Merge pull request #334 from apiaryio/pksunkara/security

Further implementation of Security

Author: pksunkara

packages/fury-adapter-oas3-parser/STATUS.md

@@ -20,7 +20,7 @@ Key:
 | servers | [✕](https://github.com/apiaryio/api-elements.js/issues/76) |
 | paths | [~](#paths-object) |
 | components | ~ |
-| security | [✕](https://github.com/apiaryio/api-elements.js/issues/77) |
+| security | ✓ |
 | tags | [✕](https://github.com/apiaryio/api-elements.js/issues/75) |
 | externalDocs | [✕](https://github.com/apiaryio/api-elements.js/issues/82) |
 
@@ -72,7 +72,7 @@ Key:
 | responses | [~](#responses-object) |
 | callbacks | [✕](https://github.com/apiaryio/api-elements.js/issues/74) |
 | deprecated | ✕ |
-| security |  [✕](https://github.com/apiaryio/api-elements.js/issues/329)  |
+| security | ✓ |
 | servers | [✕](https://github.com/apiaryio/api-elements.js/issues/76) |
 
 ## Parameter Object
@@ -211,15 +211,17 @@ support.
 
 ## Security Scheme Object
 
+See https://github.com/apiaryio/api-elements.js/issues/329 to track things left to do.
+
 | Field Name | Support |
 |:--|:--|
 | type | [~](#security-scheme-type) |
 | description | ✓ |
 | name | ✓ |
-| in | ~ |
+| in | ✓ |
 | scheme | ~ |
 | bearerFormat | ✕ |
-| flows | ✕ |
+| flows | ✓ |
 | openIdConnectUrl | ✕ |
 
 ## Security Scheme Type
@@ -228,7 +230,7 @@ support.
 |:--|:--|
 | apiKey | ✓ |
 | http | ✓ |
-| oauth2 | ✕ |
+| oauth2 | ✓ |
 | openIdConnect | ✕ |
 
 ## Example Object

packages/fury-adapter-oas3-parser/lib/context.js

@@ -16,6 +16,18 @@ class Context {
   registerId(id) {
     return this.state.registerId(id);
   }
+
+  oauthFlow(id, flow) {
+    return this.state.oauthFlow(id, flow);
+  }
+
+  registerScheme(id) {
+    return this.state.registerScheme(id);
+  }
+
+  hasScheme(id) {
+    return this.state.hasScheme(id);
+  }
 }
 
 module.exports = Context;

packages/fury-adapter-oas3-parser/lib/parser/oas/parseComponentsObject.js

@@ -152,28 +152,47 @@ function parseComponentsObject(context, element) {
   const parseSecuritySchemes = pipeParseResult(namespace,
     parseComponentObjectMember(parseSecuritySchemeObject),
     (object) => {
+      const parseResult = new namespace.elements.ParseResult([]);
       const array = new namespace.elements.Array([]);
 
       object.forEach((value, key) => {
+        const keyValue = key.toValue();
+
         if (value) {
           if (value instanceof namespace.elements.AuthScheme) {
-            // eslint-disable-next-line no-param-reassign
-            value.id = key.clone();
-            array.push(value);
+            if (!context.registerScheme(keyValue)) {
+              parseResult.push(createWarning(namespace,
+                `'${keyValue}' security scheme is already defined`, key));
+            } else {
+              // eslint-disable-next-line no-param-reassign
+              value.id = key.clone();
+              array.push(value);
+            }
 
             return;
           }
 
           // append oauth2 flow names
           value.forEach((flow) => {
-            // eslint-disable-next-line no-param-reassign
-            flow.id = `${key.toValue()} ${flow.grantTypeValue}`;
-            array.push(flow);
+            const flowSchemeName = `${keyValue} ${flow.grantTypeValue}`;
+
+            if (!context.oauthFlow(keyValue, flowSchemeName)) {
+              parseResult.push(createWarning(namespace,
+                `'${flowSchemeName}' security scheme can't be created from '${keyValue}' security scheme because it is already defined`, key));
+            } else {
+              // eslint-disable-next-line no-param-reassign
+              flow.id = flowSchemeName;
+              array.push(flow);
+            }
           });
         }
       });
 
