-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathgroup_security_test.go
More file actions
99 lines (78 loc) · 2.46 KB
/
group_security_test.go
File metadata and controls
99 lines (78 loc) · 2.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
package api_test
import (
"context"
"testing"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/bjaus/api"
)
func TestWithGroupSecurity_applied(t *testing.T) {
t.Parallel()
r := api.New(
api.WithTitle("Group Security"),
api.WithSecurityScheme("bearerAuth", api.SecurityScheme{
Type: "http",
Scheme: "bearer",
}),
)
g := r.Group("/api", api.WithGroupSecurity("bearerAuth"))
api.Get(g, "/items", func(_ context.Context, _ *api.Void) (*api.Void, error) {
return &api.Void{}, nil
})
spec := r.Spec()
path, ok := spec.Paths["/api/items"]
require.True(t, ok, "path /api/items should exist")
op := path["get"]
require.NotNil(t, op.Security, "security should be set from group")
require.Len(t, *op.Security, 1)
assert.Contains(t, (*op.Security)[0], "bearerAuth")
}
func TestWithGroupSecurity_not_overridden_by_route(t *testing.T) {
t.Parallel()
r := api.New(
api.WithTitle("Explicit Route Security"),
api.WithSecurityScheme("bearerAuth", api.SecurityScheme{
Type: "http",
Scheme: "bearer",
}),
api.WithSecurityScheme("apiKey", api.SecurityScheme{
Type: "apiKey",
Name: "X-API-Key",
In: "header",
}),
)
g := r.Group("/api", api.WithGroupSecurity("bearerAuth"))
// This route has explicit security, so group security should NOT apply.
api.Get(g, "/special", func(_ context.Context, _ *api.Void) (*api.Void, error) {
return &api.Void{}, nil
}, api.WithSecurity("apiKey"))
spec := r.Spec()
path, ok := spec.Paths["/api/special"]
require.True(t, ok)
op := path["get"]
require.NotNil(t, op.Security)
require.Len(t, *op.Security, 1)
// Should be apiKey, not bearerAuth.
assert.Contains(t, (*op.Security)[0], "apiKey")
assert.NotContains(t, (*op.Security)[0], "bearerAuth")
}
func TestWithGroupSecurity_not_applied_with_NoSecurity(t *testing.T) {
t.Parallel()
r := api.New(
api.WithTitle("NoSecurity Route"),
api.WithSecurityScheme("bearerAuth", api.SecurityScheme{
Type: "http",
Scheme: "bearer",
}),
)
g := r.Group("/api", api.WithGroupSecurity("bearerAuth"))
api.Get(g, "/public", func(_ context.Context, _ *api.Void) (*api.Void, error) {
return &api.Void{}, nil
}, api.WithNoSecurity())
spec := r.Spec()
path, ok := spec.Paths["/api/public"]
require.True(t, ok)
op := path["get"]
require.NotNil(t, op.Security, "security should be set (empty array for no security)")
assert.Empty(t, *op.Security, "security should be an empty array for no-security routes")
}