tests: cover uncovered security definitions validation

DenTray · DenTray · commit 80b9853e2ed4 · 2023-10-28T17:24:23.000+06:00
diff --git a/src/Validators/SwaggerSpecValidator.php b/src/Validators/SwaggerSpecValidator.php
@@ -155,9 +155,9 @@ protected function validateSecurityDefinitions(): void
 
             $this->validateFieldsPresent(self::REQUIRED_FIELDS['security_definition'], $parentId);
 
-            $this->validateFieldValue("{$parentId}.'type", self::ALLOWED_VALUES['security_definition_type']);
-            $this->validateFieldValue("{$parentId}.'in", self::ALLOWED_VALUES['security_definition_in']);
-            $this->validateFieldValue("{$parentId}.'flow", self::ALLOWED_VALUES['security_definition_flow']);
+            $this->validateFieldValue("{$parentId}.type", self::ALLOWED_VALUES['security_definition_type']);
+            $this->validateFieldValue("{$parentId}.in", self::ALLOWED_VALUES['security_definition_in']);
+            $this->validateFieldValue("{$parentId}.flow", self::ALLOWED_VALUES['security_definition_flow']);
         }
     }
 
diff --git a/tests/SwaggerServiceTest.php b/tests/SwaggerServiceTest.php
@@ -271,6 +271,21 @@ public function getConstructorInvalidTmpData(): array
                 'exceptionMessage' => "Validation failed. Path parameters cannot be optional. "
                     . "Set required=true for the 'username' parameters at operation 'paths./users.get'."
             ],
+            [
+                'tmpDoc' => 'documentation/invalid_format__security_definition__type',
+                'exception' => InvalidSwaggerSpecException::class,
+                'exceptionMessage' => "Validation failed. Field 'securityDefinitions.0.type' has an invalid value: invalid. Allowed values: basic, apiKey, oauth2."
+            ],
+            [
+                'tmpDoc' => 'documentation/invalid_format__security_definition__flow',
+                'exception' => InvalidSwaggerSpecException::class,
+                'exceptionMessage' => "Validation failed. Field 'securityDefinitions.0.flow' has an invalid value: invalid. Allowed values: implicit, password, application, accessCode."
+            ],
+            [
+                'tmpDoc' => 'documentation/invalid_format__security_definition__in',
+                'exception' => InvalidSwaggerSpecException::class,
+                'exceptionMessage' => "Validation failed. Field 'securityDefinitions.0.in' has an invalid value: invalid. Allowed values: query, header."
+            ],
         ];
     }
 
