Merge branch 'master' into bug/opid-safe-access

shockey · web-flow · commit ada894fb2b93 · 2017-10-26T14:28:28.000-07:00
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "swagger-client",
-  "version": "3.2.2",
+  "version": "3.3.0",
   "description": "SwaggerJS - a collection of interfaces for OAI specs",
   "main": "dist/index.js",
   "repository": "git@github.com:swagger-api/swagger-js.git",
@@ -50,7 +50,7 @@
     "eslint-config-airbnb-base": "^11.1.1",
     "eslint-plugin-import": "^2.2.0",
     "expect": "^1.20.2",
-    "fetch-mock": "~5.12.0",
+    "fetch-mock": "^5.12.0",
     "glob": "^7.1.1",
     "json-loader": "^0.5.4",
     "license-checker": "^8.0.3",
@@ -63,6 +63,7 @@
   "dependencies": {
     "babel-runtime": "^6.23.0",
     "btoa": "1.1.2",
+    "cookie": "^0.3.1",
     "deep-extend": "^0.4.1",
     "fast-json-patch": "1.1.8",
     "isomorphic-fetch": "2.2.1",
diff --git a/src/execute/index.js b/src/execute/index.js
@@ -4,6 +4,7 @@ import isPlainObject from 'lodash/isPlainObject'
 import isArray from 'lodash/isArray'
 import btoa from 'btoa'
 import url from 'url'
+import cookie from 'cookie'
 import http, {mergeInQueryOrForm} from '../http'
 import createError from '../specmap/lib/create-error'
 
@@ -109,7 +110,8 @@ export function buildRequest(options) {
       // This breaks CORSs... removing this line... probably breaks oAuth. Need to address that
       // This also breaks tests
       // 'access-control-allow-origin': '*'
-    }
+    },
+    cookies: {}
   }
 
   if (requestInterceptor) {
@@ -124,6 +126,11 @@ export function buildRequest(options) {
 
   // Mostly for testing
   if (!operationId) {
+    // Not removing req.cookies causes testing issues and would
+    // change our interface, so we're always sure to remove it.
+    // See the same statement lower down in this function for
+    // more context.
+    delete req.cookies
     return req
   }
 
@@ -198,6 +205,26 @@ export function buildRequest(options) {
     req = swagger2BuildRequest(versionSpecificOptions, req)
   }
 
+
+  // If the cookie convenience object exists in our request,
+  // serialize its content and then delete the cookie object.
+  if (req.cookies && Object.keys(req.cookies).length) {
+    const cookieString = Object.keys(req.cookies).reduce((prev, cookieName) => {
+      const cookieValue = req.cookies[cookieName]
+      const prefix = prev ? '&' : ''
+      const stringified = cookie.serialize(cookieName, cookieValue)
+      return prev + prefix + stringified
+    }, '')
+    req.headers.Cookie = cookieString
+  }
+
+  if (req.cookies) {
+    // even if no cookies were defined, we need to remove
+    // the cookies key from our request, or many many legacy
+    // tests will break.
+    delete req.cookies
+  }
+
   // Will add the query object into the URL, if it exists
   // ... will also create a FormData instance, if multipart/form-data (eg: a file)
   mergeInQueryOrForm(req)
@@ -219,7 +246,7 @@ function oas3BaseUrl({spec, server, contextUrl, serverVariables = {}}) {
   let selectedServerUrl = ''
   let selectedServerObj = null
 
-  if (server) {
+  if (server && servers) {
     const serverUrls = servers.map(srv => srv.url)
 
     if (serverUrls.indexOf(server) > -1) {
@@ -259,15 +286,18 @@ function buildOas3UrlWithContext(ourUrl = '', contextUrl = '') {
   const computedScheme = stripNonAlpha(parsedUrl.protocol) || stripNonAlpha(parsedContextUrl.protocol) || ''
   const computedHost = parsedUrl.host || parsedContextUrl.host
   const computedPath = parsedUrl.pathname || ''
+  let res
 
   if (computedScheme && computedHost) {
-    const res = `${computedScheme}://${computedHost + computedPath}`
+    res = `${computedScheme}://${computedHost + computedPath}`
 
