wine_bouncer icon indicating copy to clipboard operation
wine_bouncer copied to clipboard

Published 20 hours ago verified publisher icon antek-drzewiecki

Security definition missing in Swagger JSON.

Open nlsrchtr opened this issue 7 years ago • 1 comments

Thanks for providing this gem, it helped me a lot and I have something up and running.

During the process of setting everything up (Grape, WineBouncer, Swagger and SwaggerUI) I ran into the issue, that in the generated Swagger definition the "security" declaration for my secured methods are missing:

module API
  module V1
    class Me < API::V1::Base
      resource :me do
        desc "Return information of authenticated user"
        oauth2
        get do
          present UserRepresenter.prepare(resource_owner)
        end
      end
    end
  end
end

Is generating the following JSON:

"/api/v1/me": {
  "get": {
    "summary": "Return information of authenticated user",
    "description": "Return information of authenticated user",
    "produces": [
      "application/vnd.api+json"
    ],
    "responses": {
      "200": {
        "description": "Return information of authenticated user"
      }
    },
    "tags": [
      "me"
    ],
    "operationId": "getApiV1Me"
  }
},

When I add desc "Return information of authenticated user", security: [{ "oauth2": []}] to the definition of the description of the method, everything works fine, but I expected WineBounce would take care of that automatically, so I wouldn't need to declare it twice.

As Oauth2 definiton I have the following setup:

"securityDefinitions": {
  "oauth2": {
    "type": "oauth2",
    "description": "The API is secured by OAuth 2.0",
    "tokenUrl": "...",
    "authorizationUrl": "...",
    "flow": "password",
    "scope": []
  }
},

And I'm using the Swagger strategy:

WineBouncer.configure do |config|
  config.auth_strategy = :swagger
  config.define_resource_owner do
    User.find(doorkeeper_access_token.resource_owner_id) if doorkeeper_access_token
  end
end

I'm currently unsure if this is a bug like discussed in https://github.com/antek-drzewiecki/wine_bouncer/issues/32 or https://github.com/antek-drzewiecki/wine_bouncer/issues/51 or an error in my setup?

Would be great to get some feedback, because I tried a lot, but didn't found a proper setup.

Thanks for your time and support!

nlsrchtr avatar Feb 20 '18 15:02 nlsrchtr

Hi @nlsrchtr,

Thanks for the issue. At the time of writing WineBouncer tried to be API 1,x compliant. No securityDefinitions existed at that point. It shouldn't be hard to that it would generate securityDefinitions or both authorizations.

The only issue is when multiple authorization strategies are defined such as oauth and basic http authentication. Feel free to see if you can make it spec 2 and 3 completable :). I might have a moment later on this/next week if you don't succeed!

antek-drzewiecki avatar Feb 20 '18 16:02 antek-drzewiecki