From 8d195091d2d6c811a766fbc44a7135ac6255d35d Mon Sep 17 00:00:00 2001
From: Carmine DiMascio <cdimascio@tripadvisor.com>
Date: Sat, 12 Oct 2019 17:13:49 -0400
Subject: [PATCH] throw if attempt to use security with undefined handlers

---
 src/middlewares/openapi.security.ts | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/src/middlewares/openapi.security.ts b/src/middlewares/openapi.security.ts
index 73c49bdf..e3ca0e45 100644
--- a/src/middlewares/openapi.security.ts
+++ b/src/middlewares/openapi.security.ts
@@ -75,6 +75,13 @@ class SecuritySchemes {
   }
 
   executeHandlers(req: OpenApiRequest): Promise<SecurityHandlerResult[]> {
+    if (this.securities && !this.securityHandlers) {
+      const names = Object.keys(this.securities).join(', ');
+      throw {
+        status: 500,
+        message: `attempt to use securities ${names}, but no securityHandlers defined.`,
+      };
+    }
     const promises = this.securities.map(async s => {
       try {
         const securityKey = Object.keys(s)[0];
@@ -99,10 +106,10 @@ class SecuritySchemes {
         new AuthValidator(req, scheme).validate();
 
         // expected handler results are:
-        // - throw exception, 
-        // - return true, 
-        // - return Promise<true>, 
-        // - return false, 
+        // - throw exception,
+        // - return true,
+        // - return Promise<true>,
+        // - return false,
         // - return Promise<false>
         // everything else should be treated as false
         const success = await handler(req, scopes, scheme);