feat(oas3): warn when auth schemes are used but not declared

Author: pksunkara

packages/fury-adapter-oas3-parser/STATUS.md

@@ -20,7 +20,7 @@ Key:
 | servers | [✕](https://github.com/apiaryio/api-elements.js/issues/76) |
 | paths | [~](#paths-object) |
 | components | ~ |
-| security | [✕](https://github.com/apiaryio/api-elements.js/issues/77) |
+| security | ✓ |
 | tags | [✕](https://github.com/apiaryio/api-elements.js/issues/75) |
 | externalDocs | [✕](https://github.com/apiaryio/api-elements.js/issues/82) |
 
@@ -72,7 +72,7 @@ Key:
 | responses | [~](#responses-object) |
 | callbacks | [✕](https://github.com/apiaryio/api-elements.js/issues/74) |
 | deprecated | ✕ |
-| security |  [✕](https://github.com/apiaryio/api-elements.js/issues/329)  |
+| security | ✓ |
 | servers | [✕](https://github.com/apiaryio/api-elements.js/issues/76) |
 
 ## Parameter Object
@@ -211,15 +211,17 @@ support.
 
 ## Security Scheme Object
 
+See https://github.com/apiaryio/api-elements.js/issues/329 to track things left to do.
+
 | Field Name | Support |
 |:--|:--|
 | type | [~](#security-scheme-type) |
 | description | ✓ |
 | name | ✓ |
-| in | ~ |
+| in | ✓ |
 | scheme | ~ |
 | bearerFormat | ✕ |
-| flows | ✕ |
+| flows | ✓ |
 | openIdConnectUrl | ✕ |
 
 ## Security Scheme Type
@@ -228,7 +230,7 @@ support.
 |:--|:--|
 | apiKey | ✓ |
 | http | ✓ |
-| oauth2 | ✕ |
+| oauth2 | ✓ |
 | openIdConnect | ✕ |
 
 ## Example Object

packages/fury-adapter-oas3-parser/lib/context.js

@@ -16,6 +16,18 @@ class Context {
   registerId(id) {
     return this.state.registerId(id);
   }
+
+  oauthFlow(id, flow) {
+    return this.state.oauthFlow(id, flow);
+  }
+
+  registerScheme(id) {
+    return this.state.registerScheme(id);
+  }
+
+  hasScheme(id) {
+    return this.state.hasScheme(id);
+  }
 }
 
 module.exports = Context;

packages/fury-adapter-oas3-parser/lib/parser/oas/parseComponentsObject.js

@@ -152,28 +152,47 @@ function parseComponentsObject(context, element) {
   const parseSecuritySchemes = pipeParseResult(namespace,
     parseComponentObjectMember(parseSecuritySchemeObject),
     (object) => {
+      const parseResult = new namespace.elements.ParseResult([]);
       const array = new namespace.elements.Array([]);
 
       object.forEach((value, key) => {
+        const keyValue = key.toValue();
+
         if (value) {
           if (value instanceof namespace.elements.AuthScheme) {
-            // eslint-disable-next-line no-param-reassign
-            value.id = key.clone();
-            array.push(value);
+            if (!context.registerScheme(keyValue)) {
+              parseResult.push(createWarning(namespace,
+                `'${keyValue}' security scheme is already defined`, key));
+            } else {
+              // eslint-disable-next-line no-param-reassign
+              value.id = key.clone();
+              array.push(value);
+            }
 
             return;
           }
 
           // append oauth2 flow names
           value.forEach((flow) => {
-            // eslint-disable-next-line no-param-reassign
-            flow.id = `${key.toValue()} ${flow.grantTypeValue}`;
-            array.push(flow);
+            const flowSchemeName = `${keyValue} ${flow.grantTypeValue}`;
+
+            if (!context.oauthFlow(keyValue, flowSchemeName)) {
+              parseResult.push(createWarning(namespace,
+                `'${flowSchemeName}' security scheme can't be created from '${keyValue}' security scheme because it is already defined`, key));
+            } else {
+              // eslint-disable-next-line no-param-reassign
+              flow.id = flowSchemeName;
+              array.push(flow);
+            }
           });
         }
       });
 
-      return array;
+      if (!array.isEmpty) {
+        parseResult.push(array);
+      }
+
+      return parseResult;
     });
 
   const parseMember = R.cond([

packages/fury-adapter-oas3-parser/lib/parser/oas/parseOpenAPIObject.js

@@ -110,8 +110,8 @@ function parseOASObject(context, object) {
   const parseMember = R.cond([
     [hasKey('openapi'), parseOpenAPI(context)],
     [hasKey('info'), R.compose(parseInfoObject(context), getValue)],
-    [hasKey('paths'), R.compose(asArray, parsePathsObject(context), getValue)],
     [hasKey('components'), R.compose(parseComponentsObject(context), getValue)],
+    [hasKey('paths'), R.compose(asArray, parsePathsObject(context), getValue)],
     [hasKey('security'), R.compose(parseSecurityRequirementsArray(context), getValue)],
 
     // FIXME Support exposing extensions into parse result

packages/fury-adapter-oas3-parser/lib/parser/oas/parseSecurityRequirementObject.js

