fix(ux): ensure that optional security schema is rendered without padlock. (#6839)

2021-01-22 19:03:38 +01:00
parent 617a7ceefd
commit eddde95dc4
3 changed files with 61 additions and 2 deletions
--- a/src/core/components/operation-summary.jsx
+++ b/src/core/components/operation-summary.jsx
@@ -56,8 +56,10 @@ export default class OperationSummary extends PureComponent {
    const OperationSummaryPath = getComponent("OperationSummaryPath")
    const JumpToPath = getComponent("JumpToPath", true)

+    const hasSecurity = security && !!security.count()
+    const securityIsOptional = hasSecurity && security.size === 1 && security.first().isEmpty()
+    const allowAnonymous = !hasSecurity || securityIsOptional
    return (
-
      <div className={`opblock-summary opblock-summary-${method}`} onClick={toggleShown} >
        <OperationSummaryMethod method={method} />
        <OperationSummaryPath getComponent={getComponent} operationProps={operationProps} specPath={specPath} />
@@ -71,7 +73,7 @@ export default class OperationSummary extends PureComponent {
        {displayOperationId && (originalOperationId || operationId) ? <span className="opblock-summary-operation-id">{originalOperationId || operationId}</span> : null}

        {
-          (!security || !security.count()) ? null :
+          allowAnonymous ? null :
            <AuthorizeOperationBtn
              isAuthorized={isAuthorized}
              onClick={() => {
--- a/test/e2e-cypress/static/documents/security/anonymous.yaml
+++ b/test/e2e-cypress/static/documents/security/anonymous.yaml
@@ -0,0 +1,35 @@
+openapi: 3.0.0
+info:
+  title: Test anonymous operations
+  version: 1.0.0
+paths:
+  /withBoth:
+    get:
+      security: [{}, {"apikeyScheme": []}, {"apikeyScheme2": []}]
+      responses:
+        200:
+          description: asdadasd
+  /onlyEmpty:
+    get:
+      security: [{}]
+      responses:
+        200:
+          description: asdadasd
+  /required:
+    get:
+      security: [{"apikeyScheme": []}]
+      responses:
+        200:
+          description: asdadasd
+security:
+  - apikeyScheme: []
+components:
+  securitySchemes:
+    apikeyScheme:
+      name: test
+      type: apiKey
+      in: header
+    apikeyScheme2:
+      name: test2
+      type: apiKey
+      in: header
--- a/test/e2e-cypress/tests/security/anonymous.js
+++ b/test/e2e-cypress/tests/security/anonymous.js
@@ -0,0 +1,22 @@
+describe("#6767: Operation should be considered anonymous if its security only includes empty object (this was decided by implementation choice and may change or be extended in the future)", () => {
+  it("Should consider method anonymous if security contains only empty object", () => {
+    cy
+      .visit("/?url=/documents/security/anonymous.yaml")
+      .get("#operations-default-get_onlyEmpty .authorization__btn")
+      .should("not.exist")
+  })
+
+  it("Should consider method as secured if security contains no empty object", () => {
+    cy
+      .visit("/?url=/documents/security/anonymous.yaml")
+      .get("#operations-default-get_required .authorization__btn")
+      .should("exist")
+  })
+
+  it("Should consider method as secured if security contains empty object but has at least one more security defined", () => {
+    cy
+      .visit("/?url=/documents/security/anonymous.yaml")
+      .get("#operations-default-get_withBoth .authorization__btn")
+      .should("exist")
+  })
+})