provide scopes and scheme to security hook

cdimascio · Oct 11, 2019 · 33df483 · 33df483
1 parent b9cb4e8
commit 33df483
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 6 deletions.
diff --git a/src/middlewares/openapi.security.ts b/src/middlewares/openapi.security.ts
@@ -36,6 +36,7 @@ export function security(
     const promises = securitySchema.map(s => {
       try {
         const securityKey = Object.keys(s)[0];
+        const scopes = Array.isArray(s) ? s : []
         const scheme: any = securitySchemes[securityKey];
         const handler = securityHandlers[securityKey];
 
@@ -52,9 +53,9 @@ export function security(
           throw validationError(401, path, message);
         }
 
-        const { scopes } = new AuthValidator(req, scheme).validate();
+        new AuthValidator(req, scheme).validate();
 
-        return Promise.resolve(handler(req, scopes, securitySchema));
+        return Promise.resolve(handler(req, scopes, securitySchemes));
       } catch (e) {
         return Promise.reject(e);
       }
@@ -77,7 +78,6 @@ class AuthValidator {
   private req: OpenApiRequest;
   private scheme;
   private path: string;
-  private scopes: string[] = [];
   constructor(req: OpenApiRequest, scheme) {
     this.req = req;
     this.scheme = scheme;
@@ -89,9 +89,6 @@ class AuthValidator {
     this.validateHttp();
     this.validateOauth2();
     this.validateOpenID();
-    return {
-      scopes: this.scopes,
-    };
   }
 
   private validateOauth2() {
@@ -156,6 +153,7 @@ class AuthValidator {
           );
         }
       }
+      // TODO scheme in cookie
     }
   }
 }
diff --git a/test/security.spec.ts b/test/security.spec.ts
@@ -51,6 +51,7 @@ describe(packageJson.name, () => {
 
   it('should return 401 if apikey handler returns false', async () => {
     eovConf.securityHandlers.ApiKeyAuth = <any>function(req, scopes, schema) {
+      expect(scopes).to.be.an('array').with.length(0);
       return false;
     };
     return request(app)
@@ -67,6 +68,7 @@ describe(packageJson.name, () => {
 
   it('should return 401 if apikey handler returns Promise with false', async () => {
     eovConf.securityHandlers.ApiKeyAuth = <any>function(req, scopes, schema) {
+      expect(scopes).to.be.an('array').with.length(0);
       return Promise.resolve(false);
     };
     return request(app)
@@ -98,6 +100,7 @@ describe(packageJson.name, () => {
 
   it('should return 200 if apikey header exists and handler returns true', async () => {
     eovConf.securityHandlers.ApiKeyAuth = <any>function(req, scopes, schema) {
+      expect(scopes).to.be.an('array').with.length(0);
       return true;
     };
     return request(app)
@@ -181,6 +184,7 @@ describe(packageJson.name, () => {
   it('should return 200 if bearer auth succeeds', async () => {
     (<any>eovConf.securityHandlers).BearerAuth = <any>(
       function(req, scopes, schema) {
+        expect(scopes).to.be.an('array').with.length(0);
         return true;
       }
     );