fix(openapi): hide auth header when set in securityScheme (#769)

Author: aheckmann

examples/options.js

@@ -52,11 +52,16 @@ const openapiOption = {
           type: 'apiKey',
           name: 'apiKey',
           in: 'header'
+        },
+        bearerAuth: {
+          type: 'http',
+          scheme: 'bearer'
         }
       }
     },
     security: [{
-      apiKey: []
+      apiKey: [],
+      bearerAuth: []
     }],
     externalDocs: {
       description: 'Find more info here',

lib/spec/openapi/utils.js

@@ -373,7 +373,10 @@ function prepareOpenapiMethod (schema, ref, openapiObject, url) {
   ]
     .reduce((acc, securitySchemeGroup) => {
       Object.keys(securitySchemeGroup).forEach((securitySchemeLabel) => {
-        const { name, in: category } = openapiObject.components.securitySchemes[securitySchemeLabel]
+        const scheme = openapiObject.components.securitySchemes[securitySchemeLabel]
+        const isBearer = scheme.type === 'http' && scheme.scheme === 'bearer'
+        const category = isBearer ? 'header' : scheme.in
+        const name = isBearer ? 'authorization' : scheme.name
         if (!acc[category]) {
           acc[category] = []
         }

test/spec/openapi/route.js

@@ -647,6 +647,10 @@ test('security headers ignored when declared in security and securityScheme', as
             type: 'string',
             description: 'api token'
           },
+          bearerAuth: {
+            type: 'string',
+            description: 'authorization bearer'
+          },
           id: {
             type: 'string',
             description: 'common field'