Merge pull request #1380 from xhh/java-global-security

Apply global security to operations when necessary

Author: wing328

modules/swagger-codegen/src/main/java/io/swagger/codegen/DefaultGenerator.java

@@ -12,6 +12,7 @@
 import io.swagger.models.Model;
 import io.swagger.models.Operation;
 import io.swagger.models.Path;
+import io.swagger.models.SecurityRequirement;
 import io.swagger.models.Swagger;
 import io.swagger.models.auth.OAuth2Definition;
 import io.swagger.models.auth.SecuritySchemeDefinition;
@@ -476,16 +477,25 @@ public void processOperation(String resourcePath, String httpMethod, Operation o
                     config.addOperationToGroup(sanitizeTag(tag), resourcePath, operation, co, operations);
 
                     List<Map<String, List<String>>> securities = operation.getSecurity();
-                    if (securities == null) {
+                    if (securities == null && swagger.getSecurity() != null) {
+                        securities = new ArrayList<Map<String, List<String>>>();
+                        for (SecurityRequirement sr : swagger.getSecurity()) {
+                            securities.add(sr.getRequirements());
+                        }
+                    }
+                    if (securities == null || securities.isEmpty()) {
                         continue;
                     }
                     Map<String, SecuritySchemeDefinition> authMethods = new HashMap<String, SecuritySchemeDefinition>();
-                    for (Map<String, List<String>> security : securities) {
-                        if (security.size() != 1) {
-                            //Not sure what to do
-                            continue;
-                        }
-                        String securityName = security.keySet().iterator().next();
+                    // NOTE: Use only the first security requirement for now.
+                    // See the "security" field of "Swagger Object":
+                    //  https://github.com/swagger-api/swagger-spec/blob/master/versions/2.0.md#swagger-object
+                    //  "there is a logical OR between the security requirements"
+                    if (securities.size() > 1) {
+                        LOGGER.warn("More than 1 security requirements are found, using only the first one");
+                    }
+                    Map<String, List<String>> security = securities.get(0);
+                    for (String securityName : security.keySet()) {
                         SecuritySchemeDefinition securityDefinition = fromSecurity(securityName);
                         if (securityDefinition != null) {
                             if(securityDefinition instanceof OAuth2Definition) {
@@ -496,7 +506,7 @@ public void processOperation(String resourcePath, String httpMethod, Operation o
                                 oauth2Operation.setFlow(oauth2Definition.getFlow());
                                 oauth2Operation.setTokenUrl(oauth2Definition.getTokenUrl());
                                 oauth2Operation.setScopes(new HashMap<String, String>());
-                                for (String scope : security.values().iterator().next()) {
+                                for (String scope : security.get(securityName)) {
                                     if (oauth2Definition.getScopes().containsKey(scope)) {
                                         oauth2Operation.addScope(scope, oauth2Definition.getScopes().get(scope));
                                     }

modules/swagger-codegen/src/test/java/io/swagger/codegen/DefaultGeneratorTest.java

@@ -17,11 +17,14 @@
 import java.io.Writer;
 import java.nio.charset.StandardCharsets;
 import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
 
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.junit.Assert.fail;
 import static org.testng.Assert.assertEquals;
 import static org.testng.Assert.assertTrue;
+import static org.testng.Assert.assertNull;
 
 /**
  * Tests for DefaultGenerator logic
@@ -44,6 +47,102 @@ public void tearDown() throws Exception {
         folder.delete();
     }
 
