Fix the case where multiple securitySchemes exist (TykTechnologies#3922)

zhailuxu · Mar 8, 2022 · 773f702 · 773f702
1 parent b8496b3
commit 773f702
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 15 deletions.
diff --git a/apidef/oas/security.go b/apidef/oas/security.go
@@ -44,13 +44,12 @@ func (s *OAS) fillToken(api apidef.APIDefinition) {
 func (s *OAS) extractTokenTo(api *apidef.APIDefinition, name string) {
 	authConfig := apidef.AuthConfig{DisableHeader: true}
 
-	if token := s.getTykTokenAuth(name); token != nil {
-		api.UseStandardAuth = token.Enabled
-		authConfig.UseCertificate = token.EnableClientCertificate
-		token.AuthSources.ExtractTo(&authConfig)
-		if token.Signature != nil {
-			token.Signature.ExtractTo(&authConfig)
-		}
+	token := s.getTykTokenAuth(name)
+	api.UseStandardAuth = token.Enabled
+	authConfig.UseCertificate = token.EnableClientCertificate
+	token.AuthSources.ExtractTo(&authConfig)
+	if token.Signature != nil {
+		token.Signature.ExtractTo(&authConfig)
 	}
 
 	s.extractApiKeySchemeTo(&authConfig, name)
@@ -71,14 +70,18 @@ func (s *OAS) extractSecurityTo(api *apidef.APIDefinition) {
 		api.AuthConfigs = make(map[string]apidef.AuthConfig)
 	}
 
-	if len(s.Security) == 0 {
+	if len(s.Security) == 0 || len(s.Components.SecuritySchemes) == 0 {
 		return
 	}
 
-	for name := range s.Security[0] {
-		switch s.Components.SecuritySchemes[name].Value.Type {
-		case apiKey:
-			s.extractTokenTo(api, name)
+	for schemeName := range s.getTykSecuritySchemes() {
+		if _, ok := s.Security[0][schemeName]; ok {
+			switch s.Components.SecuritySchemes[schemeName].Value.Type {
+			case apiKey:
+				if s.getTykTokenAuth(schemeName) != nil {
+					s.extractTokenTo(api, schemeName)
+				}
+			}
 		}
 	}
 }

diff --git a/apidef/oas/security_test.go b/apidef/oas/security_test.go
@@ -187,13 +187,15 @@ func TestOAS_Token(t *testing.T) {
 	assert.Equal(t, oas, convertedOAS)
 }
 
-func TestOAS_Token_EmptyTykAuthentication(t *testing.T) {
+func TestOAS_Token_MultipleSecuritySchemes(t *testing.T) {
 	const securityName = "custom"
+	const securityName2 = "custom2"
 
 	var oas OAS
 	oas.Security = openapi3.SecurityRequirements{
 		{
-			securityName: []string{},
+			securityName:  []string{},
+			securityName2: []string{},
 		},
 	}
 
@@ -205,15 +207,38 @@ func TestOAS_Token_EmptyTykAuthentication(t *testing.T) {
 				In:   query,
 			},
 		},
+		securityName2: {
+			Value: &openapi3.SecurityScheme{
+				Type: apiKey,
+				Name: "x-header",
+				In:   header,
+			},
+		},
 	}
 
+	xTykAPIGateway := &XTykAPIGateway{
+		Server: Server{
+			Authentication: &Authentication{
+				Enabled: true,
+				SecuritySchemes: map[string]interface{}{
+					securityName: &Token{
+						Enabled: true,
+					},
+				},
+			},
+		},
+	}
+
+	oas.SetTykExtension(xTykAPIGateway)
+
 	var api apidef.APIDefinition
 	oas.ExtractTo(&api)
 
 	var convertedOAS OAS
 	convertedOAS.Fill(api)
 
-	assert.Equal(t, oas, convertedOAS)
+	assert.Len(t, convertedOAS.getTykSecuritySchemes(), 1)
+	assert.Contains(t, convertedOAS.getTykSecuritySchemes(), securityName)
 }
 
 func TestOAS_AppendSecurity(t *testing.T) {