check AbpAllowAnonymousAttribute

Author: kinglionsoft

aspnet-core/src/AbpCompanyName.AbpProjectName.Web.Host/Startup/SecurityRequirementsOperationFilter.cs

@@ -10,18 +10,22 @@ public class SecurityRequirementsOperationFilter : IOperationFilter
     {
         public void Apply(Operation operation, OperationFilterContext context)
         {
-            var controllerAbpAuthorizeAttrs = context.ApiDescription.ControllerAttributes()
-                .OfType<AbpAuthorizeAttribute>();
+            var actionAttrs = context.ApiDescription.ActionAttributes();
+            if (actionAttrs.OfType<AbpAllowAnonymousAttribute>().Any())
+            {
+                return;
+            }
 
-            var actionAbpAuthorizeAtrrs = context.ApiDescription.ActionAttributes()
+            var actionAbpAuthorizeAttrs = actionAttrs.OfType<AbpAuthorizeAttribute>();
+            var controllerAbpAuthorizeAttrs = context.ApiDescription.ControllerAttributes()
                 .OfType<AbpAuthorizeAttribute>();
 
-            if (controllerAbpAuthorizeAttrs.Any() || actionAbpAuthorizeAtrrs.Any())
+            if (controllerAbpAuthorizeAttrs.Any() || actionAbpAuthorizeAttrs.Any())
             {
                 operation.Responses.Add("401", new Response { Description = "Unauthorized" });
                 operation.Responses.Add("403", new Response { Description = "Forbidden" });
 
-                var permissions = controllerAbpAuthorizeAttrs.Union(actionAbpAuthorizeAtrrs)
+                var permissions = controllerAbpAuthorizeAttrs.Union(actionAbpAuthorizeAttrs)
                     .SelectMany(p => p.Permissions)
                     .Distinct();