+    @Test
+    public void testSecurityWithoutGlobal() throws Exception {
+        final Swagger swagger = new SwaggerParser().read("src/test/resources/2_0/petstore.json");
+        CodegenConfig codegenConfig = new JavaClientCodegen();
+
+        ClientOptInput clientOptInput = new ClientOptInput().opts(new ClientOpts()).swagger(swagger).config(codegenConfig);
+
+        DefaultGenerator gen = new DefaultGenerator();
+        gen.opts(clientOptInput);
+        Map<String, List<CodegenOperation>> paths = gen.processPaths(swagger.getPaths());
+
+        CodegenSecurity apiKey, petstoreAuth;
+
+        // security of "getPetById": api_key
+        CodegenOperation getPetById = findCodegenOperationByOperationId(paths, "getPetById");
+        assertEquals(getPetById.authMethods.size(), 1);
+        apiKey = getPetById.authMethods.iterator().next();
+        assertEquals(apiKey.name, "api_key");
+        assertEquals(apiKey.type, "apiKey");
+
+        // security of "updatePetWithForm": petstore_auth
+        CodegenOperation updatePetWithForm = findCodegenOperationByOperationId(paths, "updatePetWithForm");
+        assertEquals(updatePetWithForm.authMethods.size(), 1);
+        petstoreAuth = updatePetWithForm.authMethods.iterator().next();
+        assertEquals(petstoreAuth.name, "petstore_auth");
+        assertEquals(petstoreAuth.type, "oauth2");
+
+        // security of "loginUser": null (no global security either)
+        CodegenOperation loginUser = findCodegenOperationByOperationId(paths, "loginUser");
+        assertNull(loginUser.authMethods);
+    }
+
+    @Test
+    public void testSecurityWithGlobal() throws Exception {
+        final Swagger swagger = new SwaggerParser().read("src/test/resources/2_0/globalSecurity.json");
+        CodegenConfig codegenConfig = new JavaClientCodegen();
+
+        ClientOptInput clientOptInput = new ClientOptInput().opts(new ClientOpts()).swagger(swagger).config(codegenConfig);
+
+        DefaultGenerator gen = new DefaultGenerator();
+        gen.opts(clientOptInput);
+        Map<String, List<CodegenOperation>> paths = gen.processPaths(swagger.getPaths());
+
+        CodegenSecurity cs, apiKey, apiKey2, petstoreAuth;
+
+        // security of "getPetById": api_key
+        CodegenOperation getPetById = findCodegenOperationByOperationId(paths, "getPetById");
+        assertEquals(getPetById.authMethods.size(), 1);
+        apiKey = getPetById.authMethods.iterator().next();
+        assertEquals(apiKey.name, "api_key");
+        assertEquals(apiKey.type, "apiKey");
+
+        // security of "updatePetWithForm": petstore_auth
+        CodegenOperation updatePetWithForm = findCodegenOperationByOperationId(paths, "updatePetWithForm");
+        assertEquals(updatePetWithForm.authMethods.size(), 1);
+        petstoreAuth = updatePetWithForm.authMethods.iterator().next();
+        assertEquals(petstoreAuth.name, "petstore_auth");
+        assertEquals(petstoreAuth.type, "oauth2");
+
+        // security of "loginUser": api_key, petstore_auth (from global security)
+        CodegenOperation loginUser = findCodegenOperationByOperationId(paths, "loginUser");
+        assertEquals(loginUser.authMethods.size(), 2);
+        cs = loginUser.authMethods.get(0);
+        if ("api_key".equals(cs.name)) {
+            apiKey = cs;
+            petstoreAuth = loginUser.authMethods.get(1);
+        } else {
+            petstoreAuth = cs;
+            apiKey = loginUser.authMethods.get(1);
+        }
+        assertEquals(apiKey.name, "api_key");
+        assertEquals(apiKey.type, "apiKey");
+        assertEquals(petstoreAuth.name, "petstore_auth");
+        assertEquals(petstoreAuth.type, "oauth2");
+
+        // security of "logoutUser": null (override global security)
+        CodegenOperation logoutUser = findCodegenOperationByOperationId(paths, "logoutUser");
+        assertNull(logoutUser.authMethods);
+
+        // security of "getUserByName": api_key, api_key2 (override global security)
+        CodegenOperation getUserByName = findCodegenOperationByOperationId(paths, "getUserByName");
+        assertEquals(getUserByName.authMethods.size(), 2);
+        cs = getUserByName.authMethods.get(0);
+        if ("api_key".equals(cs.name)) {
+            apiKey = cs;
+            apiKey2 = getUserByName.authMethods.get(1);
+        } else {
+            apiKey2 = cs;
+            apiKey = getUserByName.authMethods.get(1);
+        }
+        assertEquals(apiKey.name, "api_key");
+        assertEquals(apiKey.type, "apiKey");
+        assertEquals(apiKey2.name, "api_key2");
+        assertEquals(apiKey2.type, "apiKey");
+    }
+
     @Test
     public void testSkipOverwrite() throws Exception {
         final File output = folder.getRoot();
@@ -89,4 +188,15 @@ private void changeContent(File file) throws IOException {
         out.close();
     }
 
+    private CodegenOperation findCodegenOperationByOperationId(Map<String, List<CodegenOperation>> paths, String operationId) {
+        for (List<CodegenOperation> ops : paths.values()) {
+            for (CodegenOperation co : ops) {
+                if (operationId.equals(co.operationId)) {
+                    return co;
+                }
+            }
+        }
+        return null;
+    }
+
 }