feat(oas3): expand oauth scheme requirement into it's flows

Author: pksunkara

packages/fury-adapter-oas3-parser/lib/parser/oas/parseSecurityRequirementObject.js

@@ -47,17 +47,30 @@ function parseSecurityRequirementObject(context, object) {
         let e;
         const schemeName = key.toValue();
 
-        if (!context.hasScheme(schemeName)) {
-          parseResult.push(createWarning(namespace, `'${schemeName}' security scheme not found`, key));
+        const scopes = value.map(scope => scope.toValue());
+
+        if (scopes.length) {
+          e = new namespace.elements.AuthScheme({ scopes });
         } else {
-          const scopes = value.map(scope => scope.toValue());
+          e = new namespace.elements.AuthScheme({});
+        }
+
+        // Expand oauth2 flows
+        const hasFlows = context.state.oauthFlows[schemeName] || [];
 
-          if (scopes.length) {
-            e = new namespace.elements.AuthScheme({ scopes });
-          } else {
-            e = new namespace.elements.AuthScheme({});
-          }
+        if (hasFlows.length !== 0) {
+          hasFlows.forEach((flow) => {
+            const element = e.clone();
+            element.element = flow;
+            array.push(element);
+          });
 
+          return;
+        }
+
+        if (!context.hasScheme(schemeName)) {
+          parseResult.push(createWarning(namespace, `'${schemeName}' security scheme not found`, key));
+        } else {
           e.element = schemeName;
           array.push(e);
         }

packages/fury-adapter-oas3-parser/lib/state.js

@@ -16,8 +16,8 @@ class State {
   }
 
   oauthFlow(id, flow) {
-    this.oauthFlows[id] = this.oauthFlows[id] || [];
-    this.oauthFlows[id].push(flow);
+    this.oauthFlows[id] = this.oauthFlows[id] || new Set();
+    this.oauthFlows[id].add(flow);
 
     return this.registerScheme(flow);
   }

packages/fury-adapter-oas3-parser/test/unit/parser/oas/parseSecurityRequirementObject-test.js

@@ -10,7 +10,9 @@ describe('Security Requirement Object', () => {
   beforeEach(() => {
     context = new Context(namespace);
     context.registerScheme('customApiKey');
-    context.registerScheme('customOauth2');
+    context.registerScheme('customOauth');
+    context.oauthFlow('oauthWithFlow', 'oauthWithFlow implicit');
+    context.oauthFlow('oauthWithFlow', 'oauthWithFlow authorization code');
   });
 
   it('provides warning when security requirement is not an object', () => {
@@ -52,7 +54,7 @@ describe('Security Requirement Object', () => {
 
   it('parses correctly a single scheme reference with scopes', () => {
     const securityRequirement = new namespace.elements.Object({
-      customOauth2: [
+      customOauth: [
         'scope1',
         'scope2',
       ],
@@ -66,7 +68,7 @@ describe('Security Requirement Object', () => {
     const arr = parseResult.get(0);
 
     expect(arr.length).to.equal(1);
-    expect(arr.get(0).element).to.equal('customOauth2');
+    expect(arr.get(0).element).to.equal('customOauth');
     expect(arr.get(0).length).to.equal(1);
 
     const scopes = arr.get(0).get(0).value;
@@ -79,7 +81,7 @@ describe('Security Requirement Object', () => {
 
   it('provides warning when scope is not a string', () => {
     const securityRequirement = new namespace.elements.Object({
-      customOauth2: [
+      customOauth: [
         'scope1',
         2,
       ],
@@ -93,7 +95,7 @@ describe('Security Requirement Object', () => {
     const arr = parseResult.get(0);
 
     expect(arr.length).to.equal(1);
-    expect(arr.get(0).element).to.equal('customOauth2');
+    expect(arr.get(0).element).to.equal('customOauth');
     expect(arr.get(0).length).to.equal(1);
 
     const scopes = arr.get(0).get(0).value;
@@ -102,13 +104,13 @@ describe('Security Requirement Object', () => {
     expect(scopes.length).to.equal(1);
     expect(scopes.get(0).toValue()).to.equal('scope1');
 
-    expect(parseResult).to.contain.warning("'Security Requirement Object' 'customOauth2' array value is not a string");
+    expect(parseResult).to.contain.warning("'Security Requirement Object' 'customOauth' array value is not a string");
   });
 
   it('parses correctly multi scheme references', () => {
     const securityRequirement = new namespace.elements.Object({
       customApiKey: [],
-      customOauth2: [],
+      customOauth: [],
     });
 
     const parseResult = parse(context, securityRequirement);
@@ -121,7 +123,40 @@ describe('Security Requirement Object', () => {
     expect(arr.length).to.equal(2);
     expect(arr.get(0).element).to.equal('customApiKey');
     expect(arr.get(0).length).to.equal(0);
-    expect(arr.get(1).element).to.equal('customOauth2');
+    expect(arr.get(1).element).to.equal('customOauth');
     expect(arr.get(1).length).to.equal(0);
   });
+
+  it('parses correctly oauth2 scheme with flows', () => {
+    let scopes;
+    const securityRequirement = new namespace.elements.Object({
+      oauthWithFlow: [
+        'scope',
+      ],
+    });
+
+    const parseResult = parse(context, securityRequirement);
+
+    expect(parseResult.length).to.equal(1);
+    expect(parseResult.get(0)).to.be.instanceof(namespace.elements.Array);
+
+    const arr = parseResult.get(0);
+
+    expect(arr.length).to.equal(2);
+    expect(arr.get(0).element).to.equal('oauthWithFlow implicit');
+    expect(arr.get(0).length).to.equal(1);
+
+    scopes = arr.get(0).get(0).value;
+    expect(scopes).to.be.instanceof(namespace.elements.Array);
+    expect(scopes.length).to.equal(1);
+    expect(scopes.get(0).toValue()).to.equal('scope');
+
+    expect(arr.get(1).element).to.equal('oauthWithFlow authorization code');
+    expect(arr.get(1).length).to.equal(1);
+
+    scopes = arr.get(1).get(0).value;
+    expect(scopes).to.be.instanceof(namespace.elements.Array);
+    expect(scopes.length).to.equal(1);
+    expect(scopes.get(0).toValue()).to.equal('scope');
+  });
 });