exoego · exoego · Jan 9, 2024 · Jan 8, 2024 · Jan 8, 2024 · Jan 8, 2024
diff --git a/lib/rspec/openapi/result_recorder.rb b/lib/rspec/openapi/result_recorder.rb
@@ -12,7 +12,7 @@ def record_results!
       config_file = File.join(File.dirname(path), RSpec::OpenAPI.config_filename)
       begin
         require config_file if File.exist?(config_file)
-      rescue => e
+      rescue StandardError => e
         puts "WARNING: Unable to load #{config_file}: #{e}"
       end
 
@@ -32,6 +32,7 @@ def record_results!
         RSpec::OpenAPI::SchemaCleaner.cleanup!(spec, new_from_zero)
         RSpec::OpenAPI::ComponentsUpdater.update!(spec, new_from_zero)
         RSpec::OpenAPI::SchemaCleaner.cleanup_empty_required_array!(spec)
+        RSpec::OpenAPI::SchemaCleaner.cleanup_conflicting_security_parameters!(spec)
         RSpec::OpenAPI::SchemaSorter.deep_sort!(spec)
       end
     end

diff --git a/lib/rspec/openapi/schema_cleaner.rb b/lib/rspec/openapi/schema_cleaner.rb
@@ -39,6 +39,24 @@ def cleanup!(base, spec)
     base
   end
 
+  def cleanup_conflicting_security_parameters!(base)
+    security_schemes = base.dig('components', 'securitySchemes') || {}
+
+    return if security_schemes.empty?
+
+    paths_to_security_definitions = RSpec::OpenAPI::HashHelper.matched_paths_deeply_nested(base, 'paths', 'security')
+
+    paths_to_security_definitions.each do |path|
+      parent_path_definition = base.dig(*path.take(path.length - 1))
+
+      security_schemes.each do |security_scheme_name, security_scheme|
+        remove_parameters_conflicting_with_security_sceheme!(
+          parent_path_definition, security_scheme, security_scheme_name,
+        )
+      end
+    end
+  end
+
   def cleanup_empty_required_array!(base)
     paths_to_objects = [
       *RSpec::OpenAPI::HashHelper.matched_paths_deeply_nested(base, 'components.schemas', 'properties'),
@@ -53,6 +71,18 @@ def cleanup_empty_required_array!(base)
 
   private
 
+  def remove_parameters_conflicting_with_security_sceheme!(path_definition, security_scheme, security_scheme_name)
+    return unless path_definition['security']
+    return unless path_definition['parameters']
+    return unless path_definition.dig('security', 0).keys.include?(security_scheme_name)
+
+    path_definition['parameters'].reject! do |parameter|
+      parameter['in'] == security_scheme['in'] && # same location (ie. header)
+        parameter['name'] == security_scheme['name'] # same name (ie. AUTHORIZATION)
+    end
+    path_definition.delete('parameters') if path_definition['parameters'].empty?
+  end
+
   def cleanup_array!(base, spec, selector, fields_for_identity = [])
     marshal = lambda do |obj|
       Marshal.dump(slice(obj, fields_for_identity))

diff --git a/spec/rails/app/controllers/secret_items_controller.rb b/spec/rails/app/controllers/secret_items_controller.rb
@@ -0,0 +1,15 @@
+class SecretItemsController < ApplicationController
+  before_action :authenticate_api_key!
+
+  def index
+    render json: { items: ['secrets'] }
+  end
+
+  private
+
+  def authenticate_api_key!
+    if request.env['Secret-Key'] != '42'
+      head :unauthorized
+    end
+  end
+end
diff --git a/spec/rails/config/routes.rb b/spec/rails/config/routes.rb
@@ -18,5 +18,7 @@
     end
 
     get '/test_block' => ->(_env) { [200, { 'Content-Type' => 'text/plain' }, ['A TEST']] }
+
+    get '/secret_items' => 'secret_items#index'
   end
 end
diff --git a/spec/rails/doc/openapi.json b/spec/rails/doc/openapi.json
@@ -341,6 +341,32 @@
         }
       }
     },
+    "/secret_items": {
+      "get": {
+        "summary": "index",
+        "tags": [
+          "SecretItem"
+        ],
+        "security": [
+          {
+            "SecretApiKeyAuth": []
+          }
+        ],
+        "responses": {
+          "401": {
+            "description": "authorizes with secret key",
+            "content": {
+              "text/html": {
+                "schema": {
+                  "type": "string"
+                },
+                "example": ""
+              }
+            }
+          }
+        }
+      }
+    },
     "/tables": {
       "get": {
         "summary": "index",
@@ -1035,5 +1061,14 @@
         }
       }
     }
+  },
+  "components": {
+    "securitySchemes": {
+      "SecretApiKeyAuth": {
+        "type": "apiKey",
+         "in": "header",
+         "name": "Secret-Key"
+      }
+    }
   }
 }
diff --git a/spec/rails/doc/openapi.yaml b/spec/rails/doc/openapi.yaml
@@ -211,6 +211,21 @@ paths:
               schema:
                 type: string
               example: ANOTHER TEST
+  "/secret_items":
+    get:
+      summary: "index",
+      tags:
+        - "SecretItem"
+      security:
+        - SecretApiKeyAuth: []
+      responses:
+        401:
+          description: "authorizes with secret key",
+          content:
+            text/html:
+              schema:
+                type: "string"
+              example: ""
   "/tables":
     get:
       summary: index
@@ -678,3 +693,9 @@ paths:
               schema:
                 type: string
               example: A TEST
+components:
+  securitySchemes:
+    SecretApiKeyAuth:
+      type: apiKey
+      in: header
+      name: Secret-Key
diff --git a/spec/requests/rails_spec.rb b/spec/requests/rails_spec.rb
@@ -26,6 +26,14 @@
   },
 }
 
+RSpec::OpenAPI.security_schemes = {
+  SecretApiKeyAuth: {
+    type: 'apiKey',
+    in: 'header',
+    name: 'Secret-Key',
+  },
+}
+
 RSpec.describe 'Tables', type: :request do
   describe '#index' do
     context it 'returns a list of tables' do
@@ -198,6 +206,19 @@
   end
 end
 
+RSpec.describe 'SecretKey securityScheme',
+               type: :request,
+               openapi: { security: [{ 'SecretApiKeyAuth' => [] }] } do
+  describe '#secret_items' do
+    it 'authorizes with secret key' do
+      get '/secret_items',
+          headers: {
+            'Secret-Key' => '42',
+          }
+    end
+  end
+end
+
 RSpec.describe 'Extra routes', type: :request do
   describe '#test_block' do
     it 'returns the block content' do

diff --git a/spec/rspec/rails_spec.rb b/spec/rspec/rails_spec.rb
@@ -27,10 +27,10 @@
     end
 
     it 'generates the same spec/rails/doc/openapi.json' do
-      org_yaml = JSON.parse(File.read(openapi_path))
+      org_json = JSON.parse(File.read(openapi_path))
       rspec 'spec/requests/rails_spec.rb', openapi: true, output: :json
-      new_yaml = JSON.parse(File.read(openapi_path))
-      expect(new_yaml).to eq org_yaml
+      new_json = JSON.parse(File.read(openapi_path).tap {|j| puts j; puts j.inspect })
+      expect(new_json).to eq org_json
     end
   end