Merge pull request #1194 from zeitlinger/auth-per-host

allow to filter authorization by URL

Author: gracekarina

modules/swagger-parser-core/src/main/java/io/swagger/v3/parser/core/models/AuthorizationValue.java

@@ -1,15 +1,26 @@
 package io.swagger.v3.parser.core.models;
 
+import java.net.URL;
+import java.util.Objects;
+import java.util.function.Predicate;
+
+
 public class AuthorizationValue {
     private String value, type, keyName;
+    private Predicate<URL> urlMatcher;
 
     public AuthorizationValue() {
     }
 
-    public AuthorizationValue(String keyName, String value, String type) {
+    public AuthorizationValue(String keyName, String value, String type, Predicate<URL> urlMatcher) {
         this.setKeyName(keyName);
         this.setValue(value);
         this.setType(type);
+        this.setUrlMatcher(urlMatcher);
+    }
+
+    public AuthorizationValue(String keyName, String value, String type) {
+        this(keyName, value, type, url -> true);
     }
 
     public AuthorizationValue value(String value) {
@@ -27,6 +38,11 @@ public AuthorizationValue keyName(String keyName) {
         return this;
     }
 
+    public AuthorizationValue urlMatcher(Predicate<URL> urlMatcher) {
+        setUrlMatcher(urlMatcher);
+        return this;
+    }
+
     public String getValue() {
         return value;
     }
@@ -51,13 +67,22 @@ public void setKeyName(String keyName) {
         this.keyName = keyName;
     }
 
+    public Predicate<URL> getUrlMatcher() {
+        return urlMatcher;
+    }
+
+    public void setUrlMatcher(Predicate<URL> urlMatcher) {
+        this.urlMatcher = Objects.requireNonNull(urlMatcher);
+    }
+
     @Override
     public int hashCode() {
         final int prime = 31;
         int result = 1;
         result = prime * result + ((keyName == null) ? 0 : keyName.hashCode());
         result = prime * result + ((type == null) ? 0 : type.hashCode());
         result = prime * result + ((value == null) ? 0 : value.hashCode());
+        result = prime * result + urlMatcher.hashCode();
         return result;
     }
 
@@ -94,6 +119,9 @@ public boolean equals(Object obj) {
         } else if (!value.equals(other.value)) {
             return false;
         }
+        if (!urlMatcher.equals(other.urlMatcher)) {
+            return false;
+        }
         return true;
     }
 }

modules/swagger-parser-v3/src/main/java/io/swagger/v3/parser/OpenAPIV3Parser.java

@@ -13,10 +13,10 @@
 import io.swagger.v3.parser.util.RemoteUrl;
 import io.swagger.v3.parser.util.ResolverFully;
 import org.apache.commons.io.FileUtils;
-import javax.net.ssl.SSLHandshakeException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.net.ssl.SSLHandshakeException;
 import java.net.URI;
 import java.nio.charset.Charset;
 import java.nio.file.Files;
@@ -127,7 +127,7 @@ private ObjectMapper getRightMapper(String data) {
       }
       return mapper;
     }
-    
+
     public SwaggerParseResult readWithInfo(String location, List<AuthorizationValue> auths) {
         String data;
 
@@ -175,7 +175,7 @@ public SwaggerParseResult readContents(String swaggerAsString, List<Authorizatio
         SwaggerParseResult result = new SwaggerParseResult();
         if(swaggerAsString != null && !"".equals(swaggerAsString.trim())) {
             ObjectMapper mapper = getRightMapper(swaggerAsString);
-            
+
             if(auth == null) {
                 auth = new ArrayList<>();
             }
@@ -217,7 +217,7 @@ public SwaggerParseResult readContents(String swaggerAsString, List<Authorizatio
      * Locates extensions on the current thread class loader and then, if it differs
      * from this class classloader (as in OSGi), locates extensions from this
      * class classloader as well.
-     * 
+     *
      * @return a list of extensions
      */
     public static List<SwaggerParserExtension> getExtensions() {
@@ -262,6 +262,7 @@ protected List<AuthorizationValue> transform(List<AuthorizationValue> input) {
             v.setKeyName(value.getKeyName());
             v.setValue(value.getValue());
             v.setType(value.getType());
+            v.setUrlMatcher(value.getUrlMatcher());
 
             output.add(v);
         }

modules/swagger-parser-v3/src/main/java/io/swagger/v3/parser/util/RemoteUrl.java

@@ -115,10 +115,12 @@ public static String urlToString(String url, List<AuthorizationValue> auths) thr
                 final List<AuthorizationValue> header = new ArrayList<>();
                 if (auths != null && auths.size() > 0) {
                     for (AuthorizationValue auth : auths) {
-                        if ("query".equals(auth.getType())) {
-                            appendValue(inUrl, auth, query);
-                        } else if ("header".equals(auth.getType())) {
-                            appendValue(inUrl, auth, header);
+                        if (auth.getUrlMatcher().test(inUrl)) {
+                            if ("query".equals(auth.getType())) {
+                                appendValue(inUrl, auth, query);
+                            } else if ("header".equals(auth.getType())) {
+                                appendValue(inUrl, auth, header);
+                            }
                         }
                     }
                 }

modules/swagger-parser-v3/src/test/java/io/swagger/v3/parser/util/RemoteUrlTest.java

