From 809f8e875b287d1901677e317ece9d8250750988 Mon Sep 17 00:00:00 2001
From: Patryk Ptasinski <patryk@ipepe.pl>
Date: Mon, 8 Jan 2024 09:45:45 +0100
Subject: [PATCH 01/15] Add
 RSpec::OpenAPI::SchemaCleaner.cleanup_conflicting_security_parameters!

---
 lib/rspec/openapi/result_recorder.rb |  3 ++-
 lib/rspec/openapi/schema_cleaner.rb  | 21 +++++++++++++++++++++
 2 files changed, 23 insertions(+), 1 deletion(-)

diff --git a/lib/rspec/openapi/result_recorder.rb b/lib/rspec/openapi/result_recorder.rb
index 676e29f3..45f641ab 100644
--- a/lib/rspec/openapi/result_recorder.rb
+++ b/lib/rspec/openapi/result_recorder.rb
@@ -12,7 +12,7 @@ def record_results!
       config_file = File.join(File.dirname(path), RSpec::OpenAPI.config_filename)
       begin
         require config_file if File.exist?(config_file)
-      rescue => e
+      rescue StandardError => e
         puts "WARNING: Unable to load #{config_file}: #{e}"
       end
 
@@ -32,6 +32,7 @@ def record_results!
         RSpec::OpenAPI::SchemaCleaner.cleanup!(spec, new_from_zero)
         RSpec::OpenAPI::ComponentsUpdater.update!(spec, new_from_zero)
         RSpec::OpenAPI::SchemaCleaner.cleanup_empty_required_array!(spec)
+        RSpec::OpenAPI::SchemaCleaner.cleanup_conflicting_security_parameters!(spec)
         RSpec::OpenAPI::SchemaSorter.deep_sort!(spec)
       end
     end
diff --git a/lib/rspec/openapi/schema_cleaner.rb b/lib/rspec/openapi/schema_cleaner.rb
index f6cf5b2e..87118b58 100644
--- a/lib/rspec/openapi/schema_cleaner.rb
+++ b/lib/rspec/openapi/schema_cleaner.rb
@@ -39,6 +39,27 @@ def cleanup!(base, spec)
     base
   end
 
+  def cleanup_conflicting_security_parameters!(base)
+    security_schemes = base.dig('components', 'securitySchemes') || {}
+    paths_to_parameters = RSpec::OpenAPI::HashHelper.matched_paths_deeply_nested(base, 'paths', 'parameters')
+
+    paths_to_parameters.each do |path|
+      parent = base.dig(*path.take(path.length - 1))
+
+      security_schemes_for_parent = security_schemes.select do |security_scheme_name, _security_scheme|
+        parent['security'][0].keys.include?(security_scheme_name)
+      end
+
+      security_schemes_for_parent.each_value do |security_scheme|
+        parent['parameters'].reject! do |parameter|
+          parameter['in'] == security_scheme['in'] && # same location (ie. header)
+            parameter['name'] == security_scheme['name'] # same name (ie. AUTHORIZATION)
+        end
+        parent.delete('parameters') if parent['parameters'].empty?
+      end
+    end
+  end
+
   def cleanup_empty_required_array!(base)
     paths_to_objects = [
       *RSpec::OpenAPI::HashHelper.matched_paths_deeply_nested(base, 'components.schemas', 'properties'),

From 8b48da51d00d609992b7bf10551f8286995fd08b Mon Sep 17 00:00:00 2001
From: Patryk Ptasinski <patryk@ipepe.pl>
Date: Mon, 8 Jan 2024 09:48:59 +0100
Subject: [PATCH 02/15] Make sure that undefined security in path will not
 break schema cleanup

---
 lib/rspec/openapi/schema_cleaner.rb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/rspec/openapi/schema_cleaner.rb b/lib/rspec/openapi/schema_cleaner.rb
index 87118b58..ff35a003 100644
--- a/lib/rspec/openapi/schema_cleaner.rb
+++ b/lib/rspec/openapi/schema_cleaner.rb
@@ -41,13 +41,13 @@ def cleanup!(base, spec)
 
   def cleanup_conflicting_security_parameters!(base)
     security_schemes = base.dig('components', 'securitySchemes') || {}
-    paths_to_parameters = RSpec::OpenAPI::HashHelper.matched_paths_deeply_nested(base, 'paths', 'parameters')
+    paths_to_parameters = RSpec::OpenAPI::HashHelper.matched_paths_deeply_nested(base, 'paths', 'security')
 
