Validate the api key 'in' attribute is cookie header or query.

swagger-api / swagger-parser

Swagger Spec to Java POJOs

http://swagger.io

Apache License 2.0

773 stars 526 forks source link

Validate the api key 'in' attribute is cookie header or query. #2058

Closed stefan521 closed 3 months ago

stefan521 commented 4 months ago

This is a valid API key definition.

components:
  securitySchemes:
    ApiKeyAuth:        # arbitrary name for the security scheme
      type: apiKey
      in: header       # can be "header", "query" or "cookie"
      name: X-API-KEY  # name of the header, query parameter or cookie

There already is validation that checks the in attribute is present. The purpose of this PR is to validate that the attribute value is one of "header", "query", or "cookie".

Swagger docs for reference.

stefan521 commented 3 months ago

Hey @gracekarina, thank you for looking at my PR! 🙂

I updated the two existing tests that were failing.

 securitySchemes:
    api_key:
      type: apiKey
      namex: api_key
      in: not

Now we get 20 messages instead of 19 because the validation I am adding complains that api_key.in is invalid.

frantuma commented 3 months ago

Thanks!