diff --git a/src/Validators/SwaggerSpecValidator.php b/src/Validators/SwaggerSpecValidator.php index 86df624e..968a4193 100644 --- a/src/Validators/SwaggerSpecValidator.php +++ b/src/Validators/SwaggerSpecValidator.php @@ -155,9 +155,9 @@ protected function validateSecurityDefinitions(): void $this->validateFieldsPresent(self::REQUIRED_FIELDS['security_definition'], $parentId); - $this->validateFieldValue("{$parentId}.'type", self::ALLOWED_VALUES['security_definition_type']); - $this->validateFieldValue("{$parentId}.'in", self::ALLOWED_VALUES['security_definition_in']); - $this->validateFieldValue("{$parentId}.'flow", self::ALLOWED_VALUES['security_definition_flow']); + $this->validateFieldValue("{$parentId}.type", self::ALLOWED_VALUES['security_definition_type']); + $this->validateFieldValue("{$parentId}.in", self::ALLOWED_VALUES['security_definition_in']); + $this->validateFieldValue("{$parentId}.flow", self::ALLOWED_VALUES['security_definition_flow']); } } diff --git a/tests/SwaggerServiceTest.php b/tests/SwaggerServiceTest.php index 24698167..0f8cddf2 100755 --- a/tests/SwaggerServiceTest.php +++ b/tests/SwaggerServiceTest.php @@ -271,6 +271,21 @@ public function getConstructorInvalidTmpData(): array 'exceptionMessage' => "Validation failed. Path parameters cannot be optional. " . "Set required=true for the 'username' parameters at operation 'paths./users.get'." ], + [ + 'tmpDoc' => 'documentation/invalid_format__security_definition__type', + 'exception' => InvalidSwaggerSpecException::class, + 'exceptionMessage' => "Validation failed. Field 'securityDefinitions.0.type' has an invalid value: invalid. Allowed values: basic, apiKey, oauth2." + ], + [ + 'tmpDoc' => 'documentation/invalid_format__security_definition__flow', + 'exception' => InvalidSwaggerSpecException::class, + 'exceptionMessage' => "Validation failed. Field 'securityDefinitions.0.flow' has an invalid value: invalid. Allowed values: implicit, password, application, accessCode." + ], + [ + 'tmpDoc' => 'documentation/invalid_format__security_definition__in', + 'exception' => InvalidSwaggerSpecException::class, + 'exceptionMessage' => "Validation failed. Field 'securityDefinitions.0.in' has an invalid value: invalid. Allowed values: query, header." + ], ]; } diff --git a/tests/fixtures/SwaggerServiceTest/documentation/invalid_format__security_definition__flow.json b/tests/fixtures/SwaggerServiceTest/documentation/invalid_format__security_definition__flow.json new file mode 100644 index 00000000..dd8a1642 --- /dev/null +++ b/tests/fixtures/SwaggerServiceTest/documentation/invalid_format__security_definition__flow.json @@ -0,0 +1,88 @@ +{ + "swagger": "2.0", + "host": "localhost", + "basePath": "\/", + "schemes": [], + "paths": { + "\/api\/users": + { + "post": + { + "tags": ["api"], + "consumes": ["application\/x-www-form-urlencoded"], + "produces": ["application\/json"], + "parameters": [ + { + "in": "body", + "name": "body", + "description": "", + "required": true, + "schema": { + "$ref": "#/definitions/apiusersObject" + } + } + ], + "responses": + { + "403": + { + "description": "Forbidden", + "schema": + { + "example": + { + "message": "This action is unauthorized." + } + } + } + }, + "security": [], + "description": "", + "summary": "test" + } + } + }, + "definitions": { + "apiusersObject": { + "type": "object", + "properties": { + "query": { + "type": "string", + "description": "" + }, + "user_id": { + "type": "integer", + "description": "with_to_array_rule_string_name" + }, + "is_email_enabled": { + "type": "string", + "description": "test_rule_without_to_string" + } + }, + "required": { + "0": "query" + }, + "example": { + "first_name": "andrey", + "last_name": "voronin" + } + } + }, + "info": { + "description": "This is automatically collected