search

thephpleague / openapi-psr7-validator

It validates PSR-7 messages (HTTP request/response) against OpenAPI specifications
MIT License
529 stars 94 forks source link

How to validate securityScheme #193

Open gohelkiran opened 1 year ago

gohelkiran commented 1 year ago

Get this error when securityScheme set with header

Osteel\OpenApi\Testing\Exceptions\ValidationException: None of security schemas did match for Request [get /operation/{operationUuid}]

Defined security scheme as Bearer header 

securitySchemes:
    X-Session:
      scheme: bearer
      bearerFormat: ''
      type: http
      description: Bearer Session Token
      x-last-modified: 1668326446280

and when validating request with below code $validator->validate($request, '/permissions/{permissionUuid}', 'GET');

It gives this error

Osteel\OpenApi\Testing\Exceptions\ValidationException: None of security schemas did match for Request [get /operation/{operationUuid}]

/web/vendor/osteel/openapi-httpfoundation-testing/src/Exceptions/ValidationException.php:32
/web/vendor/osteel/openapi-httpfoundation-testing/src/Validator.php:70
/web/tests/TestCase/Action/Operation/OperationTest.php:83

Caused by
League\OpenAPIValidation\PSR7\Exception\Validation\InvalidSecurity: None of security schemas did match for Request [get /operation/{operationUuid}]

/web/vendor/league/openapi-psr7-validator/src/PSR7/Exception/Validation/AddressValidationFailed.php:39
/web/vendor/league/openapi-psr7-validator/src/PSR7/Exception/Validation/InvalidSecurity.php:24
/web/vendor/league/openapi-psr7-validator/src/PSR7/Validators/SecurityValidator.php:80
/web/vendor/league/openapi-psr7-validator/src/PSR7/Validators/SecurityValidator.php:53
/web/vendor/league/openapi-psr7-validator/src/PSR7/Validators/ValidatorChain.php:25
/web/vendor/league/openapi-psr7-validator/src/PSR7/RoutedServerRequestValidator.php:49
/web/vendor/osteel/openapi-httpfoundation-testing/src/Validator.php:68
/web/tests/TestCase/Permission/OperationTest.php:83

Is there support to add headers to validator request? If yes than how to add headers and if there is no support than how to validate request with security scheme.

Your environment

php 8.0 openapi 3.0

trip-somers commented 1 year ago

I just ran into this problem because we are using this package as middleware and couldn't figure out why a missing Authorization header was causing a 422 in our app instead of a 401.

Your request is most likely missing either the Authorization header or the 'Bearer' portion of its value.