Fix security scheme issues in Delivery API OpenAPI spec (#17401)

kjac · web-flow · commit 0505ff531605 · 2024-11-04T14:07:18.000+01:00
diff --git a/src/Umbraco.Cms.Api.Common/OpenApi/RemoveSecuritySchemesDocumentFilter.cs b/src/Umbraco.Cms.Api.Common/OpenApi/RemoveSecuritySchemesDocumentFilter.cs
@@ -0,0 +1,25 @@
+﻿using Microsoft.OpenApi.Models;
+using Swashbuckle.AspNetCore.SwaggerGen;
+
+namespace Umbraco.Cms.Api.Common.OpenApi;
+
+/// <summary>
+/// This filter explicitly removes all security schemes from a named OpenAPI document.
+/// </summary>
+public class RemoveSecuritySchemesDocumentFilter : IDocumentFilter
+{
+    private readonly string _documentName;
+
+    public RemoveSecuritySchemesDocumentFilter(string documentName)
+        => _documentName = documentName;
+
+    public void Apply(OpenApiDocument swaggerDoc, DocumentFilterContext context)
+    {
+        if (context.DocumentName != _documentName)
+        {
+            return;
+        }
+
+        swaggerDoc.Components.SecuritySchemes.Clear();
+    }
+}
diff --git a/src/Umbraco.Cms.Api.Delivery/Configuration/ConfigureUmbracoDeliveryApiSwaggerGenOptions.cs b/src/Umbraco.Cms.Api.Delivery/Configuration/ConfigureUmbracoDeliveryApiSwaggerGenOptions.cs
@@ -21,6 +21,7 @@ public void Configure(SwaggerGenOptions swaggerGenOptions)
             });
 
         swaggerGenOptions.DocumentFilter<MimeTypeDocumentFilter>(DeliveryApiConfiguration.ApiName);
+        swaggerGenOptions.DocumentFilter<RemoveSecuritySchemesDocumentFilter>(DeliveryApiConfiguration.ApiName);
 
         swaggerGenOptions.OperationFilter<SwaggerContentDocumentationFilter>();
         swaggerGenOptions.OperationFilter<SwaggerMediaDocumentationFilter>();
diff --git a/src/Umbraco.Cms.Api.Delivery/Configuration/ConfigureUmbracoMemberAuthenticationDeliveryApiSwaggerGenOptions.cs b/src/Umbraco.Cms.Api.Delivery/Configuration/ConfigureUmbracoMemberAuthenticationDeliveryApiSwaggerGenOptions.cs
@@ -17,33 +17,16 @@ namespace Umbraco.Cms.Api.Delivery.Configuration;
 /// </remarks>
 public class ConfigureUmbracoMemberAuthenticationDeliveryApiSwaggerGenOptions : IConfigureOptions<SwaggerGenOptions>
 {
-    private const string AuthSchemeName = "Umbraco Member";
+    private const string AuthSchemeName = "UmbracoMember";
 
     public void Configure(SwaggerGenOptions options)
     {
-        options.AddSecurityDefinition(
-            AuthSchemeName,
-            new OpenApiSecurityScheme
-            {
-                In = ParameterLocation.Header,
-                Name = AuthSchemeName,
-                Type = SecuritySchemeType.OAuth2,
-                Description = "Umbraco Member Authentication",
-                Flows = new OpenApiOAuthFlows
-                {
-                    AuthorizationCode = new OpenApiOAuthFlow
-                    {
-                        AuthorizationUrl = new Uri(Paths.MemberApi.AuthorizationEndpoint, UriKind.Relative),
-                        TokenUrl = new Uri(Paths.MemberApi.TokenEndpoint, UriKind.Relative)
-                    }
-                }
-            });
-
         // add security requirements for content API operations
+        options.DocumentFilter<DeliveryApiSecurityFilter>();
         options.OperationFilter<DeliveryApiSecurityFilter>();
     }
 
-    private class DeliveryApiSecurityFilter : SwaggerFilterBase<ContentApiControllerBase>, IOperationFilter
+    private class DeliveryApiSecurityFilter : SwaggerFilterBase<ContentApiControllerBase>, IOperationFilter, IDocumentFilter
     {
         public void Apply(OpenApiOperation operation, OperationFilterContext context)
         {
@@ -70,5 +53,31 @@ public void Apply(OpenApiOperation operation, OperationFilterContext context)
                 }
             };
         }
+
+        public void Apply(OpenApiDocument swaggerDoc, DocumentFilterContext context)
+        {
+            if (context.DocumentName != DeliveryApiConfiguration.ApiName)
+            {
+                return;
+            }
+
+            swaggerDoc.Components.SecuritySchemes.Add(
+                AuthSchemeName,
+                new OpenApiSecurityScheme
+                {
+                    In = ParameterLocation.Header,
+                    Name = AuthSchemeName,
+                    Type = SecuritySchemeType.OAuth2,
+                    Description = "Umbraco Member Authentication",
+                    Flows = new OpenApiOAuthFlows
+                    {
+                        AuthorizationCode = new OpenApiOAuthFlow
+                        {
+                            AuthorizationUrl = new Uri(Paths.MemberApi.AuthorizationEndpoint, UriKind.Relative),
+                            TokenUrl = new Uri(Paths.MemberApi.TokenEndpoint, UriKind.Relative)
+                        }
+                    }
+                });
+        }
     }
 }
