refs #2312 - enhance security handling

frantuma · frantuma · commit c864f1bb870d · 2017-08-08T17:08:45.000+02:00
diff --git a/modules/swagger-core/src/main/java/io/swagger/jackson/ModelResolver.java b/modules/swagger-core/src/main/java/io/swagger/jackson/ModelResolver.java
@@ -549,7 +549,7 @@ else if(PrimitiveType.fromType(type) != null) {
                             }
                         }
                         JAXBAnnotationsHelper.apply(member, property);
-                        applyBeanValidatorAnnotations(property, annotations);
+                        applyBeanValidatorAnnotations(property, annotations, model);
                     }
                 }
 
@@ -845,21 +845,19 @@ private static Schema process(Schema id, String propertyName, JavaType type,
         }
     }
 
-    protected void applyBeanValidatorAnnotations(Schema property, Annotation[] annotations) {
+    protected void applyBeanValidatorAnnotations(Schema property, Annotation[] annotations, Schema parent) {
         Map<String, Annotation> annos = new HashMap<String, Annotation>();
         if (annotations != null) {
             for (Annotation anno : annotations) {
                 annos.put(anno.annotationType().getName(), anno);
             }
         }
-        // TODO #2312
         if (annos.containsKey("javax.validation.constraints.NotNull")) {
-//            property.setRequired(true);
+            parent.addRequiredItem(property.getName());
         }
         if (annos.containsKey("javax.validation.constraints.Min")) {
             if ("integer".equals(property.getType()) || "number". equals(property.getType())) {
                 Min min = (Min) annos.get("javax.validation.constraints.Min");
-//                AbstractNumericProperty ap = (AbstractNumericProperty) property;
                 property.setMinimum(new BigDecimal(min.value()));
             }
         }
diff --git a/modules/swagger-core/src/main/java/io/swagger/util/DeserializationModule.java b/modules/swagger-core/src/main/java/io/swagger/util/DeserializationModule.java
@@ -5,7 +5,7 @@
 import io.swagger.oas.models.media.Schema;
 import io.swagger.oas.models.parameters.Parameter;
 import io.swagger.oas.models.responses.ApiResponse;
-
+import io.swagger.oas.models.security.SecurityScheme;
 
 public class DeserializationModule extends SimpleModule {
 
@@ -23,8 +23,7 @@ public DeserializationModule(boolean includePathDeserializer,
         this.addDeserializer(Parameter.class, new ParameterDeserializer());
 //        this.addDeserializer(RequestBody.class, new RequestBodyDeserializer());
 
-        // TODO #2312
-//        this.addDeserializer(SecurityDefinition.class, new SecurityDefinitionDeserializer());
+        this.addDeserializer(SecurityScheme.class, new SecuritySchemeDeserializer());
     }
 
     public DeserializationModule() {
diff --git a/modules/swagger-core/src/main/java/io/swagger/util/SecurityDefinitionDeserializer.java b/modules/swagger-core/src/main/java/io/swagger/util/SecurityDefinitionDeserializer.java
diff --git a/modules/swagger-core/src/main/java/io/swagger/util/SecuritySchemeDeserializer.java b/modules/swagger-core/src/main/java/io/swagger/util/SecuritySchemeDeserializer.java
@@ -0,0 +1,70 @@
+package io.swagger.util;
+
+import com.fasterxml.jackson.core.JsonParseException;
+import com.fasterxml.jackson.core.JsonParser;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.DeserializationContext;
+import com.fasterxml.jackson.databind.JsonDeserializer;
+import com.fasterxml.jackson.databind.JsonNode;
+import io.swagger.oas.models.security.OAuthFlows;
+import io.swagger.oas.models.security.SecurityScheme;
+
+import java.io.IOException;
+import java.util.Arrays;
+
+public class SecuritySchemeDeserializer extends JsonDeserializer<SecurityScheme> {
+    @Override
+    public SecurityScheme deserialize(JsonParser jp, DeserializationContext ctxt)
+            throws IOException, JsonProcessingException {
+        SecurityScheme result = null;
+
+
+        JsonNode node = jp.getCodec().readTree(jp);
+
+        JsonNode inNode = node.get("type");
+
+        if (inNode != null) {
+            String type = inNode.asText();
+            if (Arrays.stream(SecurityScheme.Type.values()).noneMatch(t -> t.toString().equals(type))){
+                // wrong type, throw exception
+                throw new JsonParseException(jp, String.format("SecurityScheme type %s not allowed", type));
+            }
+            result = new SecurityScheme()
+                    .description(getFieldText("description", node));
+
+            if ("http".equals(type)) {
+                result
+                    .type(SecurityScheme.Type.HTTP)
+                    .scheme(getFieldText("scheme", node))
+                    .bearerFormat(getFieldText("bearerFormat", node));
+            } else if ("apiKey".equals(type)) {
+                result
+                    .type(SecurityScheme.Type.APIKEY)
+                    .name(getFieldText("name", node))
+                    .in(getIn(getFieldText("in", node)));
+            } else if ("openIdConnect".equals(type)) {
+                result
+                    .type(SecurityScheme.Type.OPENIDCONNECT)
+                    .openIdConnectUrl(getFieldText("openIdConnectUrl", node));
+            } else if ("oauth2".equals(type)) {
+                result
+                    .type(SecurityScheme.Type.OAUTH2)
+                    .flows(Json.mapper().convertValue(node.get("flows"), OAuthFlows.class));
+            }
+        }
+
+        return result;
+    }
+
+    private SecurityScheme.In getIn(String value) {
+        return Arrays.stream(SecurityScheme.In.values()).filter(i -> i.toString().equals(value)).findFirst().orElse(null);
+    }
+
+    private String getFieldText(String fieldName, JsonNode node) {
+        JsonNode inNode = node.get(fieldName);
+        if (inNode != null) {
+            return inNode.asText();
+        }
+        return null;
+    }
+}
diff --git a/modules/swagger-core/src/test/java/io/swagger/deserialization/JsonDeserializationTest.java b/modules/swagger-core/src/test/java/io/swagger/deserialization/JsonDeserializationTest.java
@@ -1,6 +1,8 @@
 package io.swagger.deserialization;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import io.swagger.oas.models.security.SecurityRequirement;
+import io.swagger.oas.models.security.SecurityScheme;
 import io.swagger.util.TestUtils;
 import io.swagger.oas.models.OpenAPI;
 import io.swagger.oas.models.PathItem;
@@ -13,6 +15,7 @@
 import org.testng.annotations.Test;
 
