feat(oas3): finished security support

Author: pksunkara

packages/fury-adapter-oas3-parser/STATUS.md

@@ -72,7 +72,7 @@ Key:
 | responses | [~](#responses-object) |
 | callbacks | [✕](https://github.com/apiaryio/api-elements.js/issues/74) |
 | deprecated | ✕ |
-| security | [✕](https://github.com/apiaryio/api-elements.js/issues/77) |
+| security | ✓ |
 | servers | [✕](https://github.com/apiaryio/api-elements.js/issues/76) |
 
 ## Parameter Object

packages/fury-adapter-oas3-parser/lib/parser/oas/parseComponentsObject.js

@@ -156,9 +156,20 @@ function parseComponentsObject(context, element) {
 
       object.forEach((value, key) => {
         if (value) {
-          // eslint-disable-next-line no-param-reassign
-          value.meta.id = key.clone();
-          array.push(value);
+          if (value instanceof namespace.elements.AuthScheme) {
+            // eslint-disable-next-line no-param-reassign
+            value.meta.id = key.clone();
+            array.push(value);
+
+            return;
+          }
+
+          // append oauth2 flow names
+          value.forEach((flow) => {
+            // eslint-disable-next-line no-param-reassign
+            flow.meta.id = `${key.toValue()} ${flow.grantType}`;
+            array.push(flow);
+          });
         }
       });
 

packages/fury-adapter-oas3-parser/lib/parser/oas/parseOauthFlowObject.js

@@ -40,11 +40,22 @@ function parseOauthFlowObject(context, object) {
       return scope;
     }));
 
+  const parseUrl = pipeParseResult(namespace,
+    parseString(context, name, false),
+    (url) => {
+      const transition = new namespace.elements.Transition();
+
+      transition.relation = url.key.toValue().slice(0, -3); // remove 'Url' from key
+      transition.href = url.value.clone();
+
+      return transition;
+    });
+
   const parseMember = R.cond([
     [hasKey('scopes'), R.compose(parseScopes, getValue)],
-    [hasKey('refreshUrl'), parseString(context, name, false)],
-    [hasKey('authorizationUrl'), parseString(context, name, false)],
-    [hasKey('tokenUrl'), parseString(context, name, false)],
+    [hasKey('refreshUrl'), parseUrl],
+    [hasKey('authorizationUrl'), parseUrl],
+    [hasKey('tokenUrl'), parseUrl],
 
     // FIXME Support exposing extensions into parse result
     [isExtension, () => new namespace.elements.ParseResult()],

packages/fury-adapter-oas3-parser/lib/parser/oas/parseOauthFlowsObject.js

@@ -72,6 +72,10 @@ function parseOauthFlowsObject(context, object) {
       authScheme.push(new namespace.elements.Member('grantType', grantTypes[member.key.toValue()]));
       authScheme.push(member.value.getMember('scopes'));
 
+      R.filter(R.is(namespace.elements.Transition), member.value).forEach((item) => {
+        authScheme.push(item);
+      });
+
       return authScheme;
     }));
 

packages/fury-adapter-oas3-parser/lib/parser/oas/parseOperationObject.js

@@ -1,8 +1,9 @@
 const R = require('ramda');
 const {
-  isMember, isExtension, hasKey, getValue,
+  isArray, isMember, isExtension, hasKey, getValue,
 } = require('../../predicates');
 const {
+  createWarning,
   createUnsupportedMemberWarning,
   createInvalidMemberWarning,
   createIdentifierNotUniqueWarning,
@@ -13,6 +14,7 @@ const parseObject = require('../parseObject');
 const parseString = require('../parseString');
 const parseResponsesObject = require('./parseResponsesObject');
 const parseParameterObjects = require('./parseParameterObjects');
+const parseSecurityRequirementObject = require('./parseSecurityRequirementObject');
 const parseRequestBodyObject = require('./parseRequestBodyObject');
 const parseReference = require('../parseReference');
 
@@ -21,7 +23,7 @@ const parseRequestBodyObjectOrRef = parseReference('requestBodies', parseRequest
 const name = 'Operation Object';
 const requiredKeys = ['responses'];
 const unsupportedKeys = [
-  'tags', 'externalDocs', 'callbacks', 'deprecated', 'security',
+  'tags', 'externalDocs', 'callbacks', 'deprecated',
 ];
 const isUnsupportedKey = R.anyPass(R.map(hasKey, unsupportedKeys));
 
@@ -102,13 +104,26 @@ function parseOperationObject(context, path, member) {
     ),
   ]));
 
