search

swagger-api / swagger-play

Apache License 2.0
330 stars 181 forks source link

@ApiModelProperty(hidden = true) doesn't work #189

Open aturner-tvpage opened 5 years ago

aturner-tvpage commented 5 years ago

When generating this model, the hidden parameter doesn't appear to be respected:

case class User(id: Long, firstName: String, lastName: String, email: String,
               // TODO this doesn't appear to be working for some reason
                @ApiModelProperty(hidden = true) password: String,
                lastLoginTimestamp: Option[Timestamp], createdTimestamp: Timestamp, modifiedTimestamp: Timestamp)```

Results in an API spec for User:

"User" : {
  "type" : "object",
  "required" : [ "createdTimestamp", "data", "email", "firstName", "id", "lastName", "modifiedTimestamp" ],
  "properties" : {
    "id" : {
      "type" : "integer",
      "format" : "int64"
    },
    "firstName" : {
      "type" : "string"
    },
    "lastName" : {
      "type" : "string"
    },
    "email" : {
      "type" : "string"
    },
    "password" : {
      "type" : "string"
    },
    "lastLoginTimestamp" : {
      "type" : "string",
      "format": "date-time"
    },
    "createdTimestamp" : {
      "type" : "string",
      "format" : "date-time"
    },
    "modifiedTimestamp" : {
      "type" : "string",
      "format" : "date-time"
    }
  }


I would expect the password attribute to be hidden.
jongunter commented 5 years ago

I'm experiencing this, too.

Got around it by creating a filter. Extend AbstractSpecFilter and override isParamAllowed so it filters out parameters named password. Not ideal, but it works.

dsnkostic commented 5 years ago

Not sure if these are connected (in implementation sense), but the similar issue is with the query parameters hidden flag (@ApiParam) (https://github.com/swagger-api/swagger-play/issues/206). I haven't looked at the code, but my assumption (based on query parameters behavior) is that hidden is actually respected, but some other logic might be regenerating that property again.

gaeljw commented 4 years ago

I just discovered that this is a known "issue" documented here: https://github.com/swagger-api/swagger-scala-module#how-to-hide-model-properties

You should be able to use something like this:

import io.swagger.annotations.{ApiModel, ApiModelProperty}
import scala.annotation.meta.{field,getter}

@ApiModel
case class Foo(
  @ApiModelProperty(value = "This will not be hidden!", hidden = true)
  stillVisible: Int,

  @(ApiModelProperty @field @getter)(value = "A hidden property", hidden = true)
  actuallyHidden: String
)

It's a bit ugly but it's related to the underlying Java reflection stuff