     // If last character is '/', trim it off
-    return res[res.length - 1] === '/' ? res.slice(0, -1) : res
+  }
+  else {
+    res = computedPath
   }
 
-  return ''
+  return res[res.length - 1] === '/' ? res.slice(0, -1) : res
 }
 
 function getVariableTemplateNames(str) {
@@ -290,13 +320,17 @@ function swagger2BaseUrl({spec, scheme, contextUrl = ''}) {
   const computedScheme = scheme || firstSchemeInSpec || stripNonAlpha(parsedContextUrl.protocol) || 'http'
   const computedHost = spec.host || parsedContextUrl.host || ''
   const computedPath = spec.basePath || ''
+  let res
 
   if (computedScheme && computedHost) {
-    const res = `${computedScheme}://${computedHost + computedPath}`
-
-    // If last character is '/', trim it off
-    return res[res.length - 1] === '/' ? res.slice(0, -1) : res
+    // we have what we need for an absolute URL
+    res = `${computedScheme}://${computedHost + computedPath}`
+  }
+  else {
+    // if not, a relative URL will have to do
+    res = computedPath
   }
 
-  return ''
+  // If last character is '/', trim it off
+  return res[res.length - 1] === '/' ? res.slice(0, -1) : res
 }
diff --git a/src/execute/oas3/build-request.js b/src/execute/oas3/build-request.js
@@ -1,16 +1,23 @@
 // This function runs after the common function,
 // `src/execute/index.js#buildRequest`
+import assign from 'lodash/assign'
+import get from 'lodash/get'
+import btoa from 'btoa'
 
 export default function (options, req) {
   const {
     operation,
-    requestBody
+    requestBody,
+    securities,
+    spec
   } = options
 
   let {
     requestContentType
   } = options
 
+  req = applySecurities({request: req, securities, operation, spec})
+
   const requestBodyDef = operation.requestBody || {}
   const requestBodyMediaTypes = Object.keys(requestBodyDef.content || {})
 
@@ -64,3 +71,73 @@ export default function (options, req) {
 
   return req
 }
+
+// Add security values, to operations - that declare their need on them
+// Adapted from the Swagger2 implementation
+export function applySecurities({request, securities = {}, operation = {}, spec}) {
+  const result = assign({}, request)
+  const {authorized = {}} = securities
+  const security = operation.security || spec.security || []
+  const isAuthorized = authorized && !!Object.keys(authorized).length
+  const securityDef = get(spec, ['components', 'securitySchemes']) || {}
+
+  result.headers = result.headers || {}
+  result.query = result.query || {}
+
+  if (!Object.keys(securities).length || !isAuthorized || !security ||
+      (Array.isArray(operation.security) && !operation.security.length)) {
+    return request
+  }
+
+  security.forEach((securityObj, index) => {
+    for (const key in securityObj) {
+      const auth = authorized[key]
+      const schema = securityDef[key]
+
+      if (!auth) {
+        continue
+      }
+
+      const value = auth.value || auth
+      const {type} = schema
+
+      if (auth) {
+        if (type === 'apiKey') {
+          if (schema.in === 'query') {
+            result.query[schema.name] = value
+          }
+          if (schema.in === 'header') {
+            result.headers[schema.name] = value
+          }
+          if (schema.in === 'cookie') {
+            result.cookies[schema.name] = value
+          }
+        }
+        else if (type === 'http') {
+          if (schema.scheme === 'basic') {
+            const {username, password} = value
+            const encoded = btoa(`${username}:${password}`)
+            result.headers.Authorization = `Basic ${encoded}`
+          }
+
+          if (schema.scheme === 'bearer') {
+            result.headers.Authorization = `Bearer ${value}`
+          }
+        }
+        else if (type === 'oauth2') {
+          const token = auth.token || {}
+          const accessToken = token.access_token
+          let tokenType = token.token_type
+
+          if (!tokenType || tokenType.toLowerCase() === 'bearer') {
+            tokenType = 'Bearer'
+          }
+
+          result.headers.Authorization = `${tokenType} ${accessToken}`
+        }
+      }
+    }
+  })
+
+  return result
+}
diff --git a/src/execute/oas3/parameter-builders.js b/src/execute/oas3/parameter-builders.js
@@ -91,8 +91,19 @@ function query({req, value, parameter}) {
   }
 }
 