     paths_to_parameters.each do |path|
       parent = base.dig(*path.take(path.length - 1))
 
       security_schemes_for_parent = security_schemes.select do |security_scheme_name, _security_scheme|
-        parent['security'][0].keys.include?(security_scheme_name)
+        parent.dig('security', 0)&.keys&.include?(security_scheme_name)
       end
 
       security_schemes_for_parent.each_value do |security_scheme|

From 608edc575e1dd26cdeb7e551aece5566065c4885 Mon Sep 17 00:00:00 2001
From: Patryk Ptasinski <patryk@ipepe.pl>
Date: Mon, 8 Jan 2024 09:49:50 +0100
Subject: [PATCH 03/15] Rubocop fixes

---
 lib/rspec/openapi/schema_cleaner.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/rspec/openapi/schema_cleaner.rb b/lib/rspec/openapi/schema_cleaner.rb
index ff35a003..5e6074aa 100644
--- a/lib/rspec/openapi/schema_cleaner.rb
+++ b/lib/rspec/openapi/schema_cleaner.rb
@@ -47,7 +47,7 @@ def cleanup_conflicting_security_parameters!(base)
       parent = base.dig(*path.take(path.length - 1))
 
       security_schemes_for_parent = security_schemes.select do |security_scheme_name, _security_scheme|
-        parent.dig('security', 0)&.keys&.include?(security_scheme_name)
+        parent.dig('security', 0).keys.include?(security_scheme_name)
       end
 
       security_schemes_for_parent.each_value do |security_scheme|

From 44f6675fab057a016fc56cdc20d050c6f82d6c4c Mon Sep 17 00:00:00 2001
From: Patryk Ptasinski <patryk@ipepe.pl>
Date: Mon, 8 Jan 2024 10:22:07 +0100
Subject: [PATCH 04/15] Add SecretKey securityScheme test to
 spec/requests/rails_spec.rb

---
 .../controllers/secret_items_controller.rb    | 15 +++++++++++++
 spec/rails/config/routes.rb                   |  2 ++
 spec/requests/rails_spec.rb                   | 21 +++++++++++++++++++
 3 files changed, 38 insertions(+)
 create mode 100644 spec/rails/app/controllers/secret_items_controller.rb

diff --git a/spec/rails/app/controllers/secret_items_controller.rb b/spec/rails/app/controllers/secret_items_controller.rb
new file mode 100644
index 00000000..ede18b24
--- /dev/null
+++ b/spec/rails/app/controllers/secret_items_controller.rb
@@ -0,0 +1,15 @@
+class SecretItemsController < ApplicationController
+  before_action :authenticate_api_key!
+
+  def index
+    render json: { items: ['secrets'] }
+  end
+
+  private
+
+  def authenticate_api_key!
+    if request.env['Secret-Key'] != '42'
+      head :unauthorized
+    end
+  end
+end
\ No newline at end of file
diff --git a/spec/rails/config/routes.rb b/spec/rails/config/routes.rb
index 24e09746..0a7573a3 100644
--- a/spec/rails/config/routes.rb
+++ b/spec/rails/config/routes.rb
@@ -18,5 +18,7 @@
     end
 
     get '/test_block' => ->(_env) { [200, { 'Content-Type' => 'text/plain' }, ['A TEST']] }
+
+    get '/secret_items' => 'secret_items#index'
   end
 end
diff --git a/spec/requests/rails_spec.rb b/spec/requests/rails_spec.rb
index 454a5c98..10998d5f 100644
--- a/spec/requests/rails_spec.rb
+++ b/spec/requests/rails_spec.rb
@@ -26,6 +26,14 @@
   },
 }
 
+RSpec::OpenAPI.security_schemes = {
+  SecretApiKeyAuth: {
+    type: 'apiKey',
+    in: 'header',
+    name: 'Secret-Key',
+  },
+}
+
 RSpec.describe 'Tables', type: :request do
   describe '#index' do
     context it 'returns a list of tables' do
@@ -198,6 +206,19 @@
   end
 end
 
