Skip to content

feat: add ability to select security in source key. #115

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 13 commits into from
Dec 26, 2023
Merged

feat: add ability to select security in source key. #115

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
13 commits
Select commit Hold shift + click to select a range
d310c7c
feat: add ability to select security in source key.
Nov 12, 2023
075e5a7
chore: add auth_driver config.
Nov 15, 2023
e693c74
style: reformat code.
Nov 15, 2023
3d24e3c
chore: correct logic for security drivers.
Dec 5, 2023
55997cb
chore: add backward compatibility for security drivers.
Dec 5, 2023
29af4d6
style: correct code style.
Dec 5, 2023
f5e63da
style: correct switch style.
Dec 5, 2023
2873164
Merge branch 'master' into 97-add-custom-authentication-header-support
Dec 13, 2023
3fce8f9
test: add test case.
Dec 13, 2023
fe0bd78
test: add test case.
Dec 13, 2023
89e45f2
Update tests/SwaggerServiceTest.php
DenTray Dec 14, 2023
ba53bd1
Merge branch 'master' into 97-add-custom-authentication-header-support
Dec 14, 2023
0c2fcae
test: correct test case fixture.
Dec 14, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 15 additions & 2 deletions config/auto-doc.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -73,9 +73,22 @@
|--------------------------------------------------------------------------
|
| Library name, which used to secure the project.
| Available values: "jwt", "laravel", "null"
| Should have one of the key from the `security_drivers` config
*/
'security' => '',
'security_drivers' => [
'jwt' => [
'type' => 'apiKey',
'name' => 'Authorization',
'in' => 'header'
],
'laravel' => [
'type' => 'apiKey',
'name' => '__ym_uid',
'in' => 'cookie'
]
],

'defaults' => [

/*
Expand Down Expand Up @@ -171,5 +184,5 @@
'development'
],

'config_version' => '2.6'
'config_version' => '2.7'
];
51 changes: 28 additions & 23 deletions src/Services/SwaggerService.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,12 @@ protected function initConfig()
if (!view()->exists("auto-doc::documentation-{$documentationViewer}")) {
throw new UnsupportedDocumentationViewerException($documentationViewer);
}

$securityDriver = Arr::get($this->config, 'security');

if ($securityDriver && !array_key_exists($securityDriver, Arr::get($this->config, 'security_drivers'))) {
throw new WrongSecurityConfigException();
}
}

protected function setDriver()
Expand Down Expand Up @@ -170,23 +176,11 @@ protected function generateSecurityDefinition(): ?array

protected function generateSecurityDefinitionObject($type): array
{
switch ($type) {
case 'jwt':
return [
'type' => 'apiKey',
'name' => 'authorization',
'in' => 'header'
];

case 'laravel':
return [
'type' => 'apiKey',
'name' => 'Cookie',
'in' => 'header'
];
default:
throw new WrongSecurityConfigException();
}
return [
'type' => $this->config['security_drivers'][$type]['type'],
'name' => $this->config['security_drivers'][$type]['name'],
'in' => $this->config['security_drivers'][$type]['in']
];
}

public function addData(Request $request, $response)
Expand Down Expand Up @@ -701,16 +695,27 @@ protected function getSummary($request, array $annotations)

protected function requestSupportAuth(): bool
{
switch ($this->security) {
case 'jwt':
$header = $this->request->header('authorization');
$security = Arr::get($this->config, 'security');
$securityDriver = Arr::get($this->config, "security_drivers.{$security}");

switch (Arr::get($securityDriver, 'in')) {
case 'header':
// TODO Change this logic after migration on Swagger 3.0
// Swagger 2.0 does not support cookie authorization.
$securityToken = $this->request->hasHeader($securityDriver['name'])
? $this->request->header($securityDriver['name'])
: $this->request->cookie($securityDriver['name']);

break;
case 'laravel':
$header = $this->request->cookie('__ym_uid');
case 'query':
$securityToken = $this->request->query($securityDriver['name']);

break;
default:
$securityToken = null;
}

return !empty($header);
return !empty($securityToken);
}

protected function parseRequestName($request)
Expand Down
57 changes: 52 additions & 5 deletions tests/SwaggerServiceTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -293,8 +293,11 @@ public static function getConstructorInvalidTmpData(): array
}

#[DataProvider('getConstructorInvalidTmpData')]
public function testGetDocFileContentInvalidTmpData(string $docFilePath, string $exception, string $exceptionMessage)
{
public function testGetDocFileContentInvalidTmpData(
string $docFilePath,
string $exception,
string $exceptionMessage
) {
$this->mockDriverGetDocumentation($this->getJsonFixture($docFilePath));

$this->expectException($exception);
Expand Down Expand Up @@ -323,6 +326,10 @@ public static function getAddEmptyData(): array
'security' => 'jwt',
'savedTmpDataFixture' => 'tmp_data_request_with_empty_data_jwt',
],
[
'security' => 'query',
'savedTmpDataFixture' => 'tmp_data_request_with_empty_data_query',
],
];
}