 import java.io.IOException;
+import java.util.List;
 import java.util.Map;
 
 import static org.testng.Assert.assertEquals;
@@ -146,42 +149,74 @@ private void assertIsRefResponse(Object response, String expectedRef) {
         assertEquals(refResponse.get$ref(), expectedRef);
     }
 
-    // TODO #2312
-/*
     @Test
     public void testDeserializeSecurity() throws Exception {
-        final Swagger swagger = TestUtils.deserializeJsonFileFromClasspath("specFiles/securityDefinitions.json", Swagger.class);
+        final OpenAPI swagger = TestUtils.deserializeJsonFileFromClasspath("specFiles/securityDefinitions.json", OpenAPI.class);
 
         final List<SecurityRequirement> security = swagger.getSecurity();
-        final List<SecurityRequirement> securityRequirements = swagger.getSecurityRequirement();
         assertNotNull(security);
-        assertEquals(security, securityRequirements);
+        assertEquals(security.size(), 3);
 
-        assertEquals(security.size(), 2);
+        final Map<String, SecurityScheme> securitySchemes = swagger.getComponents().getSecuritySchemes();
+        assertNotNull(securitySchemes);
+        assertEquals(securitySchemes.size(), 4);
+
+        {
+            final SecurityScheme scheme = securitySchemes.get("petstore_auth");
+            assertNotNull(scheme);
+            assertEquals(scheme.getType().toString(), "oauth2");
+            assertEquals(scheme.getFlows().getImplicit().getAuthorizationUrl(), "http://petstore.swagger.io/oauth/dialog");
+            assertEquals(scheme.getFlows().getImplicit().getScopes().get("write:pets"), "modify pets in your account");
+            assertEquals(scheme.getFlows().getImplicit().getScopes().get("read:pets"), "read your pets");
+        }
+
+        {
+            final SecurityScheme scheme = securitySchemes.get("api_key");
+            assertNotNull(scheme);
+            assertEquals(scheme.getType().toString(), "apiKey");
+            assertEquals(scheme.getIn().toString(), "header");
+            assertEquals(scheme.getName(), "api_key");
+        }
+
+        {
+            final SecurityScheme scheme = securitySchemes.get("http");
+            assertNotNull(scheme);
+            assertEquals(scheme.getType().toString(), "http");
+            assertEquals(scheme.getScheme(), "basic");
+        }
+
+        {
+            final SecurityScheme scheme = securitySchemes.get("open_id_connect");
+            assertNotNull(scheme);
+            assertEquals(scheme.getType().toString(), "openIdConnect");
+            assertEquals(scheme.getOpenIdConnectUrl(), "http://petstore.swagger.io/openid");
+        }
 
