorization server, so this information is primarily for documentation purposes.

Please add it to the HttpSchemeBearer constructor as Maybe Text field.

| HttpSchemeCustom Text
deriving (Eq, Show, Generic, Data, Typeable)

data SecuritySchemeType
= SecuritySchemeHttp
= SecuritySchemeHttp HttpSchemeType
| SecuritySchemeApiKey ApiKeyParams
| SecuritySchemeOAuth2 OAuth2Flows
| SecuritySchemeOpenIdConnect URL
Expand Down Expand Up @@ -1229,8 +1237,19 @@ instance ToJSON OAuth2Flows where
toEncoding = sopSwaggerGenericToEncoding

instance ToJSON SecuritySchemeType where
toJSON SecuritySchemeHttp
= object [ "type" .= ("http" :: Text) ]
toJSON (SecuritySchemeHttp ty) = case ty of
HttpSchemeBearer mFmt ->
object $ [ "type" .= ("http" :: Text)
, "scheme" .= ("bearer" :: Text)
] <> maybe [] (\t -> ["bearerFormat" .= t]) mFmt
HttpSchemeBasic ->
object [ "type" .= ("http" :: Text)
, "scheme" .= ("basic" :: Text)
]
HttpSchemeCustom t ->
object [ "type" .= ("http" :: Text)
, "scheme" .= t
]
toJSON (SecuritySchemeApiKey params)
= toJSON params
<+> object [ "type" .= ("apiKey" :: Text) ]
Expand Down Expand Up @@ -1379,7 +1398,12 @@ instance FromJSON SecuritySchemeType where
parseJSON js@(Object o) = do
(t :: Text) <- o .: "type"
case t of
"http" -> pure SecuritySchemeHttp
"http" -> do
scheme <- o .: "scheme"
SecuritySchemeHttp <$> case scheme of
"bearer" -> HttpSchemeBearer <$> (o .:! "bearerFormat")
"basic" -> pure HttpSchemeBasic
t -> pure $ HttpSchemeCustom t
"apiKey" -> SecuritySchemeApiKey <$> parseJSON js
"oauth2" -> SecuritySchemeOAuth2 <$> (o .: "flows")
"openIdConnect" -> SecuritySchemeOpenIdConnect <$> (o .: "openIdConnectUrl")
Expand Down