fix(ux): ensure that optional security schema is rendered without pad…

…lock. (#6839)
swagger-api · Jan 22, 2021 · eddde95 · eddde95
1 parent 617a7ce
commit eddde95
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 2 deletions.
diff --git a/src/core/components/operation-summary.jsx b/src/core/components/operation-summary.jsx
@@ -56,8 +56,10 @@ export default class OperationSummary extends PureComponent {
     const OperationSummaryPath = getComponent("OperationSummaryPath")
     const JumpToPath = getComponent("JumpToPath", true)
 
+    const hasSecurity = security && !!security.count()
+    const securityIsOptional = hasSecurity && security.size === 1 && security.first().isEmpty()
+    const allowAnonymous = !hasSecurity || securityIsOptional
     return (
-
       <div className={`opblock-summary opblock-summary-${method}`} onClick={toggleShown} >
         <OperationSummaryMethod method={method} />
         <OperationSummaryPath getComponent={getComponent} operationProps={operationProps} specPath={specPath} />
@@ -71,7 +73,7 @@ export default class OperationSummary extends PureComponent {
         {displayOperationId && (originalOperationId || operationId) ? <span className="opblock-summary-operation-id">{originalOperationId || operationId}</span> : null}
 
         {
-          (!security || !security.count()) ? null :
+          allowAnonymous ? null :
             <AuthorizeOperationBtn
               isAuthorized={isAuthorized}
               onClick={() => {

diff --git a/test/e2e-cypress/static/documents/security/anonymous.yaml b/test/e2e-cypress/static/documents/security/anonymous.yaml
@@ -0,0 +1,35 @@
+openapi: 3.0.0
+info:
+  title: Test anonymous operations
+  version: 1.0.0
+paths:
+  /withBoth:
+    get:
+      security: [{}, {"apikeyScheme": []}, {"apikeyScheme2": []}]
+      responses:
+        200:
+          description: asdadasd
+  /onlyEmpty:
+    get:
+      security: [{}]
+      responses:
+        200:
+          description: asdadasd
+  /required:
+    get:
+      security: [{"apikeyScheme": []}]
+      responses:
+        200:
+          description: asdadasd
+security:
+  - apikeyScheme: []
+components:
+  securitySchemes:
+    apikeyScheme:
+      name: test
+      type: apiKey
+      in: header
+    apikeyScheme2:
+      name: test2
+      type: apiKey
+      in: header
diff --git a/test/e2e-cypress/tests/security/anonymous.js b/test/e2e-cypress/tests/security/anonymous.js
@@ -0,0 +1,22 @@
+describe("#6767: Operation should be considered anonymous if its security only includes empty object (this was decided by implementation choice and may change or be extended in the future)", () => {
+  it("Should consider method anonymous if security contains only empty object", () => {
+    cy
+      .visit("/?url=/documents/security/anonymous.yaml")
+      .get("#operations-default-get_onlyEmpty .authorization__btn")
+      .should("not.exist")
+  })
+
+  it("Should consider method as secured if security contains no empty object", () => {
+    cy
+      .visit("/?url=/documents/security/anonymous.yaml")
+      .get("#operations-default-get_required .authorization__btn")
+      .should("exist")
+  })
+
+  it("Should consider method as secured if security contains empty object but has at least one more security defined", () => {
+    cy
+      .visit("/?url=/documents/security/anonymous.yaml")
+      .get("#operations-default-get_withBoth .authorization__btn")
+      .should("exist")
+  })
+})