diff --git a/tests/fixtures/SwaggerServiceTest/documentation/invalid_format__security_definition__flow.json b/tests/fixtures/SwaggerServiceTest/documentation/invalid_format__security_definition__flow.json
@@ -0,0 +1,88 @@
+{
+  "swagger": "2.0",
+  "host": "localhost",
+  "basePath": "\/",
+  "schemes": [],
+  "paths": {
+    "\/api\/users":
+    {
+      "post":
+      {
+        "tags": ["api"],
+        "consumes": ["application\/x-www-form-urlencoded"],
+        "produces": ["application\/json"],
+        "parameters": [
+          {
+            "in": "body",
+            "name": "body",
+            "description": "",
+            "required": true,
+           "schema": {
+             "$ref": "#/definitions/apiusersObject"
+           }
+          }
+        ],
+        "responses":
+        {
+          "403":
+          {
+            "description": "Forbidden",
+            "schema":
+            {
+              "example":
+              {
+                "message": "This action is unauthorized."
+              }
+            }
+          }
+        },
+        "security": [],
+        "description": "",
+        "summary": "test"
+      }
+    }
+  },
+  "definitions": {
+    "apiusersObject": {
+      "type": "object",
+      "properties": {
+        "query": {
+          "type": "string",
+          "description": ""
+        },
+        "user_id": {
+          "type": "integer",
+          "description": "with_to_array_rule_string_name"
+        },
+        "is_email_enabled": {
+          "type": "string",
+          "description": "test_rule_without_to_string"
+        }
+      },
+      "required": {
+        "0": "query"
+      },
+      "example": {
+        "first_name": "andrey",
+        "last_name": "voronin"
+      }
+    }
+  },
+  "info": {
+    "description": "This is automatically collected documentation",
+    "version": "0.0.0",
+    "title": "Name of Your Application",
+    "termsOfService": "",
+    "contact":
+    {
+      "email": "your@email.com"
+    }
+  },
+  "securityDefinitions": [
+    {
+      "type": "basic",
+      "in": "query",
+      "flow": "invalid"
+    }
+  ]
+}
diff --git a/tests/fixtures/SwaggerServiceTest/documentation/invalid_format__security_definition__in.json b/tests/fixtures/SwaggerServiceTest/documentation/invalid_format__security_definition__in.json
@@ -0,0 +1,88 @@
+{
+  "swagger": "2.0",
+  "host": "localhost",
+  "basePath": "\/",
+  "schemes": [],
+  "paths": {
+    "\/api\/users":
+    {
+      "post":
+      {
+        "tags": ["api"],
+        "consumes": ["application\/x-www-form-urlencoded"],
+        "produces": ["application\/json"],
+        "parameters": [
+          {
+            "in": "body",
+            "name": "body",
+            "description": "",
+            "required": true,
+           "schema": {
+             "$ref": "#/definitions/apiusersObject"
+           }
+          }
+        ],
+        "responses":
+        {
+          "403":
+          {
+            "description": "Forbidden",
+            "schema":
+            {
+              "example":
+              {
+                "message": "This action is unauthorized."
+              }
+            }
+          }
+        },
+        "security": [],
+        "description": "",
+        "summary": "test"
+      }
+    }
+  },
+  "definitions": {
+    "apiusersObject": {
+      "type": "object",
+      "properties": {
+        "query": {
+          "type": "string",
+          "description": ""
+        },
+        "user_id": {
+          "type": "integer",
+          "description": "with_to_array_rule_string_name"
+        },
+        "is_email_enabled": {
+          "type": "string",
+          "description": "test_rule_without_to_string"
+        }
+      },
+      "required": {
+        "0": "query"
+      },
+      "example": {
+        "first_name": "andrey",
+        "last_name": "voronin"
+      }
+    }
+  },
+  "info": {
+    "description": "This is automatically collected documentation",
+    "version": "0.0.0",
+    "title": "Name of Your Application",
+    "termsOfService": "",
+    "contact":
+    {
+      "email": "your@email.com"
+    }
+  },
+  "securityDefinitions": [
+    {
+      "type": "basic",
+      "in": "invalid",
+      "flow": "password"
+    }
+  ]
+}
diff --git a/tests/fixtures/SwaggerServiceTest/documentation/invalid_format__security_definition__type.json b/tests/fixtures/SwaggerServiceTest/documentation/invalid_format__security_definition__type.json
@@ -0,0 +1,88 @@
+{
+  "swagger": "2.0",
+  "host": "localhost",
+  "basePath": "\/",
+  "schemes": [],
+  "paths": {
+    "\/api\/users":
+    {
+      "post":
+      {
+        "tags": ["api"],
+        "consumes": ["application\/x-www-form-urlencoded"],
+        "produces": ["application\/json"],
+        "parameters": [
+          {
+            "in": "body",
+            "name": "body",
+            "description": "",
+            "required": true,
+           "schema": {
+             "$ref": "#/definitions/apiusersObject"
+           }
+          }
+        ],
+        "responses":
+        {
+          "403":
+          {
+            "description": "Forbidden",
+            "schema":
+            {
+              "example":
+              {
+                "message": "This action is unauthorized."
+              }
+            }
+          }
+        },
+        "security": [],
+        "description": "",
+        "summary": "test"
+      }
+    }
+  },
+  "definitions": {
+    "apiusersObject": {
+      "type": "object",
+      "properties": {
+        "query": {
+          "type": "string",
+          "description": ""
+        },
+        "user_id": {
+          "type": "integer",
+          "description": "with_to_array_rule_string_name"
+        },
+        "is_email_enabled": {
+          "type": "string",
+          "description": "test_rule_without_to_string"
+        }
+      },
+      "required": {
+        "0": "query"
+      },
+      "example": {
+        "first_name": "andrey",
+        "last_name": "voronin"
+      }
+    }
+  },
+  "info": {
+    "description": "This is automatically collected documentation",
+    "version": "0.0.0",
+    "title": "Name of Your Application",
+    "termsOfService": "",
+    "contact":
+    {
+      "email": "your@email.com"
+    }
+  },
+  "securityDefinitions": [
+    {
+      "type": "invalid",
+      "in": "query",
+      "flow": "password"
+    }
+  ]
+}

Original file line number	Diff line number	Diff line change
`@@ -155,9 +155,9 @@ protected function validateSecurityDefinitions(): void`
`155`	`155`
`156`	`156`	`$this->validateFieldsPresent(self::REQUIRED_FIELDS['security_definition'], $parentId);`
`157`	`157`
`158`		`- $this->validateFieldValue("{$parentId}.'type", self::ALLOWED_VALUES['security_definition_type']);`
`159`		`- $this->validateFieldValue("{$parentId}.'in", self::ALLOWED_VALUES['security_definition_in']);`
`160`		`- $this->validateFieldValue("{$parentId}.'flow", self::ALLOWED_VALUES['security_definition_flow']);`
	`158`	`+ $this->validateFieldValue("{$parentId}.type", self::ALLOWED_VALUES['security_definition_type']);`
	`159`	`+ $this->validateFieldValue("{$parentId}.in", self::ALLOWED_VALUES['security_definition_in']);`
	`160`	`+ $this->validateFieldValue("{$parentId}.flow", self::ALLOWED_VALUES['security_definition_flow']);`
`161`	`161`	`}`
`162`	`162`	`}`
`163`	`163`