From 7d99b85f86767afeff03587bdd860a42becad32d Mon Sep 17 00:00:00 2001 From: Dom Harrington Date: Mon, 20 May 2019 15:58:47 -0700 Subject: [PATCH 1/3] Add support for bearer auth Bearer authentication is just a regular API key: https://swagger.io/docs/specification/authentication/bearer-authentication/ But it comes through like this: ``` { type: 'http', scheme: 'bearer' } ``` Which `getAuth()` incorrectly picked up as though it should be HTTP auth. This adds support for bearer to `getAuth()` --- example/swagger-files/auth-types.json | 23 ++++++------------- .../__tests__/lib/get-auth.test.js | 8 ++++++- packages/api-explorer/src/lib/get-auth.js | 9 +++++++- 3 files changed, 22 insertions(+), 18 deletions(-) diff --git a/example/swagger-files/auth-types.json b/example/swagger-files/auth-types.json index 9609c2122..9410aa235 100644 --- a/example/swagger-files/auth-types.json +++ b/example/swagger-files/auth-types.json @@ -23,19 +23,6 @@ ] } }, - "/anything/oauth2-another": { - "post": { - "summary": "Oauth2 security type", - "description": "", - "parameters": [], - "responses": {}, - "security": [ - { - "oauth2": [] - } - ] - } - }, "/anything/basic": { "post": { "summary": "Basic security type", @@ -49,15 +36,15 @@ ] } }, - "/anything/basic-another": { + "/anything/bearer": { "post": { - "summary": "Basic security type", + "summary": "Bearer security type", "description": "", "parameters": [], "responses": {}, "security": [ { - "basic": [] + "bearer": [] } ] } @@ -85,6 +72,10 @@ "type": "http", "scheme": "basic" }, + "bearer": { + "type": "http", + "scheme": "bearer" + }, "apiKey": { "type": "apiKey", "in": "query", diff --git a/packages/api-explorer/__tests__/lib/get-auth.test.js b/packages/api-explorer/__tests__/lib/get-auth.test.js index c2453ed5b..b6dc587fc 100644 --- a/packages/api-explorer/__tests__/lib/get-auth.test.js +++ b/packages/api-explorer/__tests__/lib/get-auth.test.js @@ -56,6 +56,10 @@ it('should return apiKey property for apiKey', () => { expect(getSingle(topLevelUser, { type: 'oauth2' })).toBe('123456'); }); +it('should return apiKey property for bearer', () => { + expect(getSingle(topLevelUser, { type: 'http', scheme: 'bearer' })).toBe('123456'); +}); + it('should return user/pass properties for basic auth', () => { expect(getSingle(topLevelUser, { type: 'http', scheme: 'basic' })).toEqual({ user: 'user', @@ -73,11 +77,12 @@ it('should return selected app from keys array if app provided', () => { it('should return item by scheme name if no apiKey/user/pass', () => { expect(getSingle(topLevelSchemeUser, { type: 'oauth2', _key: 'schemeName' })).toBe('scheme-key'); + expect(getSingle(topLevelSchemeUser, { type: 'http', scheme: 'bearer', _key: 'schemeName' })).toBe('scheme-key'); expect(getSingle(keysSchemeUser, { type: 'oauth2', _key: 'schemeName' })).toBe('scheme-key-1'); expect(getSingle(keysSchemeUser, { type: 'oauth2', _key: 'schemeName' }, 'app-2')).toBe( 'scheme-key-2', ); - expect(getSingle(keysSchemeUser, { type: 'http', _key: 'schemeName' }, 'app-3')).toEqual({ + expect(getSingle(keysSchemeUser, { type: 'http', scheme: 'basic', _key: 'schemeName' }, 'app-3')).toEqual({ user: 'user', pass: 'pass', }); @@ -86,6 +91,7 @@ it('should return item by scheme name if no apiKey/user/pass', () => { it('should return emptystring for anything else', () => { expect(getSingle(topLevelUser, { type: 'unknown' })).toBe(''); expect(getSingle({}, { type: 'http', scheme: 'basic' })).toEqual({ user: '', pass: '' }); + expect(getSingle({}, { type: 'http', scheme: 'bearer' })).toEqual(''); expect(getSingle(keysUser, { type: 'unknown' })).toBe(''); expect(getSingle(keysUser, { type: 'unknown' }, 'app-2')).toBe(''); }); diff --git a/packages/api-explorer/src/lib/get-auth.js b/packages/api-explorer/src/lib/get-auth.js index 177547f20..62a234bda 100644 --- a/packages/api-explorer/src/lib/get-auth.js +++ b/packages/api-explorer/src/lib/get-auth.js @@ -4,7 +4,14 @@ function getKey(user, scheme) { case 'apiKey': return user[scheme._key] || user.apiKey || ''; case 'http': - return user[scheme._key] || { user: user.user || '', pass: user.pass || '' }; + if (scheme.scheme === 'basic') { + return user[scheme._key] || { user: user.user || '', pass: user.pass || '' }; + } + + if (scheme.scheme === 'bearer') { + return user[scheme._key] || user.apiKey || ''; + } + break; default: return ''; } From 0e238c76e77995d7e430d0a7ea05cf1b0a981a56 Mon Sep 17 00:00:00 2001 From: Dom Harrington Date: Mon, 20 May 2019 16:20:37 -0700 Subject: [PATCH 2/3] Add default return for unknown http scheme --- packages/api-explorer/__tests__/lib/get-auth.test.js | 1 + packages/api-explorer/src/lib/get-auth.js | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/packages/api-explorer/__tests__/lib/get-auth.test.js b/packages/api-explorer/__tests__/lib/get-auth.test.js index b6dc587fc..dfd7e2263 100644 --- a/packages/api-explorer/__tests__/lib/get-auth.test.js +++ b/packages/api-explorer/__tests__/lib/get-auth.test.js @@ -92,6 +92,7 @@ it('should return emptystring for anything else', () => { expect(getSingle(topLevelUser, { type: 'unknown' })).toBe(''); expect(getSingle({}, { type: 'http', scheme: 'basic' })).toEqual({ user: '', pass: '' }); expect(getSingle({}, { type: 'http', scheme: 'bearer' })).toEqual(''); + expect(getSingle({}, { type: 'http', scheme: 'unknown' })).toEqual(''); expect(getSingle(keysUser, { type: 'unknown' })).toBe(''); expect(getSingle(keysUser, { type: 'unknown' }, 'app-2')).toBe(''); }); diff --git a/packages/api-explorer/src/lib/get-auth.js b/packages/api-explorer/src/lib/get-auth.js index 62a234bda..e7a1a986e 100644 --- a/packages/api-explorer/src/lib/get-auth.js +++ b/packages/api-explorer/src/lib/get-auth.js @@ -11,7 +11,7 @@ function getKey(user, scheme) { if (scheme.scheme === 'bearer') { return user[scheme._key] || user.apiKey || ''; } - break; + return ''; default: return ''; } From 1cf8e694452fd8d0e3075ff41fb856a3fa372ae7 Mon Sep 17 00:00:00 2001 From: Dom Harrington Date: Mon, 20 May 2019 16:24:44 -0700 Subject: [PATCH 3/3] Prettier --- packages/api-explorer/__tests__/lib/get-auth.test.js | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/packages/api-explorer/__tests__/lib/get-auth.test.js b/packages/api-explorer/__tests__/lib/get-auth.test.js index dfd7e2263..c0d8f839c 100644 --- a/packages/api-explorer/__tests__/lib/get-auth.test.js +++ b/packages/api-explorer/__tests__/lib/get-auth.test.js @@ -77,12 +77,16 @@ it('should return selected app from keys array if app provided', () => { it('should return item by scheme name if no apiKey/user/pass', () => { expect(getSingle(topLevelSchemeUser, { type: 'oauth2', _key: 'schemeName' })).toBe('scheme-key'); - expect(getSingle(topLevelSchemeUser, { type: 'http', scheme: 'bearer', _key: 'schemeName' })).toBe('scheme-key'); + expect( + getSingle(topLevelSchemeUser, { type: 'http', scheme: 'bearer', _key: 'schemeName' }), + ).toBe('scheme-key'); expect(getSingle(keysSchemeUser, { type: 'oauth2', _key: 'schemeName' })).toBe('scheme-key-1'); expect(getSingle(keysSchemeUser, { type: 'oauth2', _key: 'schemeName' }, 'app-2')).toBe( 'scheme-key-2', ); - expect(getSingle(keysSchemeUser, { type: 'http', scheme: 'basic', _key: 'schemeName' }, 'app-3')).toEqual({ + expect( + getSingle(keysSchemeUser, { type: 'http', scheme: 'basic', _key: 'schemeName' }, 'app-3'), + ).toEqual({ user: 'user', pass: 'pass', });