Merge branch 'release/1.1.18'

CHANGELOG.md

@@ -1,4 +1,7 @@
 # OpenAPI-Postman Changelog
+#### v1.1.18 (June 1, 2020)
+* Fix for [#86](https://github.com/postmanlabs/openapi-to-postman/issues/86) - Now global security schemes will be added at the collection level.
+
 #### v1.1.17 (May 15, 2020)
 * Fix for [#3](https://github.com/postmanlabs/openapi-to-postman/issues/3) [#57](https://github.com/postmanlabs/openapi-to-postman/issues/57) - Introduced a new option `folderStrategy`, can choose between `Tags` or `Path` while creating folders in Postman Collection.
 * Fixed an issue where undefined was returned as error message while trying to import invalid format.

lib/schemaUtils.js

@@ -501,8 +501,6 @@ module.exports = {
           // params - these contain path/header/body params
           operationItem.parameters = this.getRequestParams(operationItem.parameters, commonParams,
             componentsAndPaths, options);
-          // auth info - local security object takes precedence over the parent object
-          operationItem.security = operationItem.security || spec.security;
           summary = operationItem.summary || operationItem.description;
           currentNode.addMethod({
             name: summary,
@@ -667,8 +665,6 @@ module.exports = {
         operationItem.parameters = this.getRequestParams(operationItem.parameters, commonParams,
           components, options);
 
-        // auth info - local security object takes precedence over the parent object
-        operationItem.security = operationItem.security || spec.security;
         summary = operationItem.summary || operationItem.description;
 
         // add the request which has not any tags
@@ -896,12 +892,11 @@ module.exports = {
     var securityDef,
       helper;
 
-    // return noAuth if security set is not defined
+    // return false if security set is not defined
     // or is an empty array
+    // this will set the request's auth to default which is 'inherit from parent'
     if (!securitySet || (Array.isArray(securitySet) && securitySet.length === 0)) {
-      return {
-        type: 'noauth'
-      };
+      return {};
     }
 
     securitySet.forEach((security) => {

lib/schemapack.js

@@ -216,6 +216,7 @@ class SchemaPack {
       generatedStore = {},
       collectionJSON,
       componentsAndPaths,
+      authHelper,
       schemaCache = {
         schemaResolutionCache: this.schemaResolutionCache,
         schemaFakerCache: this.schemaFakerCache
@@ -251,7 +252,21 @@ class SchemaPack {
       }
     });
 
-
+    if (openapi.security) {
+      authHelper = schemaUtils.getAuthHelper(openapi, openapi.security);
+      if (authHelper) {
+        if (authHelper.type === 'api-key') {
+          // if authHelper has type apikey and has properties in header or query
+          // we override authHelper to 'noauth'
+          if (authHelper.properties.in === 'header' || authHelper.properties.in === 'query') {
+            authHelper = {
+              type: 'noauth'
+            };
+          }
+        }
+        generatedStore.collection.auth = authHelper;
+      }
+    }
     // ---- Collection Variables ----
     // adding the collection variables for all the necessary root level variables
     // and adding them to the collection variables

package.json

@@ -1,6 +1,6 @@
 {
   "name": "openapi-to-postmanv2",
-  "version": "1.1.17",
+  "version": "1.1.18",
   "description": "Convert a given OpenAPI specification to Postman Collection v2.0",
   "homepage": "https://github.com/postmanlabs/openapi-to-postman",
   "bugs": "https://github.com/postmanlabs/openapi-to-postman/issues",

test/data/valid_openapi/empty-security-test-case.yaml

@@ -0,0 +1,43 @@
+openapi: 3.0.0
+info:
+  title: "Reproduce Authorization issue"
+  version: 0.0.1
+security:
+  - MyAuth: []
+paths:
+  /health:
+    get:
+      summary: "health"
+      description: "Health check - always returns OK"
+      operationId: "get_healthz"
+      responses:
+        '200':
+          description: "OK"
+          content:
+            text/plain:
+              schema:
+                type: "string"
+                default: "OK"
+  /status:
+    get:
+      summary: "status"
+      description: "Returns the service version"
+      operationId: "get_status"
+      responses:
+        '200':
+          description: "Service info multi-line string"
+          content:
+            text/plain:
+              schema:
+                type: "string"
+components:
+  securitySchemes:
+    BearerAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: token
+    MyAuth:
+      type: apiKey
+      description: "This is my auth"
+      name: Mera-Auth
+      in: header

