217 lines
5.3 KiB
JavaScript
217 lines
5.3 KiB
JavaScript
|
import expect from "expect"
|
||
|
|
import validateHelper, { expectNoErrorsOrWarnings } from "../validate-helper.js"
|
||
|
|
|
||
|
|
describe("validation plugin - semantic - 2and3 security", () => {
|
||
|
|
it("should return an error when top-level security references a non-existing security scheme", () => {
|
||
|
|
const spec = {
|
||
|
|
swagger: "2.0",
|
||
|
|
security: [
|
||
|
|
{
|
||
|
|
fictional_security_definition: [
|
||
|
|
"write:pets"
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
|
||
|
|
return validateHelper(spec)
|
||
|
|
.then(system => {
|
||
|
|
const allErrors = system.errSelectors.allErrors().toJS()
|
||
|
|
expect(allErrors.length).toEqual(1)
|
||
|
|
const firstError = allErrors[0]
|
||
|
|
expect(firstError.path).toEqual(["security", "0"])
|
||
|
|
expect(firstError.message).toMatch("Security requirements must match a security definition")
|
||
|
|
})
|
||
|
|
})
|
||
|
|
|
||
|
|
it("should return an error when an operation references a non-existing security scheme", () => {
|
||
|
|
const spec = {
|
||
|
|
swagger: "2.0",
|
||
|
|
paths: {
|
||
|
|
"/": {
|
||
|
|
get: {
|
||
|
|
security: [
|
||
|
|
{
|
||
|
|
fictional_security_definition: [
|
||
|
|
"write:pets"
|
||
|
|
]
|
||
|
|
}
|
||
|
|
]
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
return validateHelper(spec)
|
||
|
|
.then(system => {
|
||
|
|
const allErrors = system.errSelectors.allErrors().toJS()
|
||
|
|
expect(allErrors.length).toEqual(1)
|
||
|
|
const firstError = allErrors[0]
|
||
|
|
expect(firstError.path).toEqual(["paths", "/", "get", "security", "0"])
|
||
|
|
expect(firstError.message).toMatch("Security requirements must match a security definition")
|
||
|
|
})
|
||
|
|
})
|
||
|
|
|
||
|
|
it("should return a warning when a security scheme is defined but not used in OpenAPI 2.0", () => {
|
||
|
|
const spec = {
|
||
|
|
swagger: "2.0",
|
||
|
|
securityDefinitions: {
|
||
|
|
auth: {
|
||
|
|
type: "basic"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
return validateHelper(spec)
|
||
|
|
.then(system => {
|
||
|
|
const allErrors = system.errSelectors.allErrors().toJS()
|
||
|
|
const firstError = allErrors[0]
|
||
|
|
expect(allErrors.length).toEqual(1)
|
||
|
|
expect(firstError.level).toEqual("warning")
|
||
|
|
expect(firstError.message).toMatch("Security scheme was defined but never used.")
|
||
|
|
expect(firstError.path).toEqual(["securityDefinitions", "auth"])
|
||
|
|
})
|
||
|
|
})
|
||
|
|
|
||
|
|
it("should return a warning when a security scheme is defined but not used in OpenAPI 3.0", () => {
|
||
|
|
const spec = {
|
||
|
|
openapi: "3.0.0",
|
||
|
|
components: {
|
||
|
|
securitySchemes: {
|
||
|
|
auth: {
|
||
|
|
type: "http"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
return validateHelper(spec)
|
||
|
|
.then(system => {
|
||
|
|
const allErrors = system.errSelectors.allErrors().toJS()
|
||
|
|
const firstError = allErrors[0]
|
||
|
|
expect(allErrors.length).toEqual(1)
|
||
|
|
expect(firstError.level).toEqual("warning")
|
||
|
|
expect(firstError.message).toMatch("Security scheme was defined but never used.")
|
||
|
|
expect(firstError.path).toEqual(["components", "securitySchemes", "auth"])
|
||
|
|
})
|
||
|
|
})
|
||
|
|
|
||
|
|
it("should return no errors when a security scheme is defined and referenced globally in OpenAPI 2.0", () => {
|
||
|
|
const spec = {
|
||
|
|
swagger: "2.0",
|
||
|
|
security: [
|
||
|
|
{ auth: [] }
|
||
|
|
],
|
||
|
|
securityDefinitions: {
|
||
|
|
auth: {
|
||
|
|
type: "basic"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
return expectNoErrorsOrWarnings(spec)
|
||
|
|
})
|
||
|
|
|
||
|
|
it("should return no errors when a security scheme is defined and used in an operation in OpenAPI 2.0", () => {
|
||
|
|
const spec = {
|
||
|
|
swagger: "2.0",
|
||
|
|
paths: {
|
||
|
|
"/": {
|
||
|
|
get: {
|
||
|
|
security: [
|
||
|
|
{ auth: [] }
|
||
|
|
]
|
||
|
|
}
|
||
|
|
}
|
||
|
|
},
|
||
|
|
securityDefinitions: {
|
||
|
|
auth: {
|
||
|
|
type: "basic"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
return expectNoErrorsOrWarnings(spec)
|
||
|
|
})
|
||
|
|
|
||
|
|
it("should return no errors when a security scheme is defined and referenced globally in OpenAPI 3.0", () => {
|
||
|
|
const spec = {
|
||
|
|
openapi: "3.0.0",
|
||
|
|
security: [
|
||
|
|
{ auth: [] }
|
||
|
|
],
|
||
|
|
components: {
|
||
|
|
securitySchemes: {
|
||
|
|
auth: {
|
||
|
|
type: "http"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
return expectNoErrorsOrWarnings(spec)
|
||
|
|
})
|
||
|
|
|
||
|
|
it("should return no errors when a security scheme is defined and used in an operation in OpenAPI 3.0", () => {
|
||
|
|
const spec = {
|
||
|
|
openapi: "3.0.0",
|
||
|
|
paths: {
|
||
|
|
"/": {
|
||
|
|
get: {
|
||
|
|
security: [
|
||
|
|
{ auth: [] }
|
||
|
|
]
|
||
|
|
}
|
||
|
|
}
|
||
|
|
},
|
||
|
|
components: {
|
||
|
|
securitySchemes: {
|
||
|
|
auth: {
|
||
|
|
type: "http"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
return expectNoErrorsOrWarnings(spec)
|
||
|
|
})
|
||
|
|
|
||
|
|
it("should return no errrors when `security` contains multiple requirements combined using logical OR", () => {
|
||
|
|
const spec = {
|
||
|
|
swagger: "2.0",
|
||
|
|
security: [
|
||
|
|
{},
|
||
|
|
{ auth: [] }
|
||
|
|
],
|
||
|
|
securityDefinitions: {
|
||
|
|
auth: {
|
||
|
|
type: "basic"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
return expectNoErrorsOrWarnings(spec)
|
||
|
|
})
|
||
|
|
|
||
|
|
it("should return no errors when security schemes are combined using logical AND", () => {
|
||
|
|
const spec = {
|
||
|
|
swagger: "2.0",
|
||
|
|
security: [
|
||
|
|
{
|
||
|
|
auth1: [],
|
||
|
|
auth2: []
|
||
|
|
}
|
||
|
|
],
|
||
|
|
securityDefinitions: {
|
||
|
|
auth1: {
|
||
|
|
type: "apiKey"
|
||
|
|
},
|
||
|
|
auth2: {
|
||
|
|
type: "apiKey"
|
||
|
|
}
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
return expectNoErrorsOrWarnings(spec)
|
||
|
|
})
|
||
|
|
})
|