OpenAPI security specification is not present in the hooks

[tiagoalves]

I have a similar problem to #454. I'm testing some APIs with an OpenAPI specification that use security to indicate how requests should be authenticated and I'd like to have access to that information in the transaction object that is passed to the hook callbacks.

My goal is to dynamically add authentication information to the requests in the hooks. Specifying the authentication in a request-specific hook or in the command-line isn't an option for me since I'm trying to run Dredd generically for multiple APIs.

In the following code of the dredd-transactions project I can see that parseResult contains a authSchemes object which seems to be what I need: https://github.com/apiaryio/dredd-transactions/blob/master/src/dredd-transactions.coffee#L29

However, in the subsequent line, that information is discarded.

Is this feature planned or is there a work-around?

Thank you and great job on Dredd!

[honzajavorek]

Hi, thanks for an interesting suggestion! This is not planned and unfortunately, I don't know about an easy workaround.

One would be to write beforeEach hook, where you extract filename of the API description document (see transaction object structure and origin.filename), where you'd load the original document and parse again (either using fury.js to get the same thing dredd-transactions get, or swagger-parser directly) to get the information. Obviously, it would be good to cache the parse result for given filename between transactions so each of them isn't parsing the document again and again.

I'm not sure the filename is recorded in the origin object every time though. I didn't check tests, but I have a feeling that it appears only when you provide multiple API description documents by the --path option. You'll probably have to experiment with that a bit. Please let me know here if you were able to get it working!

BTW, I'd generalize this problem to:

• There is data in the API description, which Dredd doesn't need, but might be important for hooks.
• Since Dredd strips the data down to HTTP transactions, the data is lost and is not accessible in hooks.
• Hooks can do their own parsing, but that seems inefficient since Dredd previously already had all the data in memory.
• Dredd probably doesn't even consistently provide filename for hooks.

I think we should make sure in the future hooks can somehow access the parse result.

[tiagoalves]

Thanks for the quick response.

I went ahead with your suggestion and I'm able to get the full swagger definition with swagger-parser. I'm just at a state where I'm printing the parsed swagger spec and the Dredd transaction object but I think everything I need appears to be present to match the request info and figure out each request's security/authentication settings.

I also agree with your generalization of the problem.

[honzajavorek]

@tiagoalves Great, thanks!

[honzajavorek]

@artem-zakharchenko @kylef this could be solved if Dredd used API Elements as an internal data structure instead of the custom "transaction" abstraction it uses now.