From f8d5550d4fc304e70ea20dbfb6363c86526d1027 Mon Sep 17 00:00:00 2001
From: shaniah868 <65876481+shaniah868@users.noreply.github.com>
Date: Mon, 14 Mar 2022 11:27:59 -0400
Subject: [PATCH] fix: WEOS-1397 Defining a security scheme but not using it
 throws an error -Added a test for initialization with security specified and
 the global security isn't -Changed the logic operator to AND

---
 controllers/rest/api_test.go            | 67 +++++++++++++++++++++++++
 controllers/rest/global_initializers.go |  2 +-
 2 files changed, 68 insertions(+), 1 deletion(-)

diff --git a/controllers/rest/api_test.go b/controllers/rest/api_test.go
index b0dcf51b..bc09d48a 100644
--- a/controllers/rest/api_test.go
+++ b/controllers/rest/api_test.go
@@ -457,3 +457,70 @@ func TestRESTAPI_Initialize_DefaultResponseMiddlware(t *testing.T) {
 	os.Remove("test.db")
 	time.Sleep(1 * time.Second)
 }
+
+func TestRESTAPI_InitializeSecurity(t *testing.T) {
+	//This test is to show that a schema can be defined but the global “security” don't need to be specified
+	t.Run("basic security schema specified without global security specified", func(t *testing.T) {
+		openApi := `openapi: 3.0.3
+info:
+  title: Blog
+  description: Blog example
+  version: 1.0.0
+servers:
+  - url: https://prod1.weos.sh/blog/dev
+    description: WeOS Dev
+  - url: https://prod1.weos.sh/blog/v1
+x-weos-config:
+  logger:
+    level: warn
+    report-caller: true
+    formatter: json
+  database:
+    driver: sqlite3
+    database: test.db
+  event-source:
+    - title: default
+      driver: service
+      endpoint: https://prod1.weos.sh/events/v1
+    - title: event
+      driver: sqlite3
+      database: test.db
+  databases:
+    - title: default
+      driver: sqlite3
+      database: test.db
+  rest:
+    middleware:
+      - RequestID
+      - Recover
+      - ZapLogger
+components:
+  securitySchemes:
+    Auth0:
+      type: openIdConnect
+      openIdConnectUrl: https://dev-bhjqt6zc.us.auth0.com/.well-known/openid-configuration
+  schemas:
+    Category:
+      type: object
+      properties:
+        title:
+          type: string
+        description:
+          type: string
+      required:
+        - title
+      x-identifier:
+        - title
+`
+		tapi, err := api.New(openApi)
+		if err != nil {
+			t.Errorf("unexpected error: '%s'", err)
+		}
+		err = tapi.Initialize(context.TODO())
+		if err != nil {
+			t.Fatalf("unexpected error initializing api '%s'", err)
+		}
+
+	})
+	os.Remove("test.db")
+}
diff --git a/controllers/rest/global_initializers.go b/controllers/rest/global_initializers.go
index 6b9ec40e..51e7018b 100644
--- a/controllers/rest/global_initializers.go
+++ b/controllers/rest/global_initializers.go
@@ -31,7 +31,7 @@ func Security(ctxt context.Context, api *RESTAPI, swagger *openapi3.Swagger) (co
 		}
 		ctxt = context.WithValue(ctxt, weosContext.MIDDLEWARES, middlewares)
 	} else {
-		if swagger.Components.SecuritySchemes != nil || swagger.Security != nil {
+		if swagger.Components.SecuritySchemes != nil && swagger.Security != nil {
 			api.EchoInstance().Logger.Errorf("unexpected error: security defined does not match any security schemes")
 			return ctxt, fmt.Errorf("unexpected error: security defined does not match any security schemes")
 		}