+RSpec.describe 'SecretKey securityScheme',
+               type: :request,
+               openapi: { security: [{ 'SecretApiKeyAuth' => [] }] } do
+  describe '#secret_items' do
+    it 'authorizes with secret key' do
+      get '/secret_items',
+          headers: {
+            'Secret-Key' => '42'
+          }
+    end
+  end
+end
+
 RSpec.describe 'Extra routes', type: :request do
   describe '#test_block' do
     it 'returns the block content' do

From 875766888908f362fba6fec51f74030e585fd8b2 Mon Sep 17 00:00:00 2001
From: Patryk Ptasinski <patryk@ipepe.pl>
Date: Mon, 8 Jan 2024 10:23:14 +0100
Subject: [PATCH 05/15] Rubocop fixes

---
 spec/requests/rails_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/requests/rails_spec.rb b/spec/requests/rails_spec.rb
index 10998d5f..229ac9a2 100644
--- a/spec/requests/rails_spec.rb
+++ b/spec/requests/rails_spec.rb
@@ -213,7 +213,7 @@
     it 'authorizes with secret key' do
       get '/secret_items',
           headers: {
-            'Secret-Key' => '42'
+            'Secret-Key' => '42',
           }
     end
   end

From 691b80c7d6225fc434f2430ba050ec0371e19d34 Mon Sep 17 00:00:00 2001
From: Patryk Ptasinski <patryk@ipepe.pl>
Date: Mon, 8 Jan 2024 10:24:47 +0100
Subject: [PATCH 06/15] Fix paths without parameters

---
 lib/rspec/openapi/schema_cleaner.rb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/lib/rspec/openapi/schema_cleaner.rb b/lib/rspec/openapi/schema_cleaner.rb
index 5e6074aa..dba68e24 100644
--- a/lib/rspec/openapi/schema_cleaner.rb
+++ b/lib/rspec/openapi/schema_cleaner.rb
@@ -51,6 +51,8 @@ def cleanup_conflicting_security_parameters!(base)
       end
 
       security_schemes_for_parent.each_value do |security_scheme|
+        next unless parent['parameters']
+
         parent['parameters'].reject! do |parameter|
           parameter['in'] == security_scheme['in'] && # same location (ie. header)
             parameter['name'] == security_scheme['name'] # same name (ie. AUTHORIZATION)

From 767c86ce57f4f93b4948a65478793c4941d7918d Mon Sep 17 00:00:00 2001
From: Patryk Ptasinski <patryk@ipepe.pl>
Date: Mon, 8 Jan 2024 10:30:42 +0100
Subject: [PATCH 07/15] Update spec/rails/doc/openapi.yaml

---
 spec/rails/doc/openapi.yaml | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/spec/rails/doc/openapi.yaml b/spec/rails/doc/openapi.yaml
index 3ce829bb..deb3afd0 100644
--- a/spec/rails/doc/openapi.yaml
+++ b/spec/rails/doc/openapi.yaml
@@ -211,6 +211,21 @@ paths:
               schema:
                 type: string
               example: ANOTHER TEST
+  "/secret_items":
+    get:
+      summary: "index",
+      tags:
+        - "SecretItem"
+      security:
+        - SecretApiKeyAuth: []
+      responses:
+        401:
+          description: "authorizes with secret key",
+          content:
+            text/html:
+              schema:
+                type: "string"
+              example: ""
   "/tables":
     get:
       summary: index
@@ -678,3 +693,9 @@ paths:
               schema:
                 type: string
               example: A TEST
+components:
+  securitySchemes:
+    SecretApiKeyAuth:
+      type: apiKey
+      in: header
+      name: Secret-Key
\ No newline at end of file

From ac506cbb58dde7674d47a5def9f6aa5e1b3a55fc Mon Sep 17 00:00:00 2001
From: Patryk Ptasinski <patryk@ipepe.pl>
Date: Mon, 8 Jan 2024 10:38:44 +0100
Subject: [PATCH 08/15] Update spec/rails/doc/openapi.json