+const PARAMETER_HEADER_BLACKLIST = [
+  'accept',
+  'authorization',
+  'content-type'
+]
+
 function header({req, parameter, value}) {
   req.headers = req.headers || {}
+
+  if (PARAMETER_HEADER_BLACKLIST.indexOf(parameter.name.toLowerCase()) > -1) {
+    return
+  }
+
   if (typeof value !== 'undefined') {
     req.headers[parameter.name] = stylize({
       key: parameter.name,
diff --git a/src/execute/swagger2/build-request.js b/src/execute/swagger2/build-request.js
@@ -3,7 +3,7 @@
 
 import btoa from 'btoa'
 import assign from 'lodash/assign'
-import http, {mergeInQueryOrForm} from '../../http'
+import http from '../../http'
 
 
 export default function (options, req) {
diff --git a/src/index.js b/src/index.js
@@ -69,7 +69,9 @@ Swagger.prototype = {
     return Swagger.resolve({
       spec: this.spec,
       url: this.url,
-      allowMetaPatches: this.allowMetaPatches
+      allowMetaPatches: this.allowMetaPatches,
+      requestInterceptor: this.requestInterceptor || null,
+      responseInterceptor: this.responseInterceptor || null
     }).then((obj) => {
       this.originalSpec = this.spec
       this.spec = obj.spec
diff --git a/src/resolver.js b/src/resolver.js
@@ -2,11 +2,14 @@ import Http from './http'
 import mapSpec, {plugins} from './specmap'
 import {normalizeSwagger} from './helpers'
 
-export function makeFetchJSON(http) {
+export function makeFetchJSON(http, opts = {}) {
+  const {requestInterceptor, responseInterceptor} = opts
   return (docPath) => {
     return http({
       url: docPath,
       loadSpec: true,
+      requestInterceptor,
+      responseInterceptor,
       headers: {
         Accept: 'application/json'
       },
@@ -23,10 +26,17 @@ export function clearCache() {
   plugins.refs.clearCache()
 }
 
-export default function resolve({
-  http, fetch, spec, url, baseDoc, mode, allowMetaPatches = true,
-  modelPropertyMacro, parameterMacro
-}) {
+export default function resolve(obj) {
+  const {
+    fetch, spec, url, mode, allowMetaPatches = true,
+    modelPropertyMacro, parameterMacro, requestInterceptor,
+    responseInterceptor
+  } = obj
+
+  let {http, baseDoc} = obj
+
+  // console.log(obj)
+
   // @TODO Swagger-UI uses baseDoc instead of url, this is to allow both
   // need to fix and pick one.
   baseDoc = baseDoc || url
@@ -36,7 +46,7 @@ export default function resolve({
   http = fetch || http || Http
 
   if (!spec) {
-    return makeFetchJSON(http)(baseDoc).then(doResolve)
+    return makeFetchJSON(http, {requestInterceptor, responseInterceptor})(baseDoc).then(doResolve)
   }
 
   return doResolve(spec)
@@ -47,7 +57,7 @@ export default function resolve({
     }
 
     // Build a json-fetcher ( ie: give it a URL and get json out )
-    plugins.refs.fetchJSON = makeFetchJSON(http)
+    plugins.refs.fetchJSON = makeFetchJSON(http, {requestInterceptor, responseInterceptor})
 
     const plugs = [plugins.refs]
 
diff --git a/test/execute/baseurl.js b/test/execute/baseurl.js
@@ -129,4 +129,15 @@ describe('baseUrl', () => {
 
     expect(res).toEqual('https://example.com:9090')
   })
+
+  it('should include a basePath when no contextUrl is available', () => {
+    const res = baseUrl({
+      spec: {
+        title: 'a spec',
+        basePath: '/mybase'
+      }
+    })
+
+    expect(res).toEqual('/mybase')
+  })
 })
diff --git a/test/index.js b/test/index.js
diff --git a/test/oas3/execute/authorization.js b/test/oas3/execute/authorization.js
diff --git a/test/oas3/execute/main.js b/test/oas3/execute/main.js
