Merge pull request #185 from apiaryio/pksunkara/security

Add support for oauth2 in the OAS 3 parser

Author: pksunkara

packages/fury-adapter-oas3-parser/lib/parser/oas/parseOauthFlowObject.js

@@ -0,0 +1,62 @@
+const R = require('ramda');
+const {
+  isExtension, hasKey, getValue,
+} = require('../../predicates');
+const {
+  createInvalidMemberWarning,
+} = require('../annotations');
+const pipeParseResult = require('../../pipeParseResult');
+const parseObject = require('../parseObject');
+const parseString = require('../parseString');
+
+const name = 'Oauth Flow Object';
+const requiredKeys = ['scopes'];
+
+/**
+ * Parse Oauth Flow Object
+ *
+ * @param namespace {Namespace}
+ * @param element {Element}
+ * @returns ParseResult
+ *
+ * @see https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#oauthFlowObject
+ * @private
+ */
+function parseOauthFlowObject(context, object) {
+  const { namespace } = context;
+  const scopesName = `${name}' 'scopes`;
+
+  const parseScopeMember = R.cond([
+    [R.T, parseString(context, scopesName, false)],
+  ]);
+
+  const parseScopes = pipeParseResult(namespace,
+    parseObject(context, scopesName, parseScopeMember, [], [], true),
+    scopes => new namespace.elements.Array(scopes.content),
+    R.map((member) => {
+      const scope = member.key.clone();
+      scope.description = member.value;
+
+      return scope;
+    }));
+
+  const parseMember = R.cond([
+    [hasKey('scopes'), R.compose(parseScopes, getValue)],
+    [hasKey('refreshUrl'), parseString(context, name, false)],
+    [hasKey('authorizationUrl'), parseString(context, name, false)],
+    [hasKey('tokenUrl'), parseString(context, name, false)],
+
+    // FIXME Support exposing extensions into parse result
+    [isExtension, () => new namespace.elements.ParseResult()],
+
+    // Return a warning for additional properties
+    [R.T, createInvalidMemberWarning(namespace, name)],
+  ]);
+
+  const parseOauthFlow = pipeParseResult(namespace,
+    parseObject(context, name, parseMember, requiredKeys, [], true));
+
+  return parseOauthFlow(object);
+}
+
+module.exports = R.curry(parseOauthFlowObject);

packages/fury-adapter-oas3-parser/lib/parser/oas/parseOauthFlowsObject.js

@@ -0,0 +1,81 @@
+const R = require('ramda');
+const {
+  isExtension, hasKey, getValue,
+} = require('../../predicates');
+const {
+  createWarning,
+  createInvalidMemberWarning,
+} = require('../annotations');
+const pipeParseResult = require('../../pipeParseResult');
+const parseObject = require('../parseObject');
+const parseOauthFlowObject = require('./parseOauthFlowObject');
+
+const name = 'Oauth Flows Object';
+
+const isValidFlow = R.anyPass(R.map(hasKey, ['implicit', 'password', 'clientCredentials', 'authorizationCode']));
+const grantTypes = {
+  implicit: 'implicit',
+  password: 'resource owner password credentials',
+  clientCredentials: 'client credentials',
+  authorizationCode: 'authorization code',
+};
+
+/**
+ * Parse Oauth Flows Object
+ *
+ * @param namespace {Namespace}
+ * @param element {Element}
+ * @returns ParseResult
+ *
+ * @see https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#oauthFlowsObject
+ * @private
+ */
+function parseOauthFlowsObject(context, object) {
+  const { namespace } = context;
+
+  const parseFlow = (member) => {
+    const key = member.key.toValue();
+
+    const needAuthorizationUrl = () => R.includes(key, ['implicit', 'authorizationCode']);
+    const needTokenUrl = () => R.includes(key, ['password', 'clientCredentials', 'authorizationCode']);
+
+    const hasAuthorizationUrl = flow => flow.get('authorizationUrl');
+    const hasTokenUrl = flow => flow.get('tokenUrl');
+
+    const parse = pipeParseResult(namespace,
+      R.compose(parseOauthFlowObject(context), getValue),
+      R.when(R.allPass([R.complement(hasAuthorizationUrl), needAuthorizationUrl]), () => createWarning(namespace,
+        `'${name}' '${key}' is missing required property 'authorizationUrl'`, member)),
+      R.when(R.allPass([R.complement(hasTokenUrl), needTokenUrl]), () => createWarning(namespace,
+        `'${name}' '${key}' is missing required property 'tokenUrl'`, member)));
+
+    return parse(member);
+  };
+
+  const parseMember = R.cond([
+    [isValidFlow, parseFlow],
+
+    // FIXME Support exposing extensions into parse result
+    [isExtension, () => new namespace.elements.ParseResult()],
+
+    // Return a warning for additional properties
+    [R.T, createInvalidMemberWarning(namespace, name)],
+  ]);
+
+  const parseOauthFlows = pipeParseResult(namespace,
+    parseObject(context, name, parseMember),
+    flows => new namespace.elements.Array(flows.content),
+    R.map((member) => {
+      const authScheme = new namespace.elements.AuthScheme();
+
+      authScheme.element = 'Oauth2 Scheme';
+      authScheme.push(new namespace.elements.Member('grantType', grantTypes[member.key.toValue()]));
+      authScheme.push(member.value.getMember('scopes'));
+
+      return authScheme;
+    }));
+
+  return parseOauthFlows(object);
+}
+
+module.exports = R.curry(parseOauthFlowsObject);