-      return array;
+      if (!array.isEmpty) {
+        parseResult.push(array);
+      }
+
+      return parseResult;
     });
 
   const parseMember = R.cond([

packages/fury-adapter-oas3-parser/lib/parser/oas/parseOpenAPIObject.js

@@ -15,10 +15,11 @@ const parseOpenAPI = require('../openapi');
 const parseInfoObject = require('./parseInfoObject');
 const parsePathsObject = require('./parsePathsObject');
 const parseComponentsObject = require('./parseComponentsObject');
+const parseSecurityRequirementsArray = require('./parseSecurityRequirementsArray');
 
 const name = 'OpenAPI Object';
 const requiredKeys = ['openapi', 'info', 'paths'];
-const unsupportedKeys = ['servers', 'security', 'tags', 'externalDocs'];
+const unsupportedKeys = ['servers', 'tags', 'externalDocs'];
 
 /**
  * Returns whether the given member element is unsupported
@@ -109,8 +110,9 @@ function parseOASObject(context, object) {
   const parseMember = R.cond([
     [hasKey('openapi'), parseOpenAPI(context)],
     [hasKey('info'), R.compose(parseInfoObject(context), getValue)],
-    [hasKey('paths'), R.compose(asArray, parsePathsObject(context), getValue)],
     [hasKey('components'), R.compose(parseComponentsObject(context), getValue)],
+    [hasKey('paths'), R.compose(asArray, parsePathsObject(context), getValue)],
+    [hasKey('security'), R.compose(parseSecurityRequirementsArray(context), getValue)],
 
     // FIXME Support exposing extensions into parse result
     [isExtension, () => new namespace.elements.ParseResult()],
@@ -126,6 +128,7 @@ function parseOASObject(context, object) {
     (object) => {
       const api = object.get('info');
       const components = object.get('components');
+      const security = object.get('security');
 
       if (components) {
         const schemes = R.or(components.get('securitySchemes'), new namespace.elements.Array());
@@ -142,6 +145,20 @@ function parseOASObject(context, object) {
         api.content = api.content.concat(resources.content);
       }
 
+      api.resources.forEach((resource) => {
+        resource.transitions.forEach((transition) => {
+          transition.transactions.forEach((transaction) => {
+            if (!transaction.authSchemes && security && !security.isEmpty) {
+              transaction.attributes.set('authSchemes', security.clone());
+            }
+
+            if (transaction.authSchemes && transaction.authSchemes.isEmpty) {
+              transaction.attributes.remove('authSchemes');
+            }
+          });
+        });
+      });
+
       if (components) {
         const schemas = R.or(components.get('schemas'), new namespace.elements.Array())
           .content

packages/fury-adapter-oas3-parser/lib/parser/oas/parseOperationObject.js

@@ -1,9 +1,8 @@
 const R = require('ramda');
 const {
-  isArray, isMember, isExtension, hasKey, getValue,
+  isMember, isExtension, hasKey, getValue,
 } = require('../../predicates');
 const {
-  createWarning,
   createUnsupportedMemberWarning,
   createInvalidMemberWarning,
   createIdentifierNotUniqueWarning,
@@ -14,8 +13,8 @@ const parseObject = require('../parseObject');
 const parseString = require('../parseString');
 const parseResponsesObject = require('./parseResponsesObject');
 const parseParameterObjects = require('./parseParameterObjects');
-const parseSecurityRequirementObject = require('./parseSecurityRequirementObject');
 const parseRequestBodyObject = require('./parseRequestBodyObject');
+const parseSecurityRequirementsArray = require('./parseSecurityRequirementsArray');
 const parseReference = require('../parseReference');
 
 const parseRequestBodyObjectOrRef = parseReference('requestBodies', parseRequestBodyObject);
@@ -104,32 +103,14 @@ function parseOperationObject(context, path, member) {
     ),
   ]));
 
-  const parseSecurity = pipeParseResult(namespace,
-    R.unless(isArray, createWarning(namespace, `'${name}' 'security' is not an array`)),
-    R.compose(R.chain(parseSecurityRequirementObject(context)), R.constructN(1, namespace.elements.Array)),
-    requirements => requirements.map((requirement) => {
-      if (requirement.length === 1) {
-        return requirement.get(0);
-      }
-
-      const link = new namespace.elements.Link();
-      link.relation = 'profile';
-      link.href = 'https://github.com/refractproject/rfcs/issues/39';
-
-      const allOf = new namespace.elements.Extension(requirement.content);
-      allOf.meta.set('links', new namespace.elements.Array([link]));
-
-      return allOf;
-    }));
-
   const parseMember = R.cond([
     [hasKey('summary'), parseString(context, name, false)],
     [hasKey('description'), parseCopy(context, name, false)],
     [hasKey('operationId'), pipeParseResult(namespace, parseString(context, name, false), parseOperationId)],
     [hasKey('responses'), R.compose(parseResponsesObject(context), getValue)],
     [hasKey('requestBody'), R.compose(parseRequestBodyObjectOrRef(context), getValue)],
     [hasKey('parameters'), R.compose(parseParameterObjects(context, name), getValue)],
-    [hasKey('security'), R.compose(parseSecurity, getValue)],
+    [hasKey('security'), R.compose(parseSecurityRequirementsArray(context), getValue)],
 
