Closed warnersean closed 7 years ago
Fixes #96
Thanks for finding this! I really appreciate it. ...Is there any chance I could convince you to write a test for it? :)
@theganyo I looked in to testing for this and am a little concerned about where to make the correction.
Currently testing for similar concerns is handled in test/lib/common.js If this test is added to this location it will require that all routes tested have global security keys, except for those that are intended to fail.
My current approach was to put it in test/index.js, where it doesn't really match the concern but where creating/using new swagger specs make more sense.
Currently the test is as follows: ` it('should allow paths using global security', function(done) { var config = _.clone(DEFAULT_PROJECT_CONFIG); config.startWithWarnings = true; config.swagger = SWAGGER_WITH_GLOBAL_SECURITY; SwaggerRunner.create(config, function(err, runner) {
var app = require('connect')();
runner.connectMiddleware().register(app);
var request = require('supertest');
request(app)
.get('/hello_secured?name=Scott')
.set('Accept', 'application/json')
.expect(200)
.expect('Content-Type', /json/)
.end(function(err, res) {
should.not.exist(err);
// should.exist(err)
res.body.should.eql('Hello, Scott!');
done();
});
});
});`
With a valid, but truncated swagger json in the same file. Do you have any preferences regarding this before I update the PR?
I agree... Don't change the existing tests. You may create a new file for this test or integrate it into an existing file as you feel appropriate.
Test added
Thank you!
Any ETA for a new version that includes this fix?
Sorry, but it will have to be a couple weeks as I'm going on vacation tomorrow and I don't want to release just before vacation.
Previous implementation would only check the security definition on the route. This change also checks the global api security definitions.