Search in sources :

Example 1 with OAuthFlow

use of io.swagger.v3.oas.models.security.OAuthFlow in project swagger-parser by swagger-api.

the class SwaggerConverter method convertOauth2SecurityScheme.

private SecurityScheme convertOauth2SecurityScheme(SecuritySchemeDefinition definition) {
    SecurityScheme securityScheme = new SecurityScheme();
    OAuth2Definition oAuth2Definition = (OAuth2Definition) definition;
    OAuthFlows oAuthFlows = new OAuthFlows();
    OAuthFlow oAuthFlow = new OAuthFlow();
    securityScheme.setType(SecurityScheme.Type.OAUTH2);
    String flow = oAuth2Definition.getFlow();
    if (flow != null) {
        switch(flow) {
            case "implicit":
                oAuthFlow.setAuthorizationUrl(oAuth2Definition.getAuthorizationUrl());
                oAuthFlows.setImplicit(oAuthFlow);
                break;
            case "password":
                oAuthFlow.setTokenUrl(oAuth2Definition.getTokenUrl());
                oAuthFlows.setPassword(oAuthFlow);
                break;
            case "application":
                oAuthFlow.setTokenUrl(oAuth2Definition.getTokenUrl());
                oAuthFlows.setClientCredentials(oAuthFlow);
                break;
            case "accessCode":
                oAuthFlow.setAuthorizationUrl(oAuth2Definition.getAuthorizationUrl());
                oAuthFlow.setTokenUrl(oAuth2Definition.getTokenUrl());
                oAuthFlows.setAuthorizationCode(oAuthFlow);
                break;
        }
    }
    Scopes scopes = new Scopes();
    Map<String, String> oAuth2Scopes = oAuth2Definition.getScopes();
    if (oAuth2Scopes != null) {
        oAuth2Scopes.forEach((k, v) -> scopes.addString(k, v));
    }
    oAuthFlow.setScopes(scopes);
    securityScheme.setFlows(oAuthFlows);
    return securityScheme;
}
Also used : OAuthFlows(io.swagger.v3.oas.models.security.OAuthFlows) OAuthFlow(io.swagger.v3.oas.models.security.OAuthFlow) Scopes(io.swagger.v3.oas.models.security.Scopes) OAuth2Definition(io.swagger.models.auth.OAuth2Definition) SecurityScheme(io.swagger.v3.oas.models.security.SecurityScheme)

Example 2 with OAuthFlow

use of io.swagger.v3.oas.models.security.OAuthFlow in project swagger-parser by swagger-api.

the class V2ConverterTest method testIssue28.

@Test(description = "OAuth 2 flows and URLs were lost ")
public void testIssue28() throws Exception {
    OpenAPI oas = getConvertedOpenAPIFromJsonFile(ISSUE_28_JSON);
    OAuthFlow oAuth2Implicit = oas.getComponents().getSecuritySchemes().get(SECURITY_SCHEMA_OAUTH2).getFlows().getImplicit();
    assertEquals(AUTHORIZATION_URL, oAuth2Implicit.getAuthorizationUrl());
    assertEquals(WRITE_PETS_VALUE, oAuth2Implicit.getScopes().get(SCOPE_WRITE_PETS));
    assertEquals(READ_PETS_VALUE, oAuth2Implicit.getScopes().get(SCOPE_READ_PETS));
}
Also used : OAuthFlow(io.swagger.v3.oas.models.security.OAuthFlow) OpenAPI(io.swagger.v3.oas.models.OpenAPI) Test(org.testng.annotations.Test)

Example 3 with OAuthFlow

use of io.swagger.v3.oas.models.security.OAuthFlow in project swagger-core by swagger-api.

the class SecurityDefinitionTest method createModelWithSecurityRequirements.