         {
             final SecurityRequirement securityRequirement = security.get(0);
-            final Map<String, List<String>> requirements = securityRequirement.getRequirements();
-            final List<String> basic_auth = requirements.get("basic_auth");
-            assertNotNull(basic_auth);
-            assertTrue(basic_auth.isEmpty());
-
-            final List<String> api_key = requirements.get("api_key");
-            assertNotNull(api_key);
-            assertTrue(api_key.isEmpty());
+            final List<String> scopes = securityRequirement.get("petstore_auth");
+            assertNotNull(scopes);
+            assertEquals(scopes.size(), 2);
+            assertTrue(scopes.contains("write:pets"));
+            assertTrue(scopes.contains("read:pets"));
+
         }
 
         {
             final SecurityRequirement securityRequirement = security.get(1);
-            final Map<String, List<String>> requirements = securityRequirement.getRequirements();
-            final List<String> oauth2 = requirements.get("oauth2");
-            assertNotNull(oauth2);
-            assertFalse(oauth2.isEmpty());
+            final List<String> scopes = securityRequirement.get("api_key");
+            assertNotNull(scopes);
+            assertTrue(scopes.isEmpty());
+
+        }
+
+        {
+            final SecurityRequirement securityRequirement = security.get(2);
+            final List<String> scopes = securityRequirement.get("http");
+            assertNotNull(scopes);
+            assertTrue(scopes.isEmpty());
 
-            assertEquals(oauth2.get(0), "hello");
-            assertEquals(oauth2.get(1), "world");
         }
     }
-*/
 
 }
diff --git a/modules/swagger-core/src/test/java/io/swagger/resolving/BeanValidatorTest.java b/modules/swagger-core/src/test/java/io/swagger/resolving/BeanValidatorTest.java
@@ -21,6 +21,8 @@ public void readBeanValidatorTest() {
         final Schema model = schemas.get("BeanValidationsModel");
         final Map<String, Schema> properties = model.getProperties();
 
+        Assert.assertTrue(model.getRequired().contains("id"));
+
         final IntegerSchema age = (IntegerSchema) properties.get("age");
         Assert.assertEquals(age.getMinimum(), new BigDecimal(13.0));
         Assert.assertEquals(age.getMaximum(), new BigDecimal(99.0));
diff --git a/modules/swagger-core/src/test/java/io/swagger/serialization/JsonSerializationTest.java b/modules/swagger-core/src/test/java/io/swagger/serialization/JsonSerializationTest.java
@@ -51,26 +51,4 @@ public void testSerializeASpecWithResponseReferences() throws Exception {
         assertEquals(rebuilt.getPaths().get("/health").getGet().getResponses().get("200"), expectedResponse);
 
     }
-
-    // TODO #2312
-/*
-    @Test
-    public void testSerializeSecurityRequirement_UsingSpecCompliantMethods() throws Exception {
-        SecurityRequirement securityRequirement = new SecurityRequirement().requirement("oauth2", Arrays.asList("hello", "world"));
-
-        String json = Json.mapper().writeValueAsString(securityRequirement);
-        assertEquals(json, "{\"oauth2\":[\"hello\",\"world\"]}");
-
-        securityRequirement = new SecurityRequirement().requirement("api_key");
-
-        json = Json.mapper().writeValueAsString(securityRequirement);
-        assertEquals(json, "{\"api_key\":[]}");
-
-        Swagger swagger = new Swagger()
-                .security(new SecurityRequirement().requirement("api_key").requirement("basic_auth"))
-                .security(new SecurityRequirement().requirement("oauth2", Arrays.asList("hello", "world")));
-        json = Json.mapper().writeValueAsString(swagger);
-        assertEquals(json, "{\"swagger\":\"2.0\",\"security\":[{\"api_key\":[],\"basic_auth\":[]},{\"oauth2\":[\"hello\",\"world\"]}]}");
-    }
-*/
 }
diff --git a/modules/swagger-core/src/test/java/io/swagger/serialization/SecurityDefinitionTest.java b/modules/swagger-core/src/test/java/io/swagger/serialization/SecurityDefinitionTest.java
@@ -23,12 +23,20 @@
 import io.swagger.oas.models.security.SecurityScheme;
 import io.swagger.oas.models.servers.Server;
 import io.swagger.util.ResourceUtils;
+import io.swagger.util.TestUtils;
 import org.testng.annotations.Test;
 
 import java.io.IOException;
 