     [isUnsupportedKey, createUnsupportedMemberWarning(namespace, name)],
 

packages/fury-adapter-oas3-parser/lib/parser/oas/parseSecurityRequirementObject.js

@@ -40,11 +40,13 @@ function parseSecurityRequirementObject(context, object) {
   const parseSecurityRequirement = pipeParseResult(namespace,
     parseObject(context, name, parseMember),
     (securityRequirement) => {
-      // TODO: expand oauth requirements into multiples depending on flows
-      const arr = new namespace.elements.Array([]);
+      const parseResult = new namespace.elements.ParseResult([]);
+      const array = new namespace.elements.Array([]);
 
       securityRequirement.forEach((value, key) => {
         let e;
+        const schemeName = key.toValue();
+
         const scopes = value.map(scope => scope.toValue());
 
         if (scopes.length) {
@@ -53,11 +55,32 @@ function parseSecurityRequirementObject(context, object) {
           e = new namespace.elements.AuthScheme({});
         }
 
-        e.element = key.toValue();
-        arr.push(e);
+        // Expand oauth2 flows
+        const hasFlows = context.state.oauthFlows[schemeName] || [];
+
+        if (hasFlows.length !== 0) {
+          hasFlows.forEach((flow) => {
+            const element = e.clone();
+            element.element = flow;
+            array.push(element);
+          });
+
+          return;
+        }
+
+        if (!context.hasScheme(schemeName)) {
+          parseResult.push(createWarning(namespace, `'${schemeName}' security scheme not found`, key));
+        } else {
+          e.element = schemeName;
+          array.push(e);
+        }
       });
 
-      return arr;
+      if (!array.isEmpty) {
+        parseResult.push(array);
+      }
+
+      return parseResult;
     });
 
   return parseSecurityRequirement(object);

packages/fury-adapter-oas3-parser/lib/parser/oas/parseSecurityRequirementsArray.js

@@ -0,0 +1,40 @@
+const R = require('ramda');
+const pipeParseResult = require('../../pipeParseResult');
+const parseArray = require('../parseArray');
+const parseSecurityRequirementObject = require('./parseSecurityRequirementObject');
+
+const name = 'Security Requirements Array';
+
+/**
+ * Parse Security Requirements Array
+ *
+ * @param namespace {Namespace}
+ * @param element {Element}
+ * @returns ParseResult
+ *
+ * @private
+ */
+function parseSecurityRequirementsArray(context, element) {
+  const { namespace } = context;
+
+  const parseSecurityRequirements = pipeParseResult(namespace,
+    parseArray(context, name, R.curry(parseSecurityRequirementObject)(context)),
+    requirements => requirements.map((requirement) => {
+      if (requirement.length === 1) {
+        return requirement.get(0);
+      }
+
+      const link = new namespace.elements.Link();
+      link.relation = 'profile';
+      link.href = 'https://github.com/refractproject/rfcs/issues/39';
+
+      const allOf = new namespace.elements.Extension(requirement.content);
+      allOf.meta.set('links', new namespace.elements.Array([link]));
+
+      return allOf;
+    }));
+
+  return parseSecurityRequirements(element);
+}
+
+module.exports = R.curry(parseSecurityRequirementsArray);

packages/fury-adapter-oas3-parser/lib/state.js

@@ -1,6 +1,9 @@
 class State {
   constructor() {
     this.registeredIds = new Set();
+
+    this.registeredSchemes = new Set();
+    this.oauthFlows = {};
   }
 
   registerId(id) {
@@ -11,6 +14,26 @@ class State {
     this.registeredIds.add(id);
     return true;
   }
+
+  oauthFlow(id, flow) {
+    this.oauthFlows[id] = this.oauthFlows[id] || new Set();
+    this.oauthFlows[id].add(flow);
+
+    return this.registerScheme(flow);
+  }
+
+  registerScheme(id) {
+    if (this.registeredSchemes.has(id)) {
+      return false;
+    }
+
+    this.registeredSchemes.add(id);
+    return true;
+  }
+
+  hasScheme(id) {
+    return this.registeredSchemes.has(id);
+  }
 }
 
 module.exports = State;