fix(oauth2): only display scopes relevant for current endpoint (#8229)

* 'available authorization' popup: only show oauth2 scopes relevant for current endpoint (issue #8219) * unit tests for oauth2 scope filter Co-authored-by: Kai Morich <kai.morich@sap.com> Co-authored-by: Tim Lai <timothy.lai@smartbear.com>
2022-10-24 22:37:49 +02:00
parent 95463759c6
commit 94575666c3
2 changed files with 117 additions and 2 deletions
--- a/src/core/plugins/auth/selectors.js
+++ b/src/core/plugins/auth/selectors.js
@@ -61,9 +61,28 @@ export const getDefinitionsByNames = ( state, securities ) => ( { specSelectors

 export const definitionsForRequirements = (state, securities = List()) => ({ authSelectors }) => {
  const allDefinitions = authSelectors.definitionsToAuthorize() || List()
-  return allDefinitions.filter((def) => {
-    return securities.some(sec => sec.get(def.keySeq().first()))
+  let result = List()
+  allDefinitions.forEach( (definition) => {
+    let security = securities.find(sec => sec.get(definition.keySeq().first()))
+    if ( security ) {
+      definition.forEach( (props, name) => {
+        if ( props.get("type") === "oauth2" ) {
+          const securityScopes = security.get(name)
+          let definitionScopes = props.get("scopes")
+          if( List.isList(securityScopes) && Map.isMap(definitionScopes) ) {
+            definitionScopes.keySeq().forEach( (key) => {
+              if ( !securityScopes.contains(key) ) {
+                definitionScopes = definitionScopes.delete(key)
+              }
+            })
+            definition = definition.set(name, props.set("scopes", definitionScopes))
+          }
+        }
+      })
+      result = result.push(definition)
+    }
  })
+  return result
 }

 export const authorized = createSelector(