Skip to content

Commit

Permalink
fix(openapi): hide auth header when set in securityScheme (#769)
Browse files Browse the repository at this point in the history
  • Loading branch information
aheckmann authored Dec 25, 2023
1 parent 19a7513 commit ca3a88e
Show file tree
Hide file tree
Showing 3 changed files with 14 additions and 2 deletions.
7 changes: 6 additions & 1 deletion examples/options.js
Original file line number Diff line number Diff line change
Expand Up @@ -52,11 +52,16 @@ const openapiOption = {
type: 'apiKey',
name: 'apiKey',
in: 'header'
},
bearerAuth: {
type: 'http',
scheme: 'bearer'
}
}
},
security: [{
apiKey: []
apiKey: [],
bearerAuth: []
}],
externalDocs: {
description: 'Find more info here',
Expand Down
5 changes: 4 additions & 1 deletion lib/spec/openapi/utils.js
Original file line number Diff line number Diff line change
Expand Up @@ -373,7 +373,10 @@ function prepareOpenapiMethod (schema, ref, openapiObject, url) {
]
.reduce((acc, securitySchemeGroup) => {
Object.keys(securitySchemeGroup).forEach((securitySchemeLabel) => {
const { name, in: category } = openapiObject.components.securitySchemes[securitySchemeLabel]
const scheme = openapiObject.components.securitySchemes[securitySchemeLabel]
const isBearer = scheme.type === 'http' && scheme.scheme === 'bearer'
const category = isBearer ? 'header' : scheme.in
const name = isBearer ? 'authorization' : scheme.name
if (!acc[category]) {
acc[category] = []
}
Expand Down
4 changes: 4 additions & 0 deletions test/spec/openapi/route.js
Original file line number Diff line number Diff line change
Expand Up @@ -647,6 +647,10 @@ test('security headers ignored when declared in security and securityScheme', as
type: 'string',
description: 'api token'
},
bearerAuth: {
type: 'string',
description: 'authorization bearer'
},
id: {
type: 'string',
description: 'common field'
Expand Down

0 comments on commit ca3a88e

Please sign in to comment.