 public class SecurityDefinitionTest {
 
+    @Test(description = "it should serialize correctly security")
+    public void serializeSecurity() throws IOException {
+        final OpenAPI oas = TestUtils.deserializeJsonFileFromClasspath("specFiles/securityDefinitions.json", OpenAPI.class);
+        final String json = ResourceUtils.loadClassResource(getClass(), "specFiles/securityDefinitions.json");
+        SerializationMatchers.assertEqualsToJson(oas, json);
+    }
+
     @Test(description = "it should create a model with security requirements")
     public void createModelWithSecurityRequirements() throws IOException{
         final Schema personModel = ModelConverters.getInstance().read(Person.class).get("Person");
diff --git a/modules/swagger-core/src/test/resources/specFiles/securityDefinitions.json b/modules/swagger-core/src/test/resources/specFiles/securityDefinitions.json
@@ -1,9 +1,59 @@
 {
-  "swagger" : "2.0",
-  "security" : [ {
-    "basic_auth" : [ ],
-    "api_key" : [ ]
-  }, {
-    "oauth2" : [ "hello", "world" ]
-  } ]
-}
+  "openapi": "3.0.0",
+  "info": {
+    "version": "1.0.0",
+    "license": {
+      "name": "MIT"
+    },
+    "title": "Swagger Petstore"
+  },
+  "servers": [
+    {
+      "url": "http://petstore.swagger.io/v1"
+    }
+  ],
+  "paths": {},
+  "security": [
+    {
+      "petstore_auth": [
+        "write:pets",
+        "read:pets"
+      ]
+    },
+    {
+      "api_key": []
+    },
+    {
+      "http": []
+    }
+  ],
+  "components": {
+    "securitySchemes": {
+      "petstore_auth": {
+        "type": "oauth2",
+        "flows": {
+          "implicit": {
+            "authorizationUrl": "http://petstore.swagger.io/oauth/dialog",
+            "scopes": {
+              "write:pets": "modify pets in your account",
+              "read:pets": "read your pets"
+            }
+          }
+        }
+      },
+      "api_key": {
+        "type": "apiKey",
+        "name": "api_key",
+        "in": "header"
+      },
+      "http": {
+        "type": "http",
+        "scheme": "basic"
+      },
+      "open_id_connect": {
+        "type": "openIdConnect",
+        "openIdConnectUrl": "http://petstore.swagger.io/openid"
+      }
+    }
+  }
+}
diff --git a/modules/swagger-integration/src/main/resources/META-INF/MANIFEST.MF b/modules/swagger-integration/src/main/resources/META-INF/MANIFEST.MF
diff --git a/modules/swagger-jaxrs2/src/main/java/io/swagger/jaxrs2/SecurityParser.java b/modules/swagger-jaxrs2/src/main/java/io/swagger/jaxrs2/SecurityParser.java
diff --git a/modules/swagger-jaxrs2/src/test/java/io/swagger/jaxrs2/ReaderTest.java b/modules/swagger-jaxrs2/src/test/java/io/swagger/jaxrs2/ReaderTest.java

Original file line number	Diff line number	Diff line change
`@@ -549,7 +549,7 @@ else if(PrimitiveType.fromType(type) != null) {`
`549`	`549`	`}`
`550`	`550`	`}`
`551`	`551`	`JAXBAnnotationsHelper.apply(member, property);`
`552`		`- applyBeanValidatorAnnotations(property, annotations);`
	`552`	`+ applyBeanValidatorAnnotations(property, annotations, model);`
`553`	`553`	`}`
`554`	`554`	`}`
`555`	`555`
`@@ -845,21 +845,19 @@ private static Schema process(Schema id, String propertyName, JavaType type,`
`845`	`845`	`}`
`846`	`846`	`}`
`847`	`847`
`848`		`- protected void applyBeanValidatorAnnotations(Schema property, Annotation[] annotations) {`
	`848`	`+ protected void applyBeanValidatorAnnotations(Schema property, Annotation[] annotations, Schema parent) {`
`849`	`849`	`Map<String, Annotation> annos = new HashMap<String, Annotation>();`
`850`	`850`	`if (annotations != null) {`
`851`	`851`	`for (Annotation anno : annotations) {`
`852`	`852`	`annos.put(anno.annotationType().getName(), anno);`
`853`	`853`	`}`
`854`	`854`	`}`
`855`		`- // TODO #2312`
`856`	`855`	`if (annos.containsKey("javax.validation.constraints.NotNull")) {`
`857`		`-// property.setRequired(true);`
	`856`	`+ parent.addRequiredItem(property.getName());`
`858`	`857`	`}`
`859`	`858`	`if (annos.containsKey("javax.validation.constraints.Min")) {`
`860`	`859`	`if ("integer".equals(property.getType()) \|\| "number". equals(property.getType())) {`
`861`	`860`	`Min min = (Min) annos.get("javax.validation.constraints.Min");`
`862`		`-// AbstractNumericProperty ap = (AbstractNumericProperty) property;`
`863`	`861`	`property.setMinimum(new BigDecimal(min.value()));`
`864`	`862`	`}`
`865`	`863`	`}`