@Test(description = "it should create a model with security requirements")
public void createModelWithSecurityRequirements() throws IOException {
    final Schema personModel = ModelConverters.getInstance().read(Person.class).get("Person");
    final Schema errorModel = ModelConverters.getInstance().read(Error.class).get("Error");
    final Info info = new Info().version("1.0.0").title("Swagger Petstore");
    final Contact contact = new Contact().name("Swagger API Team").email("foo@bar.baz").url("http://swagger.io");
    info.setContact(contact);
    final OpenAPI oas = new OpenAPI().info(info).addServersItem(new Server().url("http://petstore.swagger.io")).schema("Person", personModel).schema("Error", errorModel);
    oas.schemaRequirement("githubAccessCode", new SecurityScheme().flows(new OAuthFlows().authorizationCode(new OAuthFlow().scopes(new Scopes().addString("user:email", "Grants read access to a user’s email addresses.")))));
    final Operation get = new Operation().summary("finds pets in the system").description("a longer description").addTagsItem("Pet Operations").operationId("get pet by id");
    get.addParametersItem(new Parameter().in("query").name("tags").description("tags to filter by").required(false).schema(new StringSchema()));
    get.addParametersItem(new Parameter().in("path").name("petId").description("pet to fetch").schema(new IntegerSchema().format("int64")));
    final ApiResponse response = new ApiResponse().description("pets returned").content(new Content().addMediaType("*/*", new MediaType().schema(new Schema().$ref("Person"))));
    final ApiResponse errorResponse = new ApiResponse().description("error response").content(new Content().addMediaType("*/*", new MediaType().schema(new Schema().$ref("Error"))));
    get.responses(new ApiResponses().addApiResponse("200", response).addApiResponse("default", errorResponse)).addSecurityItem(new SecurityRequirement().addList("internal_oauth2", "user:email")).addSecurityItem(new SecurityRequirement().addList("api_key"));
    oas.path("/pets", new PathItem().get(get));
    final String json = ResourceUtils.loadClassResource(getClass(), "ModelWithSecurityRequirements.json");
    SerializationMatchers.assertEqualsToJson(oas, json);
}
Also used : Server(io.swagger.v3.oas.models.servers.Server) OAuthFlows(io.swagger.v3.oas.models.security.OAuthFlows) Schema(io.swagger.v3.oas.models.media.Schema) IntegerSchema(io.swagger.v3.oas.models.media.IntegerSchema) StringSchema(io.swagger.v3.oas.models.media.StringSchema) IntegerSchema(io.swagger.v3.oas.models.media.IntegerSchema) Operation(io.swagger.v3.oas.models.Operation) Info(io.swagger.v3.oas.models.info.Info) ApiResponse(io.swagger.v3.oas.models.responses.ApiResponse) Contact(io.swagger.v3.oas.models.info.Contact) PathItem(io.swagger.v3.oas.models.PathItem) OAuthFlow(io.swagger.v3.oas.models.security.OAuthFlow) Scopes(io.swagger.v3.oas.models.security.Scopes) Content(io.swagger.v3.oas.models.media.Content) Parameter(io.swagger.v3.oas.models.parameters.Parameter) MediaType(io.swagger.v3.oas.models.media.MediaType) StringSchema(io.swagger.v3.oas.models.media.StringSchema) Person(io.swagger.v3.core.oas.models.Person) OpenAPI(io.swagger.v3.oas.models.OpenAPI) SecurityScheme(io.swagger.v3.oas.models.security.SecurityScheme) ApiResponses(io.swagger.v3.oas.models.responses.ApiResponses) SecurityRequirement(io.swagger.v3.oas.models.security.SecurityRequirement) Test(org.testng.annotations.Test)

Example 4 with OAuthFlow

use of io.swagger.v3.oas.models.security.OAuthFlow in project swagger-core by swagger-api.

the class SecurityParser method getOAuthFlow.

public static Optional<OAuthFlow> getOAuthFlow(io.swagger.v3.oas.annotations.security.OAuthFlow oAuthFlow) {
    if (isEmpty(oAuthFlow)) {
        return Optional.empty();
    }
    OAuthFlow oAuthFlowObject = new OAuthFlow();
    if (StringUtils.isNotBlank(oAuthFlow.authorizationUrl())) {
        oAuthFlowObject.setAuthorizationUrl(oAuthFlow.authorizationUrl());
    }
    if (StringUtils.isNotBlank(oAuthFlow.refreshUrl())) {
        oAuthFlowObject.setRefreshUrl(oAuthFlow.refreshUrl());
    }
    if (StringUtils.isNotBlank(oAuthFlow.tokenUrl())) {
        oAuthFlowObject.setTokenUrl(oAuthFlow.tokenUrl());
    }
    if (oAuthFlow.extensions().length > 0) {
        Map<String, Object> extensions = AnnotationsUtils.getExtensions(oAuthFlow.extensions());
        if (extensions != null) {
            extensions.forEach(oAuthFlowObject::addExtension);
        }
    }
    getScopes(oAuthFlow.scopes()).ifPresent(oAuthFlowObject::setScopes);
    return Optional.of(oAuthFlowObject);
}
Also used : OAuthFlow(io.swagger.v3.oas.models.security.OAuthFlow)

Example 5 with OAuthFlow

use of io.swagger.v3.oas.models.security.OAuthFlow in project carbon-apimgt by wso2.

the class OAS3Parser method updateSwaggerSecurityDefinition.