+  const parseSecurity = pipeParseResult(namespace,
+    R.unless(isArray, createWarning(namespace, `'${name}' 'security' is not an array`)),
+    R.compose(R.chain(parseSecurityRequirementObject(context)), R.constructN(1, namespace.elements.Array)),
+    requirements => requirements.map((requirement) => {
+      if (requirement.length === 1) {
+        return requirement.get(0);
+      }
+
+      const authSchemeRequirement = new namespace.elements.AuthSchemeRequirement(requirement.content);
+      return authSchemeRequirement;
+    }));
+
   const parseMember = R.cond([
     [hasKey('summary'), parseString(context, name, false)],
     [hasKey('description'), parseCopy(context, name, false)],
     [hasKey('operationId'), pipeParseResult(namespace, parseString(context, name, false), parseOperationId)],
     [hasKey('responses'), R.compose(parseResponsesObject(context), getValue)],
     [hasKey('requestBody'), R.compose(parseRequestBodyObjectOrRef(context), getValue)],
     [hasKey('parameters'), R.compose(parseParameterObjects(context, name), getValue)],
+    [hasKey('security'), R.compose(parseSecurity, getValue)],
 
     [isUnsupportedKey, createUnsupportedMemberWarning(namespace, name)],
 
@@ -161,6 +176,13 @@ function parseOperationObject(context, path, member) {
         }
       }
 
+      const security = operation.get('security');
+      if (security) {
+        transactions.forEach((transaction) => {
+          transaction.attributes.set('authSchemes', security);
+        });
+      }
+
       return transition;
     });
 

packages/fury-adapter-oas3-parser/lib/parser/oas/parseSecurityRequirementObject.js

@@ -40,16 +40,17 @@ function parseSecurityRequirementObject(context, object) {
   const parseSecurityRequirement = pipeParseResult(namespace,
     parseObject(context, name, parseMember),
     (securityRequirement) => {
+      // TODO: expand oauth requirements into multiples depending on flows
       const arr = new namespace.elements.Array([]);
 
       securityRequirement.forEach((value, key) => {
         let e;
         const scopes = value.map(scope => scope.toValue());
 
         if (scopes.length) {
-          e = new namespace.elements.Object({ scopes });
+          e = new namespace.elements.AuthScheme({ scopes });
         } else {
-          e = new namespace.elements.Object({});
+          e = new namespace.elements.AuthScheme({});
         }
 
         e.element = key.toValue();

packages/fury-adapter-oas3-parser/lib/parser/oas/parseSecuritySchemeObject.js

@@ -10,6 +10,7 @@ const {
 const pipeParseResult = require('../../pipeParseResult');
 const parseObject = require('../parseObject');
 const parseString = require('../parseString');
+const parseOauthFlowsObject = require('./parseOauthFlowsObject');
 
 const name = 'Security Scheme Object';
 const requiredKeys = ['type'];
@@ -19,7 +20,7 @@ const passThrough = R.anyPass(R.map(hasKey, ['name', 'in', 'scheme', 'flows']));
 
 const isApiKeyScheme = securityScheme => securityScheme.getValue('type') === 'apiKey';
 const isHttpScheme = securityScheme => securityScheme.getValue('type') === 'http';
-// const isOauth2Scheme = securityScheme => securityScheme.getValue('type') === 'oauth2';
+const isOauth2Scheme = securityScheme => securityScheme.getValue('type') === 'oauth2';
 
 const isValidTypeValue = R.anyPass(R.map(hasValue, ['apiKey', 'http', 'oauth2', 'openIdConnect']));
 const isSupportedType = R.anyPass(R.map(hasValue, ['apiKey', 'http', 'oauth2']));
@@ -58,6 +59,16 @@ function validateHttpScheme(context, securityScheme) {
   return parseObject(context, name, parseMember, ['scheme'], [], true)(securityScheme);
 }
 
+function validateOauth2Scheme(context, securityScheme) {
+  const parseMember = R.cond([
+    [hasKey('flows'), R.compose(parseOauthFlowsObject(context), getValue)],
+
+    [R.T, e => e],
+  ]);
+
+  return parseObject(context, name, parseMember, ['flows'], [], true)(securityScheme);
+}
+
 /**
  * Parse Security Scheme Object
  *
@@ -104,20 +115,33 @@ function parseSecuritySchemeObject(context, object) {
     parseObject(context, name, parseMember, requiredKeys, [], true),
     R.when(isApiKeyScheme, R.curry(validateApiKeyScheme)(context)),
     R.when(isHttpScheme, R.curry(validateHttpScheme)(context)),
-    // R.when(isOauth2Scheme, parseSecuritySchemeFlowsObject),
+    R.when(isOauth2Scheme, R.curry(validateOauth2Scheme)(context)),
     (securityScheme) => {
       const authScheme = new namespace.elements.AuthScheme();
 
       const type = securityScheme.getValue('type');
       const scheme = securityScheme.getValue('scheme');
+      const description = securityScheme.get('description');
+
+      if (type === 'oauth2') {
+        const flows = securityScheme.get('flows');
+
+        if (description) {
+          flows.forEach((flow) => {
+            // eslint-disable-next-line no-param-reassign
+            flow.description = description;
+          });
+        }
+
+        return flows;
+      }
 
       if (type === 'apiKey' || (type === 'http' && scheme === 'bearer')) {
         authScheme.element = 'Token Authentication Scheme';
       } else if (type === 'http' && scheme === 'basic') {
         authScheme.element = 'Basic Authentication Scheme';
       }
 
