fix(execute): append new cookies to existing instead of replacing

Author: char0n

src/execute/index.js

@@ -1,5 +1,5 @@
 import { identity } from 'ramda';
-import { isPlainObject } from 'ramda-adjunct';
+import { isPlainObject, isNonEmptyString } from 'ramda-adjunct';
 import {
   test as testServerURLTemplate,
   substitute as substituteServerURLTemplate,
@@ -309,7 +309,11 @@ export function buildRequest(options) {
       },
     });
 
-    req.headers.Cookie = cookieString;
+    if (isNonEmptyString(req.headers.Cookie)) {
+      req.headers.Cookie += `; ${cookieString}`;
+    } else {
+      req.headers.Cookie = cookieString;
+    }
   }
 
   if (req.cookies) {

test/oas3/execute/authorization.js

@@ -465,6 +465,54 @@ describe('Authorization - OpenAPI Specification 3.0', () => {
       });
     });
     test('should add apiKey credentials as a cookie', () => {
+      const spec = {
+        openapi: '3.0.0',
+        components: {
+          securitySchemes: {
+            myApiKey: {
+              type: 'apiKey',
+              name: 'MyApiKeyCookie',
+              in: 'cookie',
+            },
+          },
+        },
+        paths: {
+          '/': {
+            get: {
+              operationId: 'myOperation',
+              security: [
+                {
+                  myApiKey: [],
+                },
+              ],
+            },
+          },
+        },
+      };
+
+      // when
+      const req = buildRequest({
+        spec,
+        operationId: 'myOperation',
+        securities: {
+          authorized: {
+            myApiKey: {
+              value: 'MyToken',
+            },
+          },
+        },
+      });
+
+      expect(req).toEqual({
+        method: 'GET',
+        url: '/',
+        credentials: 'same-origin',
+        headers: {
+          Cookie: 'MyApiKeyCookie=MyToken',
+        },
+      });
+    });
+    test('should add multiple apiKey credentials as a cookie', () => {
       const spec = {
         openapi: '3.0.0',
         components: {
@@ -521,6 +569,68 @@ describe('Authorization - OpenAPI Specification 3.0', () => {
         },
       });
     });
+    test('should append apiKey credentials to a cookie', () => {
+      const spec = {
+        openapi: '3.0.0',
+        components: {
+          securitySchemes: {
+            myApiKey: {
+              type: 'apiKey',
+              name: 'MyApiKeyCookie',
+              in: 'cookie',
+            },
+          },
+        },
+        paths: {
+          '/': {
+            get: {
+              operationId: 'myOperation',
+              parameters: [
+                {
+                  name: 'id',
+                  in: 'cookie',
+                  style: 'form',
+                  explode: true,
+                },
+              ],
+              security: [
+                {
+                  myApiKey: [],
+                },
+              ],
+            },
+          },
+        },
+      };
+
+      // when
+      const req = buildRequest({
+        spec,
+        operationId: 'myOperation',
+        parameters: {
+          id: [1, 2, 3],
+        },
+        securities: {
+          authorized: {
+            myApiKey: {
+              value: 'MyToken',
+            },
+            myApiKey1: {
+              value: 'MyToken1',
+            },
+          },
+        },
+      });
+
+      expect(req).toEqual({
+        method: 'GET',
+        url: '/',
+        credentials: 'same-origin',
+        headers: {
+          Cookie: 'id=1&id=2&id=3; MyApiKeyCookie=MyToken',
+        },
+      });
+    });
     test('should not add credentials if operation does not call for security', () => {
       const spec = {
         openapi: '3.0.0',