Address PR review comments

2022-06-20 09:24:32 -07:00 · 2022-06-20 09:24:32 -07:00 · 37cd3f1e82
--- a/functions/security-definitions.js
+++ b/functions/security-definitions.js
@ -28,6 +28,8 @@ module.exports = (doc) => {

  Object.keys(schemes).forEach((schemeKey) => {
    const scheme = schemes[schemeKey];
+    // Silently ignore scheme if not an object -- oas2-schema will flag this as an error.
+    // The check here is just to avoid runtime exceptions.
    if (typeof scheme === 'object') {
      const path = ['securityDefinitions', schemeKey];
      if (scheme.type === 'oauth2') {
--- a/test/security-definitions.test.js
+++ b/test/security-definitions.test.js
@ -132,6 +132,48 @@ test('az-security-definitions should find errors when securityDefinitions has un
  });
 });

+// Test multiple errors are caught even after earlier valid schemes
+test('az-security-definitions should find multiple errors after valid schemes', () => {
+  const oasDoc = {
+    swagger: '2.0',
+    securityDefinitions: {
+      ApiKey: {
+        type: 'apiKey',
+        in: 'header',
+        name: 'api_key',
+        description: 'API Key',
+      },
+      OauthBad: {
+        description: 'Oauth2 scheme with some invalid scopes',
+        type: 'oauth2',
+        flow: 'application',
+        tokenUrl:
+          'https://login.microsoftonline.com/common/oauth2/authorize',
+        scopes: {
+          'https://atlas.microsoft.com/.default': 'default permissions to user account',
+          'user impersonation': 'default permissions to user account',
+        },
+      },
+      ApiKeyBad: {
+        type: 'apiKey',
+        in: 'query',
+        name: 'api_key',
+        description: 'API Key',
+      },
+      BasicBad: {
+        type: 'basic',
+      },
+    },
+  };
+  return linter.run(oasDoc).then((results) => {
+    expect(results.length).toBe(3);
+    expect(results[0].path.join('.')).toBe('securityDefinitions.OauthBad.scopes.user impersonation');
+    expect(results[1].path.join('.')).toBe('securityDefinitions.ApiKeyBad.in');
+    expect(results[2].path.join('.')).toBe('securityDefinitions.BasicBad.type');
+    expect(results[2].message).toContain('Security scheme must be type: oauth2 or type: apiKey.');
+  });
+});
+
 test('az-security-definitions should find no errors', () => {
  const oasDoc = {
    swagger: '2.0',