feat: do not flatten securities (#15)

BREAKING CHANGE: getSecurities returns Security[][] now instead of Security[] and translateToSecurities returns HttpSecurityScheme[][] instead of HttpSecurityScheme[]

Author: lag-of-death

package.json

@@ -35,7 +35,7 @@
   },
   "dependencies": {
     "@stoplight/json": "^3.0.1",
-    "@stoplight/types": "^9.1.2",
+    "@stoplight/types": "^11.0.0",
     "@types/swagger-schema-official": "~2.0.18",
     "@types/urijs": "~1.19.1",
     "lodash": "^4.17.11",

src/oas2/__tests__/accessors.test.ts

@@ -20,13 +20,90 @@ const securityDefinitionsFixture: Dictionary<Security> = {
 };
 
 describe('accessors', () => {
-  const securityFixture = [
+  const securityFixture: Array<Dictionary<string[], string>> = [
     {
       api_key: [],
       petstore_auth: ['write:pets', 'read:pets'],
     },
   ];
 
+  describe('relation between schemes', () => {
+    describe('when all of the given schemes are expected to be validated against', () => {
+      const securityFixtureWithAndRelation = securityFixture;
+
+      it('returns an array containing multiple elements', () => {
+        expect(
+          getSecurities(
+            {
+              securityDefinitions: securityDefinitionsFixture,
+              security: [],
+            },
+            securityFixtureWithAndRelation,
+          ),
+        ).toEqual([
+          [
+            {
+              in: 'header',
+              name: 'api_key',
+              type: 'apiKey',
+            },
+            {
+              authorizationUrl: 'http://swagger.io/api/oauth/dialog',
+              flow: 'implicit',
+              scopes: {
+                'read:pets': 'read your pets',
+                'write:pets': 'modify pets in your account',
+              },
+              type: 'oauth2',
+            },
+          ],
+        ]);
+      });
+    });
+
+    describe('when one of the given schemes is expected to be validated against', () => {
+      it('returns arrays containing one element each', () => {
+        const securityFixtureWithOrRelation: Array<Dictionary<string[], string>> = [
+          {
+            petstore_auth: ['write:pets', 'read:pets'],
+          },
+          {
+            api_key: [],
+          },
+        ];
+
+        expect(
+          getSecurities(
+            {
+              securityDefinitions: securityDefinitionsFixture,
+              security: [],
+            },
+            securityFixtureWithOrRelation,
+          ),
+        ).toEqual([
+          [
+            {
+              authorizationUrl: 'http://swagger.io/api/oauth/dialog',
+              flow: 'implicit',
+              scopes: {
+                'read:pets': 'read your pets',
+                'write:pets': 'modify pets in your account',
+              },
+              type: 'oauth2',
+            },
+          ],
+          [
+            {
+              in: 'header',
+              name: 'api_key',
+              type: 'apiKey',
+            },
+          ],
+        ]);
+      });
+    });
+  });
+
   describe('getSecurities', () => {
     test('given no security definitions should return empty array', () => {
       expect(
@@ -87,7 +164,7 @@ describe('accessors', () => {
             },
           ],
         ),
-      ).toEqual([{ in: 'header', name: 'api_key', type: 'apiKey' }]);
+      ).toEqual([[{ in: 'header', name: 'api_key', type: 'apiKey' }]]);
     });
 
     test('given security with custom scopes should override global definition', () => {
@@ -104,12 +181,14 @@ describe('accessors', () => {
           ],
         ),
       ).toEqual([
-        {
-          authorizationUrl: 'http://swagger.io/api/oauth/dialog',
-          flow: 'implicit',
-          scopes: { 'read:pets': 'read your pets', 'write:pets': 'modify pets in your account' },
-          type: 'oauth2',
-        },
+        [
+          {
+            authorizationUrl: 'http://swagger.io/api/oauth/dialog',
+            flow: 'implicit',
+            scopes: { 'read:pets': 'read your pets', 'write:pets': 'modify pets in your account' },
+            type: 'oauth2',
+          },
+        ],
       ]);
     });
 
@@ -123,13 +202,15 @@ describe('accessors', () => {
           securityFixture,
         ),
       ).toEqual([
-        { in: 'header', name: 'api_key', type: 'apiKey' },
-        {
-          authorizationUrl: 'http://swagger.io/api/oauth/dialog',
-          flow: 'implicit',
-          scopes: { 'write:pets': 'modify pets in your account', 'read:pets': 'read your pets' },
-          type: 'oauth2',
-        },
+        [
+          { in: 'header', name: 'api_key', type: 'apiKey' },
+          {
+            authorizationUrl: 'http://swagger.io/api/oauth/dialog',
+            flow: 'implicit',
+            scopes: { 'write:pets': 'modify pets in your account', 'read:pets': 'read your pets' },
+            type: 'oauth2',
+          },
+        ],
       ]);
     });
   });

src/oas2/accessors.ts

@@ -1,14 +1,18 @@
 import { Dictionary } from '@stoplight/types';
-import { compact, flatten, get, map, merge } from 'lodash';
+import { compact, get, isEmpty, map, merge } from 'lodash';
+import { negate } from 'lodash/fp';
 import { Operation, Security, Spec } from 'swagger-schema-official';
 
 export function getSecurities(
   spec: Partial<Spec>,
   operationSecurity: Array<Dictionary<string[], string>> | undefined,
-): Security[] {
+): Security[][] {
   const globalSecurities = getSecurity(spec.security, spec.securityDefinitions || {});
   const operationSecurities = getSecurity(operationSecurity, spec.securityDefinitions || {});
-  return !!operationSecurity ? operationSecurities : globalSecurities;
+
+  const securities = !!operationSecurity ? operationSecurities : globalSecurities;
+
+  return securities.filter(negate(isEmpty));
 }
 
 export function getProduces(spec: Partial<Spec>, operation: Partial<Operation>) {
@@ -22,21 +26,19 @@ export function getConsumes(spec: Partial<Spec>, operation: Partial<Operation>)
 function getSecurity(
   security: Array<Dictionary<string[], string>> | undefined,
   definitions: Dictionary<Security, string>,
-): Security[] {
-  return flatten(
-    map(security, sec => {
-      return compact(
-        map(Object.keys(sec), (key: string) => {
-          const def = definitions[key];
-          if (def) {
-            const defCopy = merge<Object, Security>({}, def);
-            return defCopy;
-          }
-          return null;
-        }),
-      );
-    }),
-  );
+): Security[][] {
+  return map(security, sec => {
+    return compact(
+      map(Object.keys(sec), (key: string) => {
+        const def = definitions[key];
+        if (def) {
+          const defCopy = merge<Object, Security>({}, def);
+          return defCopy;
+        }
+        return null;
+      }),
+    );
+  });
 }
 
 function getProducesOrConsumes(which: 'produces' | 'consumes', spec: Partial<Spec>, operation: Partial<Operation>) {