Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG][typescript-angular] Security definition collision in API key lookup #5062

Closed
5 of 6 tasks
djnalluri opened this issue Jan 21, 2020 · 1 comment · Fixed by #5220
Closed
5 of 6 tasks

[BUG][typescript-angular] Security definition collision in API key lookup #5062

djnalluri opened this issue Jan 21, 2020 · 1 comment · Fixed by #5220
Labels
Client: TypeScript Issue: Bug

Comments

@djnalluri
Copy link
Contributor

Bug Report Checklist

  • Have you provided a full/minimal spec to reproduce the issue?
  • Have you validated the input using an OpenAPI validator (example)?
  • What's the version of OpenAPI Generator used?
  • Have you search for related issues/PRs?
  • What's the actual output vs expected output?
  • [Optional] Bounty to sponsor the fix (example)
Description

When searching for credentials to use for API key authentication, the client searches the configuration object using the name of the header. It is possible for two different security definitions to use the same header name and still provide a valid OpenAPI spec. This behaviour can be problematic when an API provides a set of endpoints that are split between one or the other and the nature of the definitions do not allow interchangeability. The correct key needs to be inserted into the configuration object prior to each request.

openapi-generator version

4.2.x

OpenAPI declaration file content or url

https://gist.github.com/djnalluri/afbf899e7d730257b2c02a9a157f99de

Command line used for generation

java -jar openapi-generator-cli.jar generate -g typescript-angular -i example.yaml -o example

Steps to reproduce

Use the spec file and command provided above to generate a client.

Related issues/PRs

None for Typescript

Suggest a fix

Since security definitions cannot share a name, I suggest looking up the key using the definition name instead of the header.

When using the provided example, instead of the following code:

if (this.configuration.apiKeys && this.configuration.apiKeys["Authorization"]) {
    headers = headers.set('Authorization', this.configuration.apiKeys["Authorization"]);
}

this code or similar should be generated:

if (this.configuration.apiKeys && this.configuration.apiKeys["ExampleA"]) {
    headers = headers.set('Authorization', this.configuration.apiKeys["ExampleA"]);
}
@auto-labeler
Copy link

auto-labeler bot commented Jan 21, 2020

👍 Thanks for opening this issue!
🏷 I have applied any labels matching special text in your issue.

The team will review the labels and make any necessary changes.

@djnalluri djnalluri changed the title [BUG][typescript-angular] Security definition collision in lookup [BUG][typescript-angular] Security definition collision in API key lookup Jan 21, 2020
@djnalluri djnalluri mentioned this issue Feb 6, 2020
Merged
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Client: TypeScript Issue: Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[typescript-angular] Use security scheme name for API key lookup oaklandcorp/openapi-generator
1 participant
@djnalluri