exoego · exoego · Jan 9, 2024 · Jan 8, 2024 · Jan 8, 2024 · Jan 8, 2024
diff --git a/lib/rspec/openapi/result_recorder.rb b/lib/rspec/openapi/result_recorder.rb
@@ -12,7 +12,7 @@ def record_results!
       config_file = File.join(File.dirname(path), RSpec::OpenAPI.config_filename)
       begin
         require config_file if File.exist?(config_file)
-      rescue => e
+      rescue StandardError => e
         puts "WARNING: Unable to load #{config_file}: #{e}"
       end
 
@@ -32,6 +32,7 @@ def record_results!
         RSpec::OpenAPI::SchemaCleaner.cleanup!(spec, new_from_zero)
         RSpec::OpenAPI::ComponentsUpdater.update!(spec, new_from_zero)
         RSpec::OpenAPI::SchemaCleaner.cleanup_empty_required_array!(spec)
+        RSpec::OpenAPI::SchemaCleaner.cleanup_conflicting_security_parameters!(spec)
         RSpec::OpenAPI::SchemaSorter.deep_sort!(spec)
       end
     end

diff --git a/lib/rspec/openapi/schema_cleaner.rb b/lib/rspec/openapi/schema_cleaner.rb
@@ -39,6 +39,29 @@
     base
   end
 
+  def cleanup_conflicting_security_parameters!(base)
+    security_schemes = base.dig('components', 'securitySchemes') || {}
+    paths_to_parameters = RSpec::OpenAPI::HashHelper.matched_paths_deeply_nested(base, 'paths', 'security')
+
+    paths_to_parameters.each do |path|
+      parent = base.dig(*path.take(path.length - 1))
+
+      security_schemes_for_parent = security_schemes.select do |security_scheme_name, _security_scheme|
+        parent.dig('security', 0).keys.include?(security_scheme_name)
+      end
+
+      security_schemes_for_parent.each_value do |security_scheme|
+        next unless parent['parameters']
+
+        parent['parameters'].reject! do |parameter|
+          parameter['in'] == security_scheme['in'] && # same location (ie. header)
+            parameter['name'] == security_scheme['name'] # same name (ie. AUTHORIZATION)
+        end
+        parent.delete('parameters') if parent['parameters'].empty?
+      end
+    end
+  end
+
   def cleanup_empty_required_array!(base)
     paths_to_objects = [
       *RSpec::OpenAPI::HashHelper.matched_paths_deeply_nested(base, 'components.schemas', 'properties'),

diff --git a/spec/rails/app/controllers/secret_items_controller.rb b/spec/rails/app/controllers/secret_items_controller.rb
@@ -0,0 +1,15 @@
+class SecretItemsController < ApplicationController
+  before_action :authenticate_api_key!
+
+  def index
+    render json: { items: ['secrets'] }
+  end
+
+  private
+
+  def authenticate_api_key!
+    if request.env['Secret-Key'] != '42'
+      head :unauthorized
+    end
+  end
+end
diff --git a/spec/rails/config/routes.rb b/spec/rails/config/routes.rb
@@ -18,5 +18,7 @@
     end
 
     get '/test_block' => ->(_env) { [200, { 'Content-Type' => 'text/plain' }, ['A TEST']] }
+
+    get '/secret_items' => 'secret_items#index'
   end
 end
diff --git a/spec/requests/rails_spec.rb b/spec/requests/rails_spec.rb
@@ -26,6 +26,14 @@
   },
 }
 
+RSpec::OpenAPI.security_schemes = {
+  SecretApiKeyAuth: {
+    type: 'apiKey',
+    in: 'header',
+    name: 'Secret-Key',
+  },
+}
+
 RSpec.describe 'Tables', type: :request do
   describe '#index' do
     context it 'returns a list of tables' do
@@ -198,6 +206,19 @@
   end
 end
 
+RSpec.describe 'SecretKey securityScheme',
+               type: :request,
+               openapi: { security: [{ 'SecretApiKeyAuth' => [] }] } do
+  describe '#secret_items' do
+    it 'authorizes with secret key' do
+      get '/secret_items',
+          headers: {
+            'Secret-Key' => '42',
+          }
+    end
+  end
+end
+
 RSpec.describe 'Extra routes', type: :request do
   describe '#test_block' do
     it 'returns the block content' do