---
 spec/rails/doc/openapi.json | 35 +++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)

diff --git a/spec/rails/doc/openapi.json b/spec/rails/doc/openapi.json
index 6c74db16..852e6e81 100644
--- a/spec/rails/doc/openapi.json
+++ b/spec/rails/doc/openapi.json
@@ -341,6 +341,32 @@
         }
       }
     },
+    "/secret_items": {
+      "get": {
+        "summary": "index",
+        "tags": [
+          "SecretItem"
+        ],
+        "security": [
+          {
+            "SecretApiKeyAuth": []
+          }
+        ],
+        "responses": {
+          "401": {
+            "description": "authorizes with secret key",
+            "content": {
+              "text/html": {
+                "schema": {
+                  "type": "string"
+                },
+                "example": ""
+              }
+            }
+          }
+        }
+      }
+    },
     "/tables": {
       "get": {
         "summary": "index",
@@ -1035,5 +1061,14 @@
         }
       }
     }
+  },
+  "components": {
+    "securitySchemes": {
+      "SecretApiKeyAuth": {
+        "type": "apiKey",
+         "in": "header",
+         "name": "Secret-Key"
+      }
+    }
   }
 }
\ No newline at end of file

From b0b5ea7533e8f6573d644e5aa06ca41171b4c32d Mon Sep 17 00:00:00 2001
From: Patryk Ptasinski <patryk@ipepe.pl>
Date: Mon, 8 Jan 2024 11:27:57 +0100
Subject: [PATCH 09/15] Rubocop fixes

---
 lib/rspec/openapi/schema_cleaner.rb | 33 +++++++++++++++++------------
 1 file changed, 20 insertions(+), 13 deletions(-)

diff --git a/lib/rspec/openapi/schema_cleaner.rb b/lib/rspec/openapi/schema_cleaner.rb
index dba68e24..a95d0161 100644
--- a/lib/rspec/openapi/schema_cleaner.rb
+++ b/lib/rspec/openapi/schema_cleaner.rb
@@ -41,23 +41,18 @@ def cleanup!(base, spec)
 
   def cleanup_conflicting_security_parameters!(base)
     security_schemes = base.dig('components', 'securitySchemes') || {}
-    paths_to_parameters = RSpec::OpenAPI::HashHelper.matched_paths_deeply_nested(base, 'paths', 'security')
 
-    paths_to_parameters.each do |path|
-      parent = base.dig(*path.take(path.length - 1))
+    return if security_schemes.empty?
 
-      security_schemes_for_parent = security_schemes.select do |security_scheme_name, _security_scheme|
-        parent.dig('security', 0).keys.include?(security_scheme_name)
-      end
+    paths_to_security_definitions = RSpec::OpenAPI::HashHelper.matched_paths_deeply_nested(base, 'paths', 'security')
 
-      security_schemes_for_parent.each_value do |security_scheme|
-        next unless parent['parameters']
+    paths_to_security_definitions.each do |path|
+      parent_path_definition = base.dig(*path.take(path.length - 1))
 
-        parent['parameters'].reject! do |parameter|
-          parameter['in'] == security_scheme['in'] && # same location (ie. header)
-            parameter['name'] == security_scheme['name'] # same name (ie. AUTHORIZATION)
-        end
-        parent.delete('parameters') if parent['parameters'].empty?
+      security_schemes.each do |security_scheme_name, security_scheme|
+        remove_parameters_conflicting_with_security_sceheme!(
+          parent_path_definition, security_scheme, security_scheme_name,
+        )
       end
     end
   end
@@ -76,6 +71,18 @@ def cleanup_empty_required_array!(base)
 
   private
 
+  def remove_parameters_conflicting_with_security_sceheme!(path_definition, security_scheme, security_scheme_name)
+    return unless path_definition['security']
+    return unless path_definition['parameters']
+    return unless path_definition.dig('security', 0).keys.include?(security_scheme_name)
+
+    path_definition['parameters'].reject! do |parameter|
+      parameter['in'] == security_scheme['in'] && # same location (ie. header)
+        parameter['name'] == security_scheme['name'] # same name (ie. AUTHORIZATION)
+    end
+    path_definition.delete('parameters') if path_definition['parameters'].empty?
+  end
+
   def cleanup_array!(base, spec, selector, fields_for_identity = [])
     marshal = lambda do |obj|
       Marshal.dump(slice(obj, fields_for_identity))

From 7d30ff7c968ff3caba9e3e6a66001393bd2b4f38 Mon Sep 17 00:00:00 2001
From: Patryk Ptasinski <patryk@ipepe.pl>
Date: Mon, 8 Jan 2024 21:43:04 +0100
Subject: [PATCH 10/15] Debug json generation

