fix checking security of operations
Swagger spec supports logical expression for operation security. Security definitions are keys of a map (logical AND) and list of them are defined in swagger (logical OR). All definitions are evaluated using AND relation so requests of logical OR definition are refused if some of the headers/query parameters are missing.
References:
https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#operationObject
A declaration of which security schemes are applied for this operation. The list of values describes alternative security schemes that can be used (that is, there is a logical OR between the security requirements). This definition overrides any declared top-level security. To remove a top-level security declaration, an empty array can be used.
https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#securityRequirementObject
Lists the required security schemes to execute this operation. The object can have multiple security schemes declared in it which are all required (that is, there is a logical AND between the schemes).
Comments (3)
-
reporter -
reporter -
reporter - changed status to resolved
PR already merged
- Log in to comment
I'm working on a patch for the issue, I will create a PR.