Skip to content

Commit

Permalink
Merge pull request #93 from comino/fix-#92
Browse files Browse the repository at this point in the history
ApiKey as query parameters now picked up by security middleware
  • Loading branch information
cdimascio authored Oct 25, 2019
2 parents c59c8a1 + c52e571 commit 22bf199
Show file tree
Hide file tree
Showing 3 changed files with 23 additions and 2 deletions.
2 changes: 1 addition & 1 deletion src/middlewares/openapi.security.ts
Original file line number Diff line number Diff line change
Expand Up @@ -213,7 +213,7 @@ class AuthValidator {
throw Error(`'${scheme.name}' header required`);
}
} else if (scheme.in === 'query') {
if (!req.headers[scheme.name]) {
if (!req.query[scheme.name]) {
throw Error(`query parameter '${scheme.name}' required`);
}
}
Expand Down
15 changes: 14 additions & 1 deletion test/resources/security.top.level.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,6 @@ info:

servers:
- url: /v1/

security:
- ApiKeyAuth: []

Expand All @@ -30,6 +29,16 @@ paths:
'401':
description: unauthorized

/api_query_key:
get:
security:
- ApiKeyQueryAuth: []
responses:
'200':
description: OK
'401':
description: unauthorized

/bearer:
get:
security:
Expand Down Expand Up @@ -64,6 +73,10 @@ components:
type: apiKey
in: header
name: X-API-Key
ApiKeyQueryAuth:
type: apiKey
in: query
name: APIKey
BearerAuth:
type: http
scheme: bearer
8 changes: 8 additions & 0 deletions test/security.top.level.spec.ts
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ describe(packageJson.name, () => {
express
.Router()
.get(`/api_key`, (req, res) => res.json({ logged_in: true }))
.get(`/api_query_key`, (req, res) => res.json({ logged_in: true }))
.get(`/api_key_or_anonymous`, (req, res) =>
res.json({ logged_in: true }),
)
Expand All @@ -51,6 +52,13 @@ describe(packageJson.name, () => {
);
}));

it('should return 200 if apikey exist as queray param', async () =>
request(app)
.get(`${basePath}/api_query_key`)
.query({ "APIKey": 'test' })
.expect(200)
);

it('should return 200 if apikey or anonymous', async () =>
request(app)
.get(`${basePath}/api_key_or_anonymous`)
Expand Down

0 comments on commit 22bf199

Please sign in to comment.