Fix #933 - Filter oauth security definitions from spec when generating

Signed-off-by: Ricardo Zanini <[email protected]>

Author: ricardozanini

client/deployment/src/main/java/io/quarkiverse/openapi/generator/deployment/template/OpenApiNamespaceResolver.java

@@ -2,11 +2,17 @@
 
 import java.io.File;
 import java.nio.file.Path;
+import java.util.ArrayList;
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.LinkedHashMap;
+import java.util.List;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.CompletionStage;
 import java.util.concurrent.ExecutionException;
+import java.util.stream.Collectors;
 
+import org.openapitools.codegen.CodegenSecurity;
 import org.openapitools.codegen.model.OperationMap;
 
 import io.quarkiverse.openapi.generator.deployment.codegen.OpenApiGeneratorOutputPaths;
@@ -58,6 +64,26 @@ public boolean hasAuthMethods(OperationMap operations) {
         return operations != null && operations.getOperation().stream().anyMatch(operation -> operation.hasAuthMethods);
     }
 
+    /**
+     * Ignore the OAuth flows by filtering every oauth instance by name. The inner openapi-generator library duplicates the
+     * OAuth instances per flow in the openapi spec.
+     * So a specification file with more than one flow defined has two entries in the list. For now, we do not use this
+     * information in runtime so it can be safely filtered and ignored.
+     *
+     * @param oauthOperations passed through the Qute template
+     * @see "resources/templates/libraries/microprofile/auth/compositeAuthenticationProvider.qute"
+     * @return The list filtered by unique auth name
+     */
+    public List<CodegenSecurity> getUniqueOAuthOperations(ArrayList<CodegenSecurity> oauthOperations) {
+        if (oauthOperations != null) {
+            return oauthOperations.stream()
+                    .collect(Collectors.toMap(security -> security.name, security -> security,
+                            (existing, replacement) -> existing, LinkedHashMap::new))
+                    .values().stream().toList();
+        }
+        return Collections.emptyList();
+    }
+
     @Override
     public CompletionStage<Object> resolve(EvalContext context) {
         try {

client/deployment/src/main/resources/templates/libraries/microprofile/auth/compositeAuthenticationProvider.qute

@@ -1,9 +1,11 @@
 package {apiPackage}.auth;
 
 @jakarta.annotation.Priority(jakarta.ws.rs.Priorities.AUTHENTICATION)
-{#for auth in oauthMethods.orEmpty}
-@io.quarkiverse.openapi.generator.markers.OauthAuthenticationMarker(name="{auth.name}", openApiSpecId="{configKey}")
+{#if oauthMethods.orEmpty.size > 0}
+{#for auth in openapi:getUniqueOAuthOperations(oauthMethods)}
+@io.quarkiverse.openapi.generator.markers.OauthAuthenticationMarker(name="{auth.name}", openApiSpecId="{quarkus-generator.openApiSpecId}")
 {/for}
+{/if}
 {#for auth in httpBasicMethods.orEmpty}
 @io.quarkiverse.openapi.generator.markers.BasicAuthenticationMarker(name="{auth.name}", openApiSpecId="{quarkus-generator.openApiSpecId}")
 {/for}

client/deployment/src/test/java/io/quarkiverse/openapi/generator/deployment/wrapper/OpenApiClientGeneratorWrapperTest.java

@@ -33,6 +33,8 @@
 import com.github.javaparser.ast.body.Parameter;
 import com.github.javaparser.ast.body.VariableDeclarator;
 import com.github.javaparser.ast.expr.AnnotationExpr;
+import com.github.javaparser.ast.expr.Expression;
+import com.github.javaparser.ast.expr.MemberValuePair;
 import com.github.javaparser.ast.expr.SimpleName;
 import com.github.javaparser.ast.expr.SingleMemberAnnotationExpr;
 import com.github.javaparser.ast.nodeTypes.NodeWithName;
@@ -50,6 +52,38 @@ private static Optional<MethodDeclaration> getMethodDeclarationByIdentifier(List
         return methodDeclarations.stream().filter(md -> md.getName().getIdentifier().equals(methodName)).findAny();
     }
 
+    @Test
+    void verifyOAuthDuplicateAnnotationOnCompositeAuthProvider() throws URISyntaxException, FileNotFoundException {
+        OpenApiClientGeneratorWrapper generatorWrapper = createGeneratorWrapper("issue-933-security.yaml");
+        final List<File> generatedFiles = generatorWrapper.generate("org.issue933");
+
+        assertNotNull(generatedFiles);
+        assertFalse(generatedFiles.isEmpty());
+
+        final Optional<File> authProviderFile = generatedFiles.stream()
+                .filter(f -> f.getName().endsWith("CompositeAuthenticationProvider.java")).findFirst();
+        assertThat(authProviderFile).isPresent();
+
+        CompilationUnit compilationUnit = StaticJavaParser.parse(authProviderFile.orElseThrow());
+        // Get the class declaration
+        ClassOrInterfaceDeclaration classDeclaration = compilationUnit.findFirst(ClassOrInterfaceDeclaration.class)
+                .orElseThrow(() -> new AssertionError("Class not found in the file"));
+
+        // Collect all OauthAuthenticationMarker annotations
+        long oauthAnnotationsCount = classDeclaration.getAnnotations().stream()
+                .filter(annotation -> annotation.getNameAsString()
+                        .equals("io.quarkiverse.openapi.generator.markers.OauthAuthenticationMarker"))
+                .filter(Expression::isNormalAnnotationExpr)
+                .filter(annotation -> annotation
+                        .findFirst(MemberValuePair.class,
+                                pair -> pair.getNameAsString().equals("name") && pair.getValue().toString().equals("\"oauth\""))
+                        .isPresent())
+                .count();
+
+        // Assert that there's exactly one annotation with name=oauth
+        assertThat(oauthAnnotationsCount).isEqualTo(1);
+    }
+
     @Test
     void verifyDiscriminatorGeneration() throws java.net.URISyntaxException, FileNotFoundException {
         OpenApiClientGeneratorWrapper generatorWrapper = createGeneratorWrapper("issue-852.json");

client/deployment/src/test/resources/openapi/issue-933-security.yaml

@@ -0,0 +1,67 @@
+#
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+#
+
+---
+openapi: 3.0.3
+info:
+  title: Generated API
+  version: "1.0"
+paths:
+  /:
+    post:
+      operationId: doOperation
+      security:
+        - client_id: [ ]
+        - oauth: [ read, write ]
+        - bearerAuth: [ ]
+      requestBody:
+        content:
+          application/json:
+            schema:
+              $ref: '#/components/schemas/MultiplicationOperation'
+      responses:
+        "200":
+          description: OK
+components:
+  schemas:
+    MultiplicationOperation:
+      type: object
+  securitySchemes:
+    client_id:
+      type: apiKey
+      in: header
+      name: X-Client-Id
+      x-key-type: clientId
+    bearerAuth:
+      type: http
+      scheme: bearer
+    oauth:
+      type: oauth2
+      flows:
+        authorizationCode:
+          authorizationUrl: https://example.com/oauth/authorize
+          tokenUrl: https://example.com/oauth/token
+          scopes:
+            read: Grants read access
+            write: Grants write access
+            admin: Grants read and write access to administrative information
+        clientCredentials:
+          tokenUrl: http://localhost:8382/oauth/token
+          scopes:
+            read: read