Skip to content

Commit 6e85965

Browse files
authored
Validate security requirements sequentially (#208)
1 parent 7fdd3bc commit 6e85965

2 files changed

Lines changed: 13 additions & 49 deletions

File tree

openapi3/swagger_loader.go

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -273,8 +273,7 @@ func (swaggerLoader *SwaggerLoader) resolveComponent(swagger *Swagger, ref strin
273273
pathPart = strings.Replace(pathPart, "~1", "/", -1)
274274
pathPart = strings.Replace(pathPart, "~0", "~", -1)
275275

276-
cursor, err = drillIntoSwaggerField(cursor, pathPart)
277-
if err != nil {
276+
if cursor, err = drillIntoSwaggerField(cursor, pathPart); err != nil {
278277
return nil, nil, fmt.Errorf("Failed to resolve '%s' in fragment in URI: '%s': %v", ref, pathPart, err.Error())
279278
}
280279
if cursor == nil {
@@ -313,7 +312,7 @@ func drillIntoSwaggerField(cursor interface{}, fieldName string) (interface{}, e
313312
// give up
314313
return nil, fmt.Errorf("Struct field not found: %v", fieldName)
315314
}
316-
return nil, fmt.Errorf("Not a map or struct")
315+
return nil, errors.New("Not a map or struct")
317316
}
318317

319318
func (swaggerLoader *SwaggerLoader) resolveRefSwagger(swagger *Swagger, ref string, path *url.URL) (*Swagger, string, *url.URL, error) {

openapi3filter/validate_request.go

Lines changed: 11 additions & 46 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,6 @@ import (
88
"io/ioutil"
99
"net/http"
1010
"sort"
11-
"sync"
1211

1312
"github.com/getkin/kin-openapi/openapi3"
1413
)
@@ -204,57 +203,23 @@ func ValidateRequestBody(c context.Context, input *RequestValidationInput, reque
204203
return nil
205204
}
206205

207-
// ValidateSecurityRequirements validates a multiple OpenAPI 3 security requirements.
208-
// Returns nil if one of them inputed.
209-
// Otherwise returns an error describing the security failures.
206+
// ValidateSecurityRequirements goes through multiple OpenAPI 3 security
207+
// requirements in order and returns nil on the first valid requirement.
208+
// If no requirement is met, errors are returned in order.
210209
func ValidateSecurityRequirements(c context.Context, input *RequestValidationInput, srs openapi3.SecurityRequirements) error {
211-
// Alternative requirements
212210
if len(srs) == 0 {
213211
return nil
214212
}
215-
216-
var wg sync.WaitGroup
217-
errs := make([]error /*zeros,here*/, len(srs))
218-
219-
// For each alternative security requirement
220-
for i, securityRequirement := range srs {
221-
// Capture index from iteration variable
222-
currentIndex := i
223-
currentSecurityRequirement := securityRequirement
224-
225-
// Add a work item
226-
wg.Add(1)
227-
228-
go func() {
229-
defer func() {
230-
v := recover()
231-
if v != nil {
232-
if err, ok := v.(error); ok {
233-
errs[currentIndex] = err
234-
} else {
235-
errs[currentIndex] = errors.New("Panicked")
236-
}
237-
}
238-
239-
// Remove a work item
240-
wg.Done()
241-
}()
242-
243-
if err := validateSecurityRequirement(c, input, currentSecurityRequirement); err != nil {
244-
errs[currentIndex] = err
213+
var errs []error
214+
for _, sr := range srs {
215+
if err := validateSecurityRequirement(c, input, sr); err != nil {
216+
if len(errs) == 0 {
217+
errs = make([]error, 0, len(srs))
245218
}
246-
}()
247-
}
248-
249-
// Wait for all
250-
wg.Wait()
251-
252-
// If any security requirement was met
253-
for _, err := range errs {
254-
if err == nil {
255-
// Return no error
256-
return nil
219+
errs = append(errs, err)
220+
continue
257221
}
222+
return nil
258223
}
259224
return &SecurityRequirementsError{
260225
SecurityRequirements: srs,

0 commit comments

Comments
 (0)