Press n or j to go to the next uncovered block, b, p or k for the previous block.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 | 28x 28x 28x 34x 34x 34x 34x 34x 34x 34x 34x 34x 34x 34x 34x 46x 46x 46x 46x 46x 17x 17x 17x 29x 29x 29x 29x 29x 29x 29x 29x 29x 34x | // Assertation 1: security definition must have type one of "apiKey" || "oauth2" || "basic" // Assertation 2: "apiKey" security must have "in" one of "header" || "query", and required "name" string // Assertation 3: "oauth2" security must have flow parameter one of "implicit" || "password" || "application" || "accessCode" // Assertation 4: "oauth2" security flow "implicit" must have required string "authorizationUrl" and object "scopes" parameters // Assertation 5: "oauth2" security flow "password" must have required string "tokenUrl" and object "scopes" parameters // Assertation 5: "oauth2" security flow "accessCode" must have required string "tokenUrl", string "authorizationUrl" and object "scopes" parameters // Assertation 6: "oauth2" security flow "application" must have required string "tokenUrl", string "authorizationUrl" and object "scopes" parameters const isPlainObject = require('lodash/isPlainObject'); const MessageCarrier = require('../../../utils/messageCarrier'); module.exports.validate = function({ jsSpec }) { const messages = new MessageCarrier(); const API_KEY = 'apiKey'; const OAUTH2 = 'oauth2'; const BASIC = 'basic'; const auths = [API_KEY, OAUTH2, BASIC]; const IMPLICIT = 'implicit'; const PASSWORD = 'password'; const APPLICATION = 'application'; const ACCESS_CODE = 'accessCode'; const oauth2Flows = [IMPLICIT, PASSWORD, APPLICATION, ACCESS_CODE]; const securityDefinitions = jsSpec.securityDefinitions; for (const key in securityDefinitions) { const security = securityDefinitions[key]; const type = security.type; const path = `securityDefinitions.${key}`; Iif (auths.indexOf(type) === -1) { messages.addMessageWithAuthId( path, `string 'type' param required for path: ${path}`, key, 'error' ); } else { //apiKey validation if (type === API_KEY) { const authIn = security.in; Iif (authIn !== 'query' && authIn !== 'header') { messages.addMessageWithAuthId( path, "apiKey authorization must have required 'in' param, valid values are 'query' or 'header'.", key, 'error' ); } Iif (!security.name) { messages.addMessageWithAuthId( path, "apiKey authorization must have required 'name' string param. The name of the header or query parameter to be used.", key, 'error' ); } } // oauth2 validation else Eif (type === OAUTH2) { const flow = security.flow; const authorizationUrl = security.authorizationUrl; const tokenUrl = security.tokenUrl; const scopes = security.scopes; Iif (oauth2Flows.indexOf(flow) === -1) { messages.addMessageWithAuthId( path, "oauth2 authorization must have required 'flow' string param. Valid values are 'implicit', 'password', 'application' or 'accessCode'", key, 'error' ); } else Eif (flow === IMPLICIT) { Iif (!authorizationUrl) { messages.addMessageWithAuthId( path, "oauth2 authorization implicit flow must have required 'authorizationUrl' parameter.", key, 'error' ); } } else if (flow === ACCESS_CODE) { if (!authorizationUrl || !tokenUrl) { messages.addMessageWithAuthId( path, "oauth2 authorization accessCode flow must have required 'authorizationUrl' and 'tokenUrl' string parameters.", key, 'error' ); } } else if (flow === PASSWORD) { if (!tokenUrl) { messages.addMessageWithAuthId( path, "oauth2 authorization password flow must have required 'tokenUrl' string parameter.", key, 'error' ); } } else if (flow === APPLICATION) { if (!tokenUrl) { messages.addMessageWithAuthId( path, "oauth2 authorization application flow must have required 'tokenUrl' string parameter.", key, 'error' ); } } Iif (!isPlainObject(scopes)) { messages.addMessageWithAuthId( path, "'scopes' is required property type object. The available scopes for the OAuth2 security scheme.", key, 'error' ); } } } } return messages; }; |