Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security Schema doesn't work in the output #150

Closed
sajjadrad opened this issue Jul 7, 2022 · 2 comments
Closed

Security Schema doesn't work in the output #150

sajjadrad opened this issue Jul 7, 2022 · 2 comments
Labels
question Further information is requested wontfix This will not be worked on

Comments

@sajjadrad
Copy link

Describe the bug

The authorization form is empty for the authentication-required paths.

Expected behavior

An authorization form with the required header for passing the security parameter.

Current behavior

The authorization form is empty.

Possible solution

Steps to reproduce

  1. Use this spec:
{
  "openapi": "3.0.1",
  "info": {
    "title": "Test",
    "description": "Description",
    "termsOfService": "",
    "contact": {
      "email": ""
    },
    "version": "1.1.0"
  },
  "externalDocs": {
    "description": "Find out more about Swagger",
    "url": "http://swagger.io"
  },
  "servers": [
    {
      "url": "https://api.test.url"
    }
  ],
  "paths": {
    "/test": {
      "post": {
        "summary": "test endpoint",
        "operationId": "opt1",
        "requestBody": {
          "content": {
            "application/x-www-form-urlencoded": {
              "schema": {
                "required": [
                  "id"
                ],
                "type": "object",
                "properties": {
                  "id": {
                    "type": "string",
                    "example": "id-uuid"
                  }
                }
              }
            }
          },
          "required": true
        },
        "responses": {
          "200": {
            "description": "successful",
            "content": {
              "application/json": {
                "schema": {
                  "$ref": "#/components/schemas/TestResp"
                }
              }
            }
          }
        },
        "security": [
          {
            "TestAuth": []
          }
        ]
      }
    }
  },
  "components": {
    "schemas": {
      "TestResp": {
        "required": [
          "id",
          "name"
        ],
        "type": "object",
        "properties": {
          "id": {
            "type": "string",
            "example": "id-uuid"
          },
          "name": {
            "type": "string",
            "description": "test name"
          }
        }
      }
    },
    "securitySchemes": {
      "TestAuth": {
        "type": "apiKey",
        "name": "X-Test-Auth-Key",
        "in": "header"
      }
    }
  }
}
  1. Run npm run start
  2. Click on the authorize button at the top right.
  3. Authorization form is empty!

Screenshots

doc

Context

I'm trying to generate the document website from an OpenAPI JSON spec. the authentication method and details are ignored in the compiled version. no authorization form or detail is rendered.

Your Environment

  • Version used: 0.4.0
  • Environment name and version (e.g. Chrome 59, node.js 5.4, python 3.7.3): Chrome 103
  • Operating System and version (desktop or mobile): macOS 12.3
  • Link to your project: -
@sajjadrad sajjadrad added the bug Something isn't working label Jul 7, 2022
@welcome-to-palo-alto-networks
Copy link

🎉 Thanks for opening your first issue here! Welcome to the community!

@sserrata
Copy link
Member

sserrata commented Jul 11, 2022

Hi @sajjadrad, I see you are referring to version 0.4.0 which has not been released under this project. Perhaps you meant to open this issue under the https://github.com/cloud-annotations/docusaurus-openapi repo?

FWIW, for security reasons, this project intentionally removed the authentication form and ability to send requests from the browser. We determined that storing credentials in the browser is a dangerous practice that should be avoided, since it potentially exposes those credentials to XSS/XSR and similar attacks.

@sserrata sserrata added wontfix This will not be worked on question Further information is requested and removed bug Something isn't working labels Jul 12, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
question Further information is requested wontfix This will not be worked on
Projects
None yet
Development

No branches or pull requests

2 participants