Merge pull request #142 from wepala/WEOS-1397

fix: WEOS-1397 Defining a security scheme but not using it throws an error
wepala · Mar 16, 2022 · 982e8bd · 982e8bd
2 parents 9f1fe15 + e5a24be
commit 982e8bd
Show file tree

Hide file tree

Showing 2 changed files with 68 additions and 1 deletion.
diff --git a/controllers/rest/api_test.go b/controllers/rest/api_test.go
@@ -680,3 +680,70 @@ func TestRESTAPI_Initialize_ExampleResponse(t *testing.T) {
 	}
 	os.Remove("test.db")
 }
+
+func TestRESTAPI_InitializeSecurity(t *testing.T) {
+	//This test is to show that a schema can be defined but the global “security” don't need to be specified
+	t.Run("basic security schema specified without global security specified", func(t *testing.T) {
+		openApi := `openapi: 3.0.3
+info:
+  title: Blog
+  description: Blog example
+  version: 1.0.0
+servers:
+  - url: https://prod1.weos.sh/blog/dev
+    description: WeOS Dev
+  - url: https://prod1.weos.sh/blog/v1
+x-weos-config:
+  logger:
+    level: warn
+    report-caller: true
+    formatter: json
+  database:
+    driver: sqlite3
+    database: test.db
+  event-source:
+    - title: default
+      driver: service
+      endpoint: https://prod1.weos.sh/events/v1
+    - title: event
+      driver: sqlite3
+      database: test.db
+  databases:
+    - title: default
+      driver: sqlite3
+      database: test.db
+  rest:
+    middleware:
+      - RequestID
+      - Recover
+      - ZapLogger
+components:
+  securitySchemes:
+    Auth0:
+      type: openIdConnect
+      openIdConnectUrl: https://dev-bhjqt6zc.us.auth0.com/.well-known/openid-configuration
+  schemas:
+    Category:
+      type: object
+      properties:
+        title:
+          type: string
+        description:
+          type: string
+      required:
+        - title
+      x-identifier:
+        - title
+`
+		tapi, err := api.New(openApi)
+		if err != nil {
+			t.Errorf("unexpected error: '%s'", err)
+		}
+		err = tapi.Initialize(context.TODO())
+		if err != nil {
+			t.Fatalf("unexpected error initializing api '%s'", err)
+		}
+
+	})
+	os.Remove("test.db")
+}
diff --git a/controllers/rest/global_initializers.go b/controllers/rest/global_initializers.go
@@ -31,7 +31,7 @@ func Security(ctxt context.Context, api *RESTAPI, swagger *openapi3.Swagger) (co
 		}
 		ctxt = context.WithValue(ctxt, weosContext.MIDDLEWARES, middlewares)
 	} else {
-		if swagger.Components.SecuritySchemes != nil || swagger.Security != nil {
+		if swagger.Components.SecuritySchemes != nil && swagger.Security != nil {
 			api.EchoInstance().Logger.Errorf("unexpected error: security defined does not match any security schemes")
 			return ctxt, fmt.Errorf("unexpected error: security defined does not match any security schemes")
 		}