Added support for empty Operation security #111

There is now a distinction between no security being defined by operations, and empty security requirements. If the `Security` value is `nil`, then it was left out. If the slice is empty, it was defined and left empty by design. As requested by #111 Signed-off-by: Dave Shanley <dave@quobix.com>
2