@@ -2,22 +2,24 @@
 
 import com.github.tomakehurst.wiremock.WireMockServer;
 import com.github.tomakehurst.wiremock.client.WireMock;
+import com.github.tomakehurst.wiremock.verification.LoggedRequest;
 import io.swagger.v3.parser.core.models.AuthorizationValue;
 import org.testng.annotations.AfterMethod;
 import org.testng.annotations.BeforeMethod;
 import org.testng.annotations.Test;
 
 import java.util.Arrays;
+import java.util.List;
 
 import static com.github.tomakehurst.wiremock.client.WireMock.aResponse;
 import static com.github.tomakehurst.wiremock.client.WireMock.equalTo;
 import static com.github.tomakehurst.wiremock.client.WireMock.get;
 import static com.github.tomakehurst.wiremock.client.WireMock.getRequestedFor;
 import static com.github.tomakehurst.wiremock.client.WireMock.stubFor;
 import static com.github.tomakehurst.wiremock.client.WireMock.urlEqualTo;
-import static com.github.tomakehurst.wiremock.client.WireMock.urlPathEqualTo;
 import static com.github.tomakehurst.wiremock.client.WireMock.verify;
 import static org.testng.Assert.assertEquals;
+import static org.testng.Assert.assertFalse;
 
 public class RemoteUrlTest {
 
@@ -76,6 +78,43 @@ public void testAuthorizationHeader() throws Exception {
         );
     }
 
+    @Test
+    public void testAuthorizationHeaderWithMatchingUrl() throws Exception {
+
+        final String expectedBody = setupStub();
+
+        final String headerName = "Authorization";
+        final String headerValue = "foobar";
+        final AuthorizationValue authorizationValue = new AuthorizationValue(headerName, headerValue, "header",
+            url -> url.toString().startsWith("http://localhost"));
+        final String actualBody = RemoteUrl.urlToString(getUrl(), Arrays.asList(authorizationValue));
+
+        assertEquals(actualBody, expectedBody);
+
+        verify(getRequestedFor(urlEqualTo("/v2/pet/1"))
+                        .withHeader("Accept", equalTo(EXPECTED_ACCEPTS_HEADER))
+                        .withHeader(headerName, equalTo(headerValue))
+        );
+    }
+
+    @Test
+    public void testAuthorizationHeaderWithNonMatchingUrl() throws Exception {
+
+        final String expectedBody = setupStub();
+
+        final String headerValue = "foobar";
+        String authorization = "Authorization";
+        final AuthorizationValue authorizationValue = new AuthorizationValue(authorization,
+            headerValue, "header", u -> false);
+        final String actualBody = RemoteUrl.urlToString(getUrl(), Arrays.asList(authorizationValue));
+
+        assertEquals(actualBody, expectedBody);
+
+        List<LoggedRequest> requests = WireMock.findAll(getRequestedFor(urlEqualTo("/v2/pet/1")));
+        assertEquals(1, requests.size());
+        assertFalse(requests.get(0).containsHeader(authorization));
+    }
+
     private String getUrl() {
         return String.format("http://%s:%d/v2/pet/1", LOCALHOST, WIRE_MOCK_PORT);
     }

modules/swagger-parser/src/test/java/io/swagger/parser/OpenAPIParserTest.java

@@ -124,13 +124,13 @@ public void testIssue768() {
 
     @Test
     public void test30Url() {
-        String location = "http://petstore.swagger.io/v2/swagger.json";
+        String location = "https://raw.githubusercontent.com/OAI/OpenAPI-Specification/master/examples/v3.0/petstore.yaml";
 
         SwaggerParseResult result = new OpenAPIParser().readLocation(location, null, null);
 
         assertNotNull(result);
         assertNotNull(result.getOpenAPI());
-        assertEquals(result.getOpenAPI().getOpenapi(), "3.0.1");
+        assertEquals(result.getOpenAPI().getOpenapi(), "3.0.0");
     }
 
     @Test