---
 spec/rspec/rails_spec.rb | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/spec/rspec/rails_spec.rb b/spec/rspec/rails_spec.rb
index 8d2be98b..562f3e16 100644
--- a/spec/rspec/rails_spec.rb
+++ b/spec/rspec/rails_spec.rb
@@ -27,10 +27,10 @@
     end
 
     it 'generates the same spec/rails/doc/openapi.json' do
-      org_yaml = JSON.parse(File.read(openapi_path))
+      org_json = JSON.parse(File.read(openapi_path))
       rspec 'spec/requests/rails_spec.rb', openapi: true, output: :json
-      new_yaml = JSON.parse(File.read(openapi_path))
-      expect(new_yaml).to eq org_yaml
+      new_json = JSON.parse(File.read(openapi_path).tap {|j| puts j; puts j.inspect })
+      expect(new_json).to eq org_json
     end
   end
 

From 3cd5fa622f7448dcb302cf5e4a461d667553fe64 Mon Sep 17 00:00:00 2001
From: Patryk Ptasinski <patryk@ipepe.pl>
Date: Mon, 8 Jan 2024 21:45:40 +0100
Subject: [PATCH 11/15] Dont debug json

---
 spec/rails/doc/openapi.json | 4 ++--
 spec/rspec/rails_spec.rb    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/spec/rails/doc/openapi.json b/spec/rails/doc/openapi.json
index 852e6e81..fe1c7a15 100644
--- a/spec/rails/doc/openapi.json
+++ b/spec/rails/doc/openapi.json
@@ -1066,8 +1066,8 @@
     "securitySchemes": {
       "SecretApiKeyAuth": {
         "type": "apiKey",
-         "in": "header",
-         "name": "Secret-Key"
+        "in": "header",
+        "name": "Secret-Key"
       }
     }
   }
diff --git a/spec/rspec/rails_spec.rb b/spec/rspec/rails_spec.rb
index 562f3e16..7e310b64 100644
--- a/spec/rspec/rails_spec.rb
+++ b/spec/rspec/rails_spec.rb
@@ -29,7 +29,7 @@
     it 'generates the same spec/rails/doc/openapi.json' do
       org_json = JSON.parse(File.read(openapi_path))
       rspec 'spec/requests/rails_spec.rb', openapi: true, output: :json
-      new_json = JSON.parse(File.read(openapi_path).tap {|j| puts j; puts j.inspect })
+      new_json = JSON.parse(File.read(openapi_path))
       expect(new_json).to eq org_json
     end
   end

From b70f931fbb6eb53257e6edd7a8ee3b385c169c78 Mon Sep 17 00:00:00 2001
From: Patryk Ptasinski <patryk@ipepe.pl>
Date: Mon, 8 Jan 2024 21:56:32 +0100
Subject: [PATCH 12/15] Add newlines

---
 spec/rails/app/controllers/secret_items_controller.rb | 2 +-
 spec/rails/doc/openapi.json                           | 2 +-
 spec/rails/doc/openapi.yaml                           | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/spec/rails/app/controllers/secret_items_controller.rb b/spec/rails/app/controllers/secret_items_controller.rb
index ede18b24..68bdc870 100644
--- a/spec/rails/app/controllers/secret_items_controller.rb
+++ b/spec/rails/app/controllers/secret_items_controller.rb
@@ -12,4 +12,4 @@ def authenticate_api_key!
       head :unauthorized
     end
   end
-end
\ No newline at end of file
+end
diff --git a/spec/rails/doc/openapi.json b/spec/rails/doc/openapi.json
index fe1c7a15..1d1394e5 100644
--- a/spec/rails/doc/openapi.json
+++ b/spec/rails/doc/openapi.json
@@ -1071,4 +1071,4 @@
       }
     }
   }
-}
\ No newline at end of file
+}
diff --git a/spec/rails/doc/openapi.yaml b/spec/rails/doc/openapi.yaml
index deb3afd0..1d6156c1 100644
--- a/spec/rails/doc/openapi.yaml
+++ b/spec/rails/doc/openapi.yaml
@@ -698,4 +698,4 @@ components:
     SecretApiKeyAuth:
       type: apiKey
       in: header
-      name: Secret-Key
\ No newline at end of file
+      name: Secret-Key

From 294f057546db2051a030f76a5604236f0a4796cd Mon Sep 17 00:00:00 2001
From: Patryk Ptasinski <patryk@ipepe.pl>
Date: Mon, 8 Jan 2024 22:21:36 +0100
Subject: [PATCH 13/15] RSpec generated documentations

