import expect from "expect" import validateHelper, { expectNoErrorsOrWarnings } from "../validate-helper.js" describe("validation plugin - semantic - 2and3 security", () => { it("should return an error when top-level security references a non-existing security scheme", () => { const spec = { swagger: "2.0", security: [ { fictional_security_definition: [ "write:pets" ] } ] } return validateHelper(spec) .then(system => { const allErrors = system.errSelectors.allErrors().toJS() expect(allErrors.length).toEqual(1) const firstError = allErrors[0] expect(firstError.path).toEqual(["security", "0"]) expect(firstError.message).toMatch("Security requirements must match a security definition") }) }) it("should return an error when an operation references a non-existing security scheme", () => { const spec = { swagger: "2.0", paths: { "/": { get: { security: [ { fictional_security_definition: [ "write:pets" ] } ] } } } } return validateHelper(spec) .then(system => { const allErrors = system.errSelectors.allErrors().toJS() expect(allErrors.length).toEqual(1) const firstError = allErrors[0] expect(firstError.path).toEqual(["paths", "/", "get", "security", "0"]) expect(firstError.message).toMatch("Security requirements must match a security definition") }) }) it("should return a warning when a security scheme is defined but not used in OpenAPI 2.0", () => { const spec = { swagger: "2.0", securityDefinitions: { auth: { type: "basic" } } } return validateHelper(spec) .then(system => { const allErrors = system.errSelectors.allErrors().toJS() const firstError = allErrors[0] expect(allErrors.length).toEqual(1) expect(firstError.level).toEqual("warning") expect(firstError.message).toMatch("Security scheme was defined but never used.") expect(firstError.path).toEqual(["securityDefinitions", "auth"]) }) }) it("should return a warning when a security scheme is defined but not used in OpenAPI 3.0", () => { const spec = { openapi: "3.0.0", components: { securitySchemes: { auth: { type: "http" } } } } return validateHelper(spec) .then(system => { const allErrors = system.errSelectors.allErrors().toJS() const firstError = allErrors[0] expect(allErrors.length).toEqual(1) expect(firstError.level).toEqual("warning") expect(firstError.message).toMatch("Security scheme was defined but never used.") expect(firstError.path).toEqual(["components", "securitySchemes", "auth"]) }) }) it("should return no errors when a security scheme is defined and referenced globally in OpenAPI 2.0", () => { const spec = { swagger: "2.0", security: [ { auth: [] } ], securityDefinitions: { auth: { type: "basic" } } } return expectNoErrorsOrWarnings(spec) }) it("should return no errors when a security scheme is defined and used in an operation in OpenAPI 2.0", () => { const spec = { swagger: "2.0", paths: { "/": { get: { security: [ { auth: [] } ] } } }, securityDefinitions: { auth: { type: "basic" } } } return expectNoErrorsOrWarnings(spec) }) it("should return no errors when a security scheme is defined and referenced globally in OpenAPI 3.0", () => { const spec = { openapi: "3.0.0", security: [ { auth: [] } ], components: { securitySchemes: { auth: { type: "http" } } } } return expectNoErrorsOrWarnings(spec) }) it("should return no errors when a security scheme is defined and used in an operation in OpenAPI 3.0", () => { const spec = { openapi: "3.0.0", paths: { "/": { get: { security: [ { auth: [] } ] } } }, components: { securitySchemes: { auth: { type: "http" } } } } return expectNoErrorsOrWarnings(spec) }) it("should return no errrors when `security` contains multiple requirements combined using logical OR", () => { const spec = { swagger: "2.0", security: [ {}, { auth: [] } ], securityDefinitions: { auth: { type: "basic" } } } return expectNoErrorsOrWarnings(spec) }) it("should return no errors when security schemes are combined using logical AND", () => { const spec = { swagger: "2.0", security: [ { auth1: [], auth2: [] } ], securityDefinitions: { auth1: { type: "apiKey" }, auth2: { type: "apiKey" } } } return expectNoErrorsOrWarnings(spec) }) })