cebe / php-openapi

Read and write OpenAPI yaml/json files and make the content accessible in PHP objects.
MIT License
472 stars 91 forks source link

No "security" same as empty "security" #33

Closed jdomenechb closed 5 years ago

jdomenechb commented 5 years ago

I have an example of contract that has the following structure (summerized to highlight the relevant):

# [...]
paths:
  /path/one:
    post:
      # [...]
      security: []

  /path/two:
    post:
      # [...]
      # No security entry defined there

components:
  securitySchemes:
    Bearer:
      type: http
      scheme: bearer
      bearerFormat: JWT

security:
  - Bearer: []

Theoreticaly, I expect:

However, the problem is that what I actually get in both paths, is __isset() = true and __get() = empty array. As I get the same result in both, there is no way to determine that /path/one does not have at all security (and therefore, could be called directly), and that /path/two has default security.

cebe commented 5 years ago

Fixed, thanks for reporting!