---
 lib/rspec/openapi/result_recorder.rb |  2 +-
 spec/rails/doc/openapi.json          |  6 ++++--
 spec/rails/doc/openapi.yaml          | 14 +++++++-------
 3 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/lib/rspec/openapi/result_recorder.rb b/lib/rspec/openapi/result_recorder.rb
index 45f641ab..0371b0bb 100644
--- a/lib/rspec/openapi/result_recorder.rb
+++ b/lib/rspec/openapi/result_recorder.rb
@@ -29,10 +29,10 @@ def record_results!
         rescue StandardError, NotImplementedError => e # e.g. SchemaBuilder raises a NotImplementedError
           @error_records[e] = record # Avoid failing the build
         end
+        RSpec::OpenAPI::SchemaCleaner.cleanup_conflicting_security_parameters!(spec)
         RSpec::OpenAPI::SchemaCleaner.cleanup!(spec, new_from_zero)
         RSpec::OpenAPI::ComponentsUpdater.update!(spec, new_from_zero)
         RSpec::OpenAPI::SchemaCleaner.cleanup_empty_required_array!(spec)
-        RSpec::OpenAPI::SchemaCleaner.cleanup_conflicting_security_parameters!(spec)
         RSpec::OpenAPI::SchemaSorter.deep_sort!(spec)
       end
     end
diff --git a/spec/rails/doc/openapi.json b/spec/rails/doc/openapi.json
index 1d1394e5..9a61abf8 100644
--- a/spec/rails/doc/openapi.json
+++ b/spec/rails/doc/openapi.json
@@ -349,7 +349,9 @@
         ],
         "security": [
           {
-            "SecretApiKeyAuth": []
+            "SecretApiKeyAuth": [
+
+            ]
           }
         ],
         "responses": {
@@ -1071,4 +1073,4 @@
       }
     }
   }
-}
+}
\ No newline at end of file
diff --git a/spec/rails/doc/openapi.yaml b/spec/rails/doc/openapi.yaml
index 1d6156c1..4de02bdc 100644
--- a/spec/rails/doc/openapi.yaml
+++ b/spec/rails/doc/openapi.yaml
@@ -213,19 +213,19 @@ paths:
               example: ANOTHER TEST
   "/secret_items":
     get:
-      summary: "index",
+      summary: index
       tags:
-        - "SecretItem"
+      - SecretItem
       security:
-        - SecretApiKeyAuth: []
+      - SecretApiKeyAuth: []
       responses:
-        401:
-          description: "authorizes with secret key",
+        '401':
+          description: authorizes with secret key
           content:
             text/html:
               schema:
-                type: "string"
-              example: ""
+                type: string
+              example: ''
   "/tables":
     get:
       summary: index

From 8265406004619afdb0315945bd968d352d80837f Mon Sep 17 00:00:00 2001
From: Patryk Ptasinski <patryk@ipepe.pl>
Date: Mon, 8 Jan 2024 22:34:21 +0100
Subject: [PATCH 14/15] Fix tests

---
 spec/integration_tests/rails_test.rb          | 20 ++++++++++++++
 .../controllers/secret_items_controller.rb    | 10 -------
 spec/rails/doc/openapi.json                   | 26 +++++++++++++++++++
 spec/rails/doc/openapi.yaml                   | 16 ++++++++++++
 spec/requests/rails_spec.rb                   |  1 +
 5 files changed, 63 insertions(+), 10 deletions(-)

diff --git a/spec/integration_tests/rails_test.rb b/spec/integration_tests/rails_test.rb
index 7c4b34b0..8cce8dc3 100644
--- a/spec/integration_tests/rails_test.rb
+++ b/spec/integration_tests/rails_test.rb
@@ -25,6 +25,13 @@
     url: 'https://www.apache.org/licenses/LICENSE-2.0.html',
   },
 }
+RSpec::OpenAPI.security_schemes = {
+  SecretApiKeyAuth: {
+    type: 'apiKey',
+    in: 'header',
+    name: 'Secret-Key',
+  },
+}
 
 class TablesIndexTest < ActionDispatch::IntegrationTest
   i_suck_and_my_tests_are_order_dependent!
@@ -196,6 +203,19 @@ class ImageTest < ActionDispatch::IntegrationTest
   end
 end
 