/**
 * Include Scope details to the definition
 *
 * @param openAPI     openapi definition
 * @param swaggerData Swagger related API data
 */
private void updateSwaggerSecurityDefinition(OpenAPI openAPI, SwaggerData swaggerData, String authUrl) {
    if (openAPI.getComponents() == null) {
        openAPI.setComponents(new Components());
    }
    Map<String, SecurityScheme> securitySchemes = openAPI.getComponents().getSecuritySchemes();
    if (securitySchemes == null) {
        securitySchemes = new HashMap<>();
        openAPI.getComponents().setSecuritySchemes(securitySchemes);
    }
    SecurityScheme securityScheme = securitySchemes.get(OPENAPI_SECURITY_SCHEMA_KEY);
    if (securityScheme == null) {
        securityScheme = new SecurityScheme();
        securityScheme.setType(SecurityScheme.Type.OAUTH2);
        securitySchemes.put(OPENAPI_SECURITY_SCHEMA_KEY, securityScheme);
        List<SecurityRequirement> security = new ArrayList<SecurityRequirement>();
        SecurityRequirement secReq = new SecurityRequirement();
        secReq.addList(OPENAPI_SECURITY_SCHEMA_KEY, new ArrayList<String>());
        security.add(secReq);
        openAPI.setSecurity(security);
    }
    if (securityScheme.getFlows() == null) {
        securityScheme.setFlows(new OAuthFlows());
    }
    OAuthFlow oAuthFlow = securityScheme.getFlows().getImplicit();
    if (oAuthFlow == null) {
        oAuthFlow = new OAuthFlow();
        securityScheme.getFlows().setImplicit(oAuthFlow);
    }
    oAuthFlow.setAuthorizationUrl(authUrl);
    Scopes oas3Scopes = new Scopes();
    Set<Scope> scopes = swaggerData.getScopes();
    if (scopes != null && !scopes.isEmpty()) {
        Map<String, String> scopeBindings = new HashMap<>();
        for (Scope scope : scopes) {
            String description = scope.getDescription() != null ? scope.getDescription() : "";
            oas3Scopes.put(scope.getKey(), description);
            String roles = (StringUtils.isNotBlank(scope.getRoles()) && scope.getRoles().trim().split(",").length > 0) ? scope.getRoles() : StringUtils.EMPTY;
            scopeBindings.put(scope.getKey(), roles);
        }
        oAuthFlow.addExtension(APIConstants.SWAGGER_X_SCOPES_BINDINGS, scopeBindings);
    }
    oAuthFlow.setScopes(oas3Scopes);
}
Also used : OAuthFlows(io.swagger.v3.oas.models.security.OAuthFlows) HashMap(java.util.HashMap) LinkedHashMap(java.util.LinkedHashMap) ArrayList(java.util.ArrayList) Components(io.swagger.v3.oas.models.Components) Scope(org.wso2.carbon.apimgt.api.model.Scope) OAuthFlow(io.swagger.v3.oas.models.security.OAuthFlow) Scopes(io.swagger.v3.oas.models.security.Scopes) SecurityScheme(io.swagger.v3.oas.models.security.SecurityScheme) SecurityRequirement(io.swagger.v3.oas.models.security.SecurityRequirement)

Aggregations

OAuthFlow (io.swagger.v3.oas.models.security.OAuthFlow)15 Scopes (io.swagger.v3.oas.models.security.Scopes)13 SecurityScheme (io.swagger.v3.oas.models.security.SecurityScheme)12 OAuthFlows (io.swagger.v3.oas.models.security.OAuthFlows)10 OpenAPI (io.swagger.v3.oas.models.OpenAPI)8 HashMap (java.util.HashMap)7 LinkedHashMap (java.util.LinkedHashMap)7 Components (io.swagger.v3.oas.models.Components)6 Map (java.util.Map)6 SecurityRequirement (io.swagger.v3.oas.models.security.SecurityRequirement)4 ArrayList (java.util.ArrayList)4 Scope (org.wso2.carbon.apimgt.api.model.Scope)4 Operation (io.swagger.v3.oas.models.Operation)3 PathItem (io.swagger.v3.oas.models.PathItem)3 Info (io.swagger.v3.oas.models.info.Info)3 Server (io.swagger.v3.oas.models.servers.Server)3 JsonNode (com.fasterxml.jackson.databind.JsonNode)2 Contact (io.swagger.v3.oas.models.info.Contact)2 HashSet (java.util.HashSet)2 JSONObject (org.json.simple.JSONObject)2