kyy/swagger-ui
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feature: add withCredentials configuration key (via #5149)

Browse Source 
* Add the withCredentials configuration key

It enables passing credentials in CORS requests. e.g. Cookies and
Authorization headers.

* Improve withCredentials documentation

* Add unit tests for the withCredentials config

* Update configuration.md

* Update configuration.md

* only set `withCredentials` Fetch flag if the config value is truthy

there are some workarounds in the wild today that involve setting `withCredentials` on `system.fn.fetch` directly. 

this approach avoids mangling those existing workarounds!

* add more test cases

* Update configs-wrap-actions.js

* Update index.js
This commit is contained in:
Segev Finer
2019-03-20 21:36:08 +02:00
committed by kyle
parent 38def57c2d
commit be72c292ca
6 changed files with 118 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
docker/configurator/variables.js
View File

@@ -86,6 +86,10 @@ const standardVariables = {
VALIDATOR_URL: {
type: "string",
name: "validatorUrl"
},
WITH_CREDENTIALS: {
type: "boolean",
name: "withCredentials",
}
}

1
docs/usage/configuration.md
View File

@@ -71,6 +71,7 @@ Parameter name | Docker variable | Description
<a name="showMutatedRequest"></a>`showMutatedRequest` | `SHOW_MUTATED_REQUEST` | `Boolean=true`. If set to `true`, uses the mutated request returned from a requestInterceptor to produce the curl command in the UI, otherwise the request before the requestInterceptor was applied is used.
<a name="supportedSubmitMethods"></a>`supportedSubmitMethods` | `SUPPORTED_SUBMIT_METHODS` | `Array=["get", "put", "post", "delete", "options", "head", "patch", "trace"]`. List of HTTP methods that have the Try it out feature enabled. An empty array disables Try it out for all operations. This does not filter the operations from the display.
<a name="validatorUrl"></a>`validatorUrl` | `VALIDATOR_URL` | `String="https://online.swagger.io/validator" OR null`. By default, Swagger-UI attempts to validate specs against swagger.io's online validator. You can use this parameter to set a different validator URL, for example for locally deployed validators ([Validator Badge](https://github.com/swagger-api/validator-badge)). Setting it to `null` will disable validation.
<a name="withCredentials"></a>`withCredentials` | `WITH_CREDENTIALS` | `Boolean=false` If set to `true`, enables passing credentials, [as defined in the Fetch standard](https://fetch.spec.whatwg.org/#credentials), in CORS requests that are sent by the browser. Note that Swagger UI cannot currently set cookies cross-domain (see [swagger-js#1163](https://github.com/swagger-api/swagger-js/issues/1163)) - as a result, you will have to rely on browser-supplied cookies (which this setting enables sending) that Swagger UI cannot control.
##### Macros

1
src/core/index.js
View File

@@ -51,6 +51,7 @@ module.exports = function SwaggerUI(opts) {
defaultModelsExpandDepth: 1,
showExtensions: false,
showCommonExtensions: false,
withCredentials: undefined,
supportedSubmitMethods: [
"get",
"put",

8
src/core/plugins/swagger-js/configs-wrap-actions.js Normal file
View File

@@ -0,0 +1,8 @@
export const loaded = (ori, system) => (...args) => {
ori(...args)
const value = system.getConfigs().withCredentials
if(value !== undefined) {
system.fn.fetch.withCredentials = typeof value === "string" ? (value === "true") : !!value
}
}

8
src/core/plugins/swagger-js/index.js
View File

@@ -1,4 +1,5 @@
import Swagger from "swagger-client"
import * as configsWrapActions from "./configs-wrap-actions"
module.exports = function({ configs, getConfigs }) {
return {
@@ -22,6 +23,11 @@ module.exports = function({ configs, getConfigs }) {
},
serializeRes: Swagger.serializeRes,
opId: Swagger.helpers.opId
}
},
statePlugins: {
configs: {
wrapActions: configsWrapActions
}
},
}
}

94
test/core/plugins/swagger-js/withCredentials.js Normal file
View File

@@ -0,0 +1,94 @@
import expect, { createSpy } from "expect"
import { loaded } from "corePlugins/swagger-js/configs-wrap-actions"
describe("swagger-js plugin - withCredentials", () => {
it("should have no effect by default", () => {
const system = {
fn: {
fetch: createSpy().andReturn(Promise.resolve())
},
getConfigs: () => ({})
}
const oriExecute = createSpy()
const loadedFn = loaded(oriExecute, system)
loadedFn()
expect(oriExecute.calls.length).toBe(1)
expect(system.fn.fetch.withCredentials).toBe(undefined)
})
it("should allow setting flag to true via config", () => {
const system = {
fn: {
fetch: createSpy().andReturn(Promise.resolve())
},
getConfigs: () => ({
withCredentials: true
})
}
const oriExecute = createSpy()
const loadedFn = loaded(oriExecute, system)
loadedFn()
expect(oriExecute.calls.length).toBe(1)
expect(system.fn.fetch.withCredentials).toBe(true)
})
it("should allow setting flag to false via config", () => {
const system = {
fn: {
fetch: createSpy().andReturn(Promise.resolve())
},
getConfigs: () => ({
withCredentials: false
})
}
const oriExecute = createSpy()
const loadedFn = loaded(oriExecute, system)
loadedFn()
expect(oriExecute.calls.length).toBe(1)
expect(system.fn.fetch.withCredentials).toBe(false)
})
it("should allow setting flag to true via config as string", () => {
// for query string config
const system = {
fn: {
fetch: createSpy().andReturn(Promise.resolve())
},
getConfigs: () => ({
withCredentials: "true"
})
}
const oriExecute = createSpy()
const loadedFn = loaded(oriExecute, system)
loadedFn()
expect(oriExecute.calls.length).toBe(1)
expect(system.fn.fetch.withCredentials).toBe(true)
})
it("should allow setting flag to false via config as string", () => {
// for query string config
const system = {
fn: {
fetch: createSpy().andReturn(Promise.resolve())
},
getConfigs: () => ({
withCredentials: "false"
})
}
const oriExecute = createSpy()
const loadedFn = loaded(oriExecute, system)
loadedFn()
expect(oriExecute.calls.length).toBe(1)
expect(system.fn.fetch.withCredentials).toBe(false)
})
})