+class SecretKeyTest < ActionDispatch::IntegrationTest
+  i_suck_and_my_tests_are_order_dependent!
+  openapi!
+
+  test 'authorizes with secret key' do
+    get '/secret_items',
+        headers: {
+          'Secret-Key' => '42',
+        }
+    assert_response 200
+  end
+end
+
 class ExtraRoutesTest < ActionDispatch::IntegrationTest
   i_suck_and_my_tests_are_order_dependent!
   openapi!
diff --git a/spec/rails/app/controllers/secret_items_controller.rb b/spec/rails/app/controllers/secret_items_controller.rb
index 68bdc870..229229d9 100644
--- a/spec/rails/app/controllers/secret_items_controller.rb
+++ b/spec/rails/app/controllers/secret_items_controller.rb
@@ -1,15 +1,5 @@
 class SecretItemsController < ApplicationController
-  before_action :authenticate_api_key!
-
   def index
     render json: { items: ['secrets'] }
   end
-
-  private
-
-  def authenticate_api_key!
-    if request.env['Secret-Key'] != '42'
-      head :unauthorized
-    end
-  end
 end
diff --git a/spec/rails/doc/openapi.json b/spec/rails/doc/openapi.json
index 9a61abf8..2ad78cdb 100644
--- a/spec/rails/doc/openapi.json
+++ b/spec/rails/doc/openapi.json
@@ -355,6 +355,32 @@
           }
         ],
         "responses": {
+          "200": {
+            "description": "authorizes with secret key",
+            "content": {
+              "application/json": {
+                "schema": {
+                  "type": "object",
+                  "properties": {
+                    "items": {
+                      "type": "array",
+                      "items": {
+                        "type": "string"
+                      }
+                    }
+                  },
+                  "required": [
+                    "items"
+                  ]
+                },
+                "example": {
+                  "items": [
+                    "secrets"
+                  ]
+                }
+              }
+            }
+          },
           "401": {
             "description": "authorizes with secret key",
             "content": {
diff --git a/spec/rails/doc/openapi.yaml b/spec/rails/doc/openapi.yaml
index 4de02bdc..c1be9e5a 100644
--- a/spec/rails/doc/openapi.yaml
+++ b/spec/rails/doc/openapi.yaml
@@ -219,6 +219,22 @@ paths:
       security:
       - SecretApiKeyAuth: []
       responses:
+        '200':
+          description: authorizes with secret key
+          content:
+            application/json:
+              schema:
+                type: object
+                properties:
+                  items:
+                    type: array
+                    items:
+                      type: string
+                required:
+                - items
+              example:
+                items:
+                - secrets
         '401':
           description: authorizes with secret key
           content:
diff --git a/spec/requests/rails_spec.rb b/spec/requests/rails_spec.rb
index 229ac9a2..a098443f 100644
--- a/spec/requests/rails_spec.rb
+++ b/spec/requests/rails_spec.rb
@@ -215,6 +215,7 @@
           headers: {
             'Secret-Key' => '42',
           }
+      expect(response.status).to eq(200)
     end
   end
 end

From 618e5e4ac129a567282e83dc973063c344f430df Mon Sep 17 00:00:00 2001
From: Patryk Ptasinski <patryk@ipepe.pl>
Date: Mon, 8 Jan 2024 22:52:32 +0100
Subject: [PATCH 15/15] Fix tests by better reproduction of variables

---
 spec/requests/rails_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/requests/rails_spec.rb b/spec/requests/rails_spec.rb
index a098443f..9b45971d 100644
--- a/spec/requests/rails_spec.rb
+++ b/spec/requests/rails_spec.rb
@@ -8,7 +8,7 @@
 require 'rspec/rails'
 
 RSpec::OpenAPI.title = 'OpenAPI Documentation'
-RSpec::OpenAPI.request_headers = %w[X-Authorization-Token]
+RSpec::OpenAPI.request_headers = %w[X-Authorization-Token Secret-Key]
 RSpec::OpenAPI.response_headers = %w[X-Cursor]
 RSpec::OpenAPI.path = File.expand_path("../rails/doc/openapi.#{ENV.fetch('OPENAPI_OUTPUT', nil)}", __dir__)
 RSpec::OpenAPI.comment = <<~COMMENT