packages/fury-adapter-oas3-parser/lib/parser/oas/parseSecuritySchemeObject.js

@@ -13,27 +13,18 @@ const parseString = require('../parseString');
 
 const name = 'Security Scheme Object';
 const requiredKeys = ['type'];
-const unsupportedKeys = [
-  'bearerFormat', 'flows', 'openIdConnectUrl',
-];
+const unsupportedKeys = ['bearerFormat', 'openIdConnectUrl'];
 const isUnsupportedKey = R.anyPass(R.map(hasKey, unsupportedKeys));
-const passThrough = R.anyPass(R.map(hasKey, ['name', 'in', 'scheme']));
+const passThrough = R.anyPass(R.map(hasKey, ['name', 'in', 'scheme', 'flows']));
 
 const isApiKeyScheme = securityScheme => securityScheme.getValue('type') === 'apiKey';
 const isHttpScheme = securityScheme => securityScheme.getValue('type') === 'http';
+// const isOauth2Scheme = securityScheme => securityScheme.getValue('type') === 'oauth2';
 
-const isValidTypeValue = R.anyPass([
-  hasValue('apiKey'), hasValue('http'), hasValue('oauth2'), hasValue('openIdConnect'),
-]);
-const isSupportedType = R.anyPass([
-  hasValue('apiKey'), hasValue('http'),
-]);
-const isValidInValue = R.anyPass([
-  hasValue('query'), hasValue('header'), hasValue('cookie'),
-]);
-const isSupportedIn = R.anyPass([
-  hasValue('query'), hasValue('header'),
-]);
+const isValidTypeValue = R.anyPass(R.map(hasValue, ['apiKey', 'http', 'oauth2', 'openIdConnect']));
+const isSupportedType = R.anyPass(R.map(hasValue, ['apiKey', 'http', 'oauth2']));
+const isValidInValue = R.anyPass(R.map(hasValue, ['query', 'header', 'cookie']));
+const isSupportedIn = R.anyPass(R.map(hasValue, ['query', 'header']));
 
 function validateApiKeyScheme(context, securityScheme) {
   const { namespace } = context;
@@ -119,6 +110,7 @@ function parseSecuritySchemeObject(context, object) {
     parseObject(context, name, parseMember, requiredKeys, [], true),
     R.when(isApiKeyScheme, R.curry(validateApiKeyScheme)(context)),
     R.when(isHttpScheme, R.curry(validateHttpScheme)(context)),
+    // R.when(isOauth2Scheme, parseSecuritySchemeFlowsObject),
     (securityScheme) => {
       const authScheme = new namespace.elements.AuthScheme();
 

packages/fury-adapter-oas3-parser/test/unit/parser/oas/parseOauthFlowObject-test.js