Expand All @@ -331,6 +338,23 @@ public function testAddDataRequestWithEmptyDataLaravel(string $security, string
{
config([
'auto-doc.security' => $security,
'auto-doc.security_drivers' => [
'laravel' => [
'name' => 'laravel',
'in' => 'cookie',
'type' => 'apiKey'
],
'jwt' => [
'name' => 'Authorization',
'in' => 'header',
'type' => 'apiKey'
],
'query' => [
'name' => 'api_key',
'in' => 'query',
'type' => 'apiKey'
]
]
]);

$this->mockDriverGetEmptyAndSaveTpmData([], $this->getJsonFixture($savedTmpDataFixture));
Expand Down Expand Up @@ -439,13 +463,36 @@ public static function addDataWithSecurity(): array
'security' => 'jwt',
'requestFixture' => 'tmp_data_search_roles_request_jwt_security',
],
[
'security' => 'query',
'requestFixture' => 'tmp_data_search_roles_request_query_security',
],
];
}

#[DataProvider('addDataWithSecurity')]
public function testAddDataWithJWTSecurity(string $security, string $requestFixture)
public function testAddDataWithSecurity(string $security, string $requestFixture)
{
config(['auto-doc.security' => $security]);
config([
'auto-doc.security' => $security,
'auto-doc.security_drivers' => [
'laravel' => [
'name' => 'laravel',
'in' => 'cookie',
'type' => 'apiKey'
],
'jwt' => [
'name' => 'Authorization',
'in' => 'header',
'type' => 'apiKey'
],
'query' => [
'name' => 'api_key',
'in' => 'query',
'type' => 'apiKey'
]
]
]);

$this->mockDriverGetEmptyAndSaveTpmData($this->getJsonFixture($requestFixture));

Expand All @@ -458,7 +505,7 @@ public function testAddDataWithJWTSecurity(string $security, string $requestFixt
$service->addData($request, $response);
}

public function testAddDataWithEmptySecurity()
public function testAddDataWithInvalidSecurity()
{
config(['auto-doc.security' => 'invalid']);

Expand Down
2 changes: 1 addition & 1 deletion tests/fixtures/SwaggerServiceTest/tmp_data_request_with_empty_data_jwt.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@
"securityDefinitions": {
"jwt": {
"type": "apiKey",
"name": "authorization",
"name": "Authorization",
"in": "header"
}
}
Expand Down
4 changes: 2 additions & 2 deletions tests/fixtures/SwaggerServiceTest/tmp_data_request_with_empty_data_laravel.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,8 @@
"securityDefinitions": {
"laravel": {
"type": "apiKey",
"name": "Cookie",
"in": "header"
"name": "laravel",
"in": "cookie"
}
}
}
24 changes: 24 additions & 0 deletions tests/fixtures/SwaggerServiceTest/tmp_data_request_with_empty_data_query.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
{
"swagger": "2.0",
"host": "localhost",
"basePath": "\/",
"schemes": [],
"paths": [],
"definitions": [],
"info": {
"description": "This is automatically collected documentation",
"version": "0.0.0",
"title": "Name of Your Application",
"termsOfService": "",
"contact": {
"email": "your@mail.com"
}
},
"securityDefinitions": {
"query": {
"type": "apiKey",
"name": "api_key",
"in": "query"
}
}
}
110 changes: 110 additions & 0 deletions tests/fixtures/SwaggerServiceTest/tmp_data_search_roles_request_query_security.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,110 @@
{
"swagger": "2.0",
"host": "localhost",
"basePath": "/",
"schemes": [],
"paths": {
"/users/roles": {
"get": {
"tags": [
"users"
],
"consumes": [
"application/json"
],
"produces": [
"application/json"
],
"parameters": [
{
"in": "query",
"name": "query",
"description": "string, required",
"type": "string",
"required": true
},
{
"in": "query",
"name": "user_id",
"description": "integer, with_to_array_rule_string_name",
"type": "integer"
},
{
"in": "query",
"name": "is_email_enabled",
"type": "string",
"description": "test_rule_without_to_string"
}
],
"responses": {
"200": {
"description": "Operation successfully done",
"schema": {
"example": [
{
"id": 1,
"name": "admin",
"users": [
{
"id": 1,
"name": "admin"
}
]
},
{
"id": 2,
"name": "client",
"users": [
{
"id": 2,
"name": "first_client"
},
{
"id": 3,
"name": "second_client"
}
]
}
],
"$ref": "#/definitions/getUsersroles200ResponseObject"
}
}
},
"security": [],
"description": "",
"summary": "test",
"deprecated": false
}
}
},
"definitions": {
"getUsersroles200ResponseObject": {
"type": "array",
"properties": {
"items": {
"allOf": [
{
"type": "array"
}
]
}
}
}
},
"info": {
"description": "This is automatically collected documentation",
"version": "0.0.0",
"title": "Name of Your Application",
"termsOfService": "",
"contact": {
"email": "your@email.com"
}
},
"securityDefinitions": {
"query": {
"type": "apiKey",
"name": "authorization",
"in": "header"
}
}
}