-      const description = securityScheme.get('description');
       if (description) {
         authScheme.description = description;
       }

packages/fury-adapter-oas3-parser/test/unit/parser/oas/parseComponentsObject-test.js

@@ -343,6 +343,39 @@ describe('Components Object', () => {
       expect(securitySchemes.get(0).meta.id.toValue()).to.equal('token');
     });
 
+    it('parses oauth2 securityScheme with multiple flows', () => {
+      const components = new namespace.elements.Object({
+        securitySchemes: {
+          oauth: {
+            type: 'oauth2',
+            flows: {
+              password: {
+                tokenUrl: '/token',
+                scopes: {},
+              },
+              implicit: {
+                authorizationUrl: '/authorization',
+                scopes: {},
+              },
+            },
+          },
+        },
+      });
+
+      const parseResult = parse(context, components);
+      expect(parseResult.length).to.equal(1);
+
+      const parsedComponents = parseResult.get(0);
+      expect(parsedComponents).to.be.instanceof(namespace.elements.Object);
+
+      const securitySchemes = parsedComponents.get('securitySchemes');
+      expect(securitySchemes).to.be.instanceof(namespace.elements.Array);
+      expect(securitySchemes.get(0)).to.be.instanceof(namespace.elements.AuthScheme);
+      expect(securitySchemes.get(0).meta.id.toValue()).to.equal('oauth resource owner password credentials');
+      expect(securitySchemes.get(1)).to.be.instanceof(namespace.elements.AuthScheme);
+      expect(securitySchemes.get(1).meta.id.toValue()).to.equal('oauth implicit');
+    });
+
     it('handles invalid security scheme', () => {
       const components = new namespace.elements.Object({
         securitySchemes: {

packages/fury-adapter-oas3-parser/test/unit/parser/oas/parseOauthFlowObject-test.js

@@ -99,6 +99,24 @@ describe('Oauth Flow Object', () => {
       expect(parseResult.get(0).get('scopes')).to.be.instanceof(namespace.elements.Array);
       expect(parseResult.get(0).get('scopes').length).to.equal(0);
     });
+
+    it('parses it correctly', () => {
+      const oauthFlow = new namespace.elements.Object({
+        scopes: {},
+        refreshUrl: '/refresh',
+      });
+
+      const parseResult = parse(context, oauthFlow);
+
+      expect(parseResult.length).to.equal(1);
+      expect(parseResult.get(0)).to.be.instanceof(namespace.elements.Object);
+
+      const refreshUrl = parseResult.get(0).get('refreshUrl');
+
+      expect(refreshUrl).to.be.instanceof(namespace.elements.Transition);
+      expect(refreshUrl.relation.toValue()).to.equal('refresh');
+      expect(refreshUrl.href.toValue()).to.equal('/refresh');
+    });
   });
 
   describe('#tokenUrl', () => {
@@ -117,6 +135,24 @@ describe('Oauth Flow Object', () => {
       expect(parseResult.get(0).get('scopes')).to.be.instanceof(namespace.elements.Array);
       expect(parseResult.get(0).get('scopes').length).to.equal(0);
     });
+
+    it('parses it correctly', () => {
+      const oauthFlow = new namespace.elements.Object({
+        scopes: {},
+        tokenUrl: '/token',
+      });
+
+      const parseResult = parse(context, oauthFlow);
+
+      expect(parseResult.length).to.equal(1);
+      expect(parseResult.get(0)).to.be.instanceof(namespace.elements.Object);
+
+      const tokenUrl = parseResult.get(0).get('tokenUrl');
+
+      expect(tokenUrl).to.be.instanceof(namespace.elements.Transition);
+      expect(tokenUrl.relation.toValue()).to.equal('token');
+      expect(tokenUrl.href.toValue()).to.equal('/token');
+    });
   });
 
   describe('#authorizationUrl', () => {
@@ -135,6 +171,24 @@ describe('Oauth Flow Object', () => {
       expect(parseResult.get(0).get('scopes')).to.be.instanceof(namespace.elements.Array);
       expect(parseResult.get(0).get('scopes').length).to.equal(0);
     });
+
+    it('parses it correctly', () => {
+      const oauthFlow = new namespace.elements.Object({
+        scopes: {},
+        authorizationUrl: '/authorization',
+      });
+
+      const parseResult = parse(context, oauthFlow);
+
+      expect(parseResult.length).to.equal(1);
+      expect(parseResult.get(0)).to.be.instanceof(namespace.elements.Object);
+
+      const authorizationUrl = parseResult.get(0).get('authorizationUrl');
+
+      expect(authorizationUrl).to.be.instanceof(namespace.elements.Transition);
+      expect(authorizationUrl.relation.toValue()).to.equal('authorization');
+      expect(authorizationUrl.href.toValue()).to.equal('/authorization');
+    });
   });
 
   it('provides warning for invalid keys', () => {