test/data/valid_openapi/security-test-cases.yaml

@@ -0,0 +1,44 @@
+openapi: 3.0.0
+info:
+  title: "Reproduce Authorization issue"
+  version: 0.0.1
+security:
+  - MyAuth: []
+  - BearerAuth: []
+paths:
+  /health:
+    get:
+      summary: "health"
+      description: "Health check - always returns OK"
+      operationId: "get_healthz"
+      responses:
+        '200':
+          description: "OK"
+          content:
+            text/plain:
+              schema:
+                type: "string"
+                default: "OK"
+  /status:
+    get:
+      summary: "status"
+      description: "Returns the service version"
+      operationId: "get_status"
+      responses:
+        '200':
+          description: "Service info multi-line string"
+          content:
+            text/plain:
+              schema:
+                type: "string"
+components:
+  securitySchemes:
+    BearerAuth:
+      type: http
+      scheme: bearer
+      bearerFormat: token
+    MyAuth:
+      type: apiKey
+      description: "This is my auth"
+      name: Mera-Auth
+      in: header

test/unit/base.test.js

@@ -37,7 +37,44 @@ describe('CONVERT FUNCTION TESTS ', function() {
       issue152 = path.join(__dirname, VALID_OPENAPI_PATH, '/path-refs-error.yaml'),
       issue193 = path.join(__dirname, VALID_OPENAPI_PATH, '/issue#193.yml'),
       tooManyRefs = path.join(__dirname, VALID_OPENAPI_PATH, '/too-many-refs.json'),
-      tagsFolderSpec = path.join(__dirname, VALID_OPENAPI_PATH + '/petstore-detailed.yaml');
+      tagsFolderSpec = path.join(__dirname, VALID_OPENAPI_PATH + '/petstore-detailed.yaml'),
+      securityTestCases = path.join(__dirname, VALID_OPENAPI_PATH + '/security-test-cases.yaml'),
+      emptySecurityTestCase = path.join(__dirname, VALID_OPENAPI_PATH + '/empty-security-test-case.yaml');
+
+
+    it('Should add collection level auth with type as `bearer`' +
+    securityTestCases, function(done) {
+      var openapi = fs.readFileSync(securityTestCases, 'utf8');
+      Converter.convert({ type: 'string', data: openapi }, {}, (err, conversionResult) => {
+
+        expect(err).to.be.null;
+        expect(conversionResult.result).to.equal(true);
+        expect(conversionResult.output.length).to.equal(1);
+        expect(conversionResult.output[0].type).to.equal('collection');
+        expect(conversionResult.output[0].data).to.have.property('info');
+        expect(conversionResult.output[0].data).to.have.property('item');
+        expect(conversionResult.output[0].data.auth).to.have.property('type');
+        expect(conversionResult.output[0].data.auth.type).to.equal('bearer');
+        done();
+      });
+    });
+
+    it('Should have noauth at the collection level if auth type is api-key and properties in header' +
+    emptySecurityTestCase, function(done) {
+      var openapi = fs.readFileSync(emptySecurityTestCase, 'utf8');
+      Converter.convert({ type: 'string', data: openapi }, {}, (err, conversionResult) => {
+
+        expect(err).to.be.null;
+        expect(conversionResult.result).to.equal(true);
+        expect(conversionResult.output.length).to.equal(1);
+        expect(conversionResult.output[0].type).to.equal('collection');
+        expect(conversionResult.output[0].data).to.have.property('info');
+        expect(conversionResult.output[0].data).to.have.property('item');
+        expect(conversionResult.output[0].data.auth).to.have.property('type');
+        expect(conversionResult.output[0].data.auth.type).to.equal('noauth');
+        done();
+      });
+    });
 
     it('Should generate collection conforming to schema for and fail if not valid ' +
     tooManyRefs, function(done) {