All files / src/plugins/validation/swagger2/semantic-validators security-definitions.js

68.75% Statements 33/48
35.29% Branches 12/34
100% Functions 1/1
68.75% Lines 33/48

Press n or j to go to the next uncovered block, b, p or k for the previous block.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127                28x 28x   28x 34x   34x 34x 34x 34x 34x 34x 34x 34x 34x   34x   34x 46x 46x 46x   46x                 46x 17x   17x                 17x                 29x 29x 29x 29x 29x   29x             29x 29x                                                                         29x                       34x    
// Assertation 1: security definition must have type one of "apiKey" || "oauth2" || "basic"
// Assertation 2: "apiKey" security must have "in" one of "header" || "query", and required "name" string
// Assertation 3: "oauth2" security must have flow parameter one of "implicit" || "password" || "application" || "accessCode"
// Assertation 4: "oauth2" security flow "implicit" must have required string "authorizationUrl" and object "scopes" parameters
// Assertation 5: "oauth2" security flow "password" must have required string "tokenUrl" and object "scopes" parameters
// Assertation 5: "oauth2" security flow "accessCode" must have required string "tokenUrl", string "authorizationUrl" and object "scopes" parameters
// Assertation 6: "oauth2" security flow "application" must have required string "tokenUrl", string "authorizationUrl" and object "scopes" parameters
 
const isPlainObject = require('lodash/isPlainObject');
const MessageCarrier = require('../../../utils/messageCarrier');
 
module.exports.validate = function({ jsSpec }) {
  const messages = new MessageCarrier();
 
  const API_KEY = 'apiKey';
  const OAUTH2 = 'oauth2';
  const BASIC = 'basic';
  const auths = [API_KEY, OAUTH2, BASIC];
  const IMPLICIT = 'implicit';
  const PASSWORD = 'password';
  const APPLICATION = 'application';
  const ACCESS_CODE = 'accessCode';
  const oauth2Flows = [IMPLICIT, PASSWORD, APPLICATION, ACCESS_CODE];
 
  const securityDefinitions = jsSpec.securityDefinitions;
 
  for (const key in securityDefinitions) {
    const security = securityDefinitions[key];
    const type = security.type;
    const path = `securityDefinitions.${key}`;
 
    Iif (auths.indexOf(type) === -1) {
      messages.addMessageWithAuthId(
        path,
        `string 'type' param required for path: ${path}`,
        key,
        'error'
      );
    } else {
      //apiKey validation
      if (type === API_KEY) {
        const authIn = security.in;
 
        Iif (authIn !== 'query' && authIn !== 'header') {
          messages.addMessageWithAuthId(
            path,
            "apiKey authorization must have required 'in' param, valid values are 'query' or 'header'.",
            key,
            'error'
          );
        }
 
        Iif (!security.name) {
          messages.addMessageWithAuthId(
            path,
            "apiKey authorization must have required 'name' string param. The name of the header or query parameter to be used.",
            key,
            'error'
          );
        }
      } // oauth2 validation
      else Eif (type === OAUTH2) {
        const flow = security.flow;
        const authorizationUrl = security.authorizationUrl;
        const tokenUrl = security.tokenUrl;
        const scopes = security.scopes;
 
        Iif (oauth2Flows.indexOf(flow) === -1) {
          messages.addMessageWithAuthId(
            path,
            "oauth2 authorization must have required 'flow' string param. Valid values are 'implicit', 'password', 'application' or 'accessCode'",
            key,
            'error'
          );
        } else Eif (flow === IMPLICIT) {
          Iif (!authorizationUrl) {
            messages.addMessageWithAuthId(
              path,
              "oauth2 authorization implicit flow must have required 'authorizationUrl' parameter.",
              key,
              'error'
            );
          }
        } else if (flow === ACCESS_CODE) {
          if (!authorizationUrl || !tokenUrl) {
            messages.addMessageWithAuthId(
              path,
              "oauth2 authorization accessCode flow must have required 'authorizationUrl' and 'tokenUrl' string parameters.",
              key,
              'error'
            );
          }
        } else if (flow === PASSWORD) {
          if (!tokenUrl) {
            messages.addMessageWithAuthId(
              path,
              "oauth2 authorization password flow must have required 'tokenUrl' string parameter.",
              key,
              'error'
            );
          }
        } else if (flow === APPLICATION) {
          if (!tokenUrl) {
            messages.addMessageWithAuthId(
              path,
              "oauth2 authorization application flow must have required 'tokenUrl' string parameter.",
              key,
              'error'
            );
          }
        }
 
        Iif (!isPlainObject(scopes)) {
          messages.addMessageWithAuthId(
            path,
            "'scopes' is required property type object. The available scopes for the OAuth2 security scheme.",
            key,
            'error'
          );
        }
      }
    }
  }
 
  return messages;
};