8000 Implement support for logical AND in security schemes by StarKhan6368 · Pull Request #1826 · specmatic/specmatic · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Implement support for logical AND in security schemes #1826

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 14 commits into from
May 22, 2025
Merged

Implement support for logical AND in security schemes #1826

merged 14 commits into from
May 22, 2025

Conversation

StarKhan6368
Copy link
Contributor

What: Implement support for logical AND in security schemes

Why:

  • Previously, we only supported OR between the security schemes defined in the OAS.
  • However, a path can define multiple security schemes according to the OAS standards.

Sources:

Checklist:

  • Unit Tests
  • Build passing locally
  • Sonar Quality Gate
  • Security scans don't report any vulnerabilities
  • Documentation added/updated (share link)
  • Sample Project added/updated (share link)
  • Demo video (share link)
  • Article on Website (share link)
  • Roadmap updated (share link)
  • Conference Talk (share link)

Issue ID:
Closes: #932

StarKhan6368 added 11 commits May 16, 2025 19:07
@StarKhan6368
Implement CompositeSecurityScheme
9ddc945 
- Represent `AND` relationship between securitySchemes in OAS
- Add simple tests for the same
@StarKhan6368
Implement composite security scheme parsing
a73d335 
- logical `AND` with multiple security-schemes is represented by
  CompositeSecurityScheme
- Add tests for the same
@StarKhan6368
Add test for contract test using inline-examples
0372a20 
- Should send appropriate security-scheme values based on the OAS
@StarKhan6368
Existing tests to use compositeSecurityScheme
6fa5e22
@StarKhan6368
Add OpenAPISecurityScheme.isInRequest helper method
8e8edfa 
- Mimics what isInRow does, but with HttpRequest instead
@StarKhan6368
Fix matchSecurityScheme ignoring failures
819376e 
- Should only ignore failures if none of the schemes areIn request
- Add test for the same
@StarKhan6368
Test for contract tests with externalised examples
c184cb8 
- For composite logical AND/OR security schemes
@StarKhan6368
Add argument to OpenAPISecurityScheme.isInRequest
3d0c99e 
- Only applicable to compositeScheme to check if all or any of
  sub-schemes are in a request
@StarKhan6368
Enhance matchSecurityScheme logic
32c69de 
- To better handle multiple and composite schemes
@StarKhan6368
Test for HttpStub with composite security schemes
4ed888d
@StarKhan6368
Add an overlapping case path for security schemes
0567281 
- Update the tests accordingly
@StarKhan6368 StarKhan6368 marked this pull request as ready for review May 16, 2025 20:02
joelrosario
joelrosario reviewed May 22, 2025
View reviewed changes
core/src/main/kotlin/io/specmatic/conversions/OpenApiSpecification.kt Outdated
schemeName to toSecurityScheme(schemeName, scheme)
}

val securitySchemesForRequestPattern = parseOperationSecuritySchemas(operation) { name ->
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why not pass the securitySchemes directly instead of a function?

@joelrosario joelrosario merged commit 4e2b665 into main May 22, 2025
1 check passed
@joelrosario joelrosario deleted the composite-security-schemes branch May 22, 2025 12:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@joelrosario joelrosario joelrosario approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Secure schema not respected when generating test scenarios
2 participants
@StarKhan6368 @joelrosario
0