@@ -0,0 +1,162 @@
+const { Fury } = require('fury');
+const { expect } = require('../../chai');
+const parse = require('../../../../lib/parser/oas/parseOauthFlowObject');
+const Context = require('../../../../lib/context');
+
+const { minim: namespace } = new Fury();
+
+describe('Oauth Flow Object', () => {
+  let context;
+  beforeEach(() => {
+    context = new Context(namespace);
+  });
+
+  it('provides warning when oauth flow is not an object', () => {
+    const oauthFlow = new namespace.elements.String();
+
+    const parseResult = parse(context, oauthFlow);
+
+    expect(parseResult.length).to.equal(1);
+    expect(parseResult).to.contain.warning("'Oauth Flow Object' is not an object");
+  });
+
+  describe('#scopes', () => {
+    it('provides a warning when scopes does not exist', () => {
+      const oauthFlow = new namespace.elements.Object({
+      });
+
+      const parseResult = parse(context, oauthFlow);
+
+      expect(parseResult.length).to.equal(1);
+      expect(parseResult).to.contain.warning("'Oauth Flow Object' is missing required property 'scopes'");
+    });
+
+    it('provides a warning when scopes is not an object', () => {
+      const oauthFlow = new namespace.elements.Object({
+        scopes: 1,
+      });
+
+      const parseResult = parse(context, oauthFlow);
+
+      expect(parseResult.length).to.equal(1);
+      expect(parseResult).to.contain.warning("'Oauth Flow Object' 'scopes' is not an object");
+    });
+
+    it('provides a warning when scopes value item is not a string', () => {
+      const oauthFlow = new namespace.elements.Object({
+        scopes: {
+          read: 1,
+        },
+      });
+
+      const parseResult = parse(context, oauthFlow);
+
+      expect(parseResult.length).to.equal(2);
+      expect(parseResult).to.contain.warning("'Oauth Flow Object' 'scopes' 'read' is not a string");
+
+      expect(parseResult.get(0)).to.be.instanceof(namespace.elements.Object);
+      expect(parseResult.get(0).get('scopes')).to.be.instanceof(namespace.elements.Array);
+      expect(parseResult.get(0).get('scopes').length).to.equal(0);
+    });
+
+    it('parses scopes correctly', () => {
+      const oauthFlow = new namespace.elements.Object({
+        scopes: {
+          read: 'description',
+        },
+      });
+
+      const parseResult = parse(context, oauthFlow);
+
+      expect(parseResult.length).to.equal(1);
+      expect(parseResult.get(0)).to.be.instanceof(namespace.elements.Object);
+
+      const scopes = parseResult.get(0).get('scopes');
+
+      expect(scopes).to.be.instanceof(namespace.elements.Array);
+      expect(scopes.length).to.equal(1);
+
+      expect(scopes.get(0)).to.be.instanceof(namespace.elements.String);
+      expect(scopes.get(0).toValue()).to.equal('read');
+      expect(scopes.get(0).description).to.not.be.undefined;
+      expect(scopes.get(0).description.toValue()).to.equal('description');
+    });
+  });
+
+  describe('#refreshUrl', () => {
+    it('provides an warning when refreshUrl is not a string', () => {
+      const oauthFlow = new namespace.elements.Object({
+        scopes: {},
+        refreshUrl: 1,
+      });
+
+      const parseResult = parse(context, oauthFlow);
+
+      expect(parseResult.length).to.equal(2);
+      expect(parseResult).to.contain.warning("'Oauth Flow Object' 'refreshUrl' is not a string");
+
+      expect(parseResult.get(0)).to.be.instanceof(namespace.elements.Object);
+      expect(parseResult.get(0).get('scopes')).to.be.instanceof(namespace.elements.Array);
+      expect(parseResult.get(0).get('scopes').length).to.equal(0);
+    });
+  });
+
+  describe('#tokenUrl', () => {
+    it('provides an warning when tokenUrl is not a string', () => {
+      const oauthFlow = new namespace.elements.Object({
+        scopes: {},
+        tokenUrl: 1,
+      });
+
+      const parseResult = parse(context, oauthFlow);
+
+      expect(parseResult.length).to.equal(2);
+      expect(parseResult).to.contain.warning("'Oauth Flow Object' 'tokenUrl' is not a string");
+
+      expect(parseResult.get(0)).to.be.instanceof(namespace.elements.Object);
+      expect(parseResult.get(0).get('scopes')).to.be.instanceof(namespace.elements.Array);
+      expect(parseResult.get(0).get('scopes').length).to.equal(0);
+    });
+  });
+
+  describe('#authorizationUrl', () => {
+    it('provides an warning when authorizationUrl is not a string', () => {
+      const oauthFlow = new namespace.elements.Object({
+        scopes: {},
+        authorizationUrl: 1,
+      });
+
+      const parseResult = parse(context, oauthFlow);
+
+      expect(parseResult.length).to.equal(2);
+      expect(parseResult).to.contain.warning("'Oauth Flow Object' 'authorizationUrl' is not a string");
+
+      expect(parseResult.get(0)).to.be.instanceof(namespace.elements.Object);
+      expect(parseResult.get(0).get('scopes')).to.be.instanceof(namespace.elements.Array);
+      expect(parseResult.get(0).get('scopes').length).to.equal(0);
+    });
+  });
+
+  it('provides warning for invalid keys', () => {
+    const oauthFlow = new namespace.elements.Object({
+      scopes: {},
+      invalid: '',
+    });
+
+    const parseResult = parse(context, oauthFlow);
+
+    expect(parseResult.length).to.equal(2);
+    expect(parseResult).to.contain.warning("'Oauth Flow Object' contains invalid key 'invalid'");
+  });
+
+  it('does not provide warning/errors for extensions', () => {
+    const oauthFlow = new namespace.elements.Object({
+      scopes: {},
+      'x-extension': '',
+    });
+
+    const parseResult = parse(context, oauthFlow);
+
+    expect(parseResult).to.not.contain.annotations;
+  });
+});