@@ -40,24 +40,34 @@ function parseSecurityRequirementObject(context, object) {
   const parseSecurityRequirement = pipeParseResult(namespace,
     parseObject(context, name, parseMember),
     (securityRequirement) => {
-      // TODO: expand oauth requirements into multiples depending on flows
-      const arr = new namespace.elements.Array([]);
+      const parseResult = new namespace.elements.ParseResult([]);
+      const array = new namespace.elements.Array([]);
 
       securityRequirement.forEach((value, key) => {
         let e;
-        const scopes = value.map(scope => scope.toValue());
+        const schemeName = key.toValue();
 
-        if (scopes.length) {
-          e = new namespace.elements.AuthScheme({ scopes });
+        if (!context.hasScheme(schemeName)) {
+          parseResult.push(createWarning(namespace, `'${schemeName}' security scheme not found`, key));
         } else {
-          e = new namespace.elements.AuthScheme({});
-        }
+          const scopes = value.map(scope => scope.toValue());
+
+          if (scopes.length) {
+            e = new namespace.elements.AuthScheme({ scopes });
+          } else {
+            e = new namespace.elements.AuthScheme({});
+          }
 
-        e.element = key.toValue();
-        arr.push(e);
+          e.element = schemeName;
+          array.push(e);
+        }
       });
 
-      return arr;
+      if (!array.isEmpty) {
+        parseResult.push(array);
+      }
+
+      return parseResult;
     });
 
   return parseSecurityRequirement(object);

packages/fury-adapter-oas3-parser/lib/state.js

@@ -1,6 +1,9 @@
 class State {
   constructor() {
     this.registeredIds = new Set();
+
+    this.registeredSchemes = new Set();
+    this.oauthFlows = {};
   }
 
   registerId(id) {
@@ -11,6 +14,26 @@ class State {
     this.registeredIds.add(id);
     return true;
   }
+
+  oauthFlow(id, flow) {
+    this.oauthFlows[id] = this.oauthFlows[id] || [];
+    this.oauthFlows[id].push(flow);
+
+    return this.registerScheme(flow);
+  }
+
+  registerScheme(id) {
+    if (this.registeredSchemes.has(id)) {
+      return false;
+    }
+
+    this.registeredSchemes.add(id);
+    return true;
+  }
+
+  hasScheme(id) {
+    return this.registeredSchemes.has(id);
+  }
 }
 
 module.exports = State;

packages/fury-adapter-oas3-parser/test/integration/fixtures/auth-scheme-does-not-exist.json

@@ -0,0 +1,166 @@
+{
+  "element": "parseResult",
+  "content": [
+    {
+      "element": "category",
+      "meta": {
+        "classes": {
+          "element": "array",
+          "content": [
+            {
+              "element": "string",
+              "content": "api"
+            }
+          ]
+        },
+        "title": {
+          "element": "string",
+          "content": "Auth Scheme"
+        }
+      },
+      "attributes": {
+        "version": {
+          "element": "string",
+          "content": "1.0.0"
+        }
+      },
+      "content": [
+        {
+          "element": "resource",
+          "attributes": {
+            "href": {
+              "element": "string",
+              "content": "/user"
+            }
+          },
+          "content": [
+            {
+              "element": "transition",
+              "meta": {
+                "title": {
+                  "element": "string",
+                  "content": "View the current User"
+                }
+              },
+              "content": [
+                {
+                  "element": "httpTransaction",
+                  "content": [
+                    {
+                      "element": "httpRequest",
+                      "attributes": {
+                        "method": {
+                          "element": "string",
+                          "content": "GET"
+                        }
+                      }
+                    },
+                    {
+                      "element": "httpResponse",
+                      "attributes": {
+                        "headers": {
+                          "element": "httpHeaders",
+                          "content": [
+                            {
+                              "element": "member",
+                              "content": {
+                                "key": {
+                                  "element": "string",
+                                  "content": "Content-Type"
+                                },
+                                "value": {
+                                  "element": "string",
+                                  "content": "application/json"
+                                }
+                              }
+                            }
+                          ]
+                        },
+                        "statusCode": {
+                          "element": "string",
+                          "content": "200"
+                        }
+                      },
+                      "content": [
+                        {
+                          "element": "dataStructure",
+                          "content": {
+                            "element": "string"
+                          }
+                        },
+                        {
+                          "element": "copy",
+                          "content": "An user"
+                        }
+                      ]
+                    }
+                  ]
+                }
+              ]
+            }
+          ]
+        }
+      ]
+    },
+    {
+      "element": "annotation",
+      "meta": {
+        "classes": {
+          "element": "array",
+          "content": [
+            {
+              "element": "string",
+              "content": "warning"
+            }
+          ]
+        }
+      },
+      "attributes": {
+        "sourceMap": {
+          "element": "array",
+          "content": [
+            {
+              "element": "sourceMap",
+              "content": [
+                {
+                  "element": "array",
+                  "content": [
+                    {
+                      "element": "number",
+                      "attributes": {
+                        "line": {
+                          "element": "number",
+                          "content": 10
+                        },
+                        "column": {
+                          "element": "number",
+                          "content": 11
+                        }
+                      },
+                      "content": 149
+                    },
+                    {
+                      "element": "number",
+                      "attributes": {
+                        "line": {
+                          "element": "number",
+                          "content": 10
+                        },
+                        "column": {
+                          "element": "number",
+                          "content": 16
+                        }
+                      },
+                      "content": 5
+                    }
+                  ]
+                }
+              ]
+            }
+          ]
+        }
+      },
+      "content": "'basic' security scheme not found"
+    }
+  ]
+}