documentation", + "version": "0.0.0", + "title": "Name of Your Application", + "termsOfService": "", + "contact": + { + "email": "your@email.com" + } + }, + "securityDefinitions": [ + { + "type": "basic", + "in": "query", + "flow": "invalid" + } + ] +} diff --git a/tests/fixtures/SwaggerServiceTest/documentation/invalid_format__security_definition__in.json b/tests/fixtures/SwaggerServiceTest/documentation/invalid_format__security_definition__in.json new file mode 100644 index 00000000..e3ba0950 --- /dev/null +++ b/tests/fixtures/SwaggerServiceTest/documentation/invalid_format__security_definition__in.json @@ -0,0 +1,88 @@ +{ + "swagger": "2.0", + "host": "localhost", + "basePath": "\/", + "schemes": [], + "paths": { + "\/api\/users": + { + "post": + { + "tags": ["api"], + "consumes": ["application\/x-www-form-urlencoded"], + "produces": ["application\/json"], + "parameters": [ + { + "in": "body", + "name": "body", + "description": "", + "required": true, + "schema": { + "$ref": "#/definitions/apiusersObject" + } + } + ], + "responses": + { + "403": + { + "description": "Forbidden", + "schema": + { + "example": + { + "message": "This action is unauthorized." + } + } + } + }, + "security": [], + "description": "", + "summary": "test" + } + } + }, + "definitions": { + "apiusersObject": { + "type": "object", + "properties": { + "query": { + "type": "string", + "description": "" + }, + "user_id": { + "type": "integer", + "description": "with_to_array_rule_string_name" + }, + "is_email_enabled": { + "type": "string", + "description": "test_rule_without_to_string" + } + }, + "required": { + "0": "query" + }, + "example": { + "first_name": "andrey", + "last_name": "voronin" + } + } + }, + "info": { + "description": "This is automatically collected documentation", + "version": "0.0.0", + "title": "Name of Your Application", + "termsOfService": "", + "contact": + { + "email": "your@email.com" + } + }, + "securityDefinitions": [ + { + "type": "basic", + "in": "invalid", + "flow": "password" + } + ] +} diff --git a/tests/fixtures/SwaggerServiceTest/documentation/invalid_format__security_definition__type.json b/tests/fixtures/SwaggerServiceTest/documentation/invalid_format__security_definition__type.json new file mode 100644 index 00000000..ee6f9676 --- /dev/null +++ b/tests/fixtures/SwaggerServiceTest/documentation/invalid_format__security_definition__type.json @@ -0,0 +1,88 @@ +{ + "swagger": "2.0", + "host": "localhost", + "basePath": "\/", + "schemes": [], + "paths": { + "\/api\/users": + { + "post": + { + "tags": ["api"], + "consumes": ["application\/x-www-form-urlencoded"], + "produces": ["application\/json"], + "parameters": [ + { + "in": "body", + "name": "body", + "description": "", + "required": true, + "schema": { + "$ref": "#/definitions/apiusersObject" + } + } + ], + "responses": + { + "403": + { + "description": "Forbidden", + "schema": + { + "example": + { + "message": "This action is unauthorized." + } + } + } + }, + "security": [], + "description": "", + "summary": "test" + } + } + }, + "definitions": { + "apiusersObject": { + "type": "object", + "properties": { + "query": { + "type": "string", + "description": "" + }, + "user_id": { + "type": "integer", + "description": "with_to_array_rule_string_name" + }, + "is_email_enabled": { + "type": "string", + "description": "test_rule_without_to_string" + } + }, + "required": { + "0": "query" + }, + "example": { + "first_name": "andrey", + "last_name": "voronin" + } + } + }, + "info": { + "description": "This is automatically collected documentation", + "version": "0.0.0", + "title": "Name of Your Application", + "termsOfService": "", + "contact": + { + "email": "your@email.com" + } + }, + "securityDefinitions": [ + { + "type": "invalid", + "in": "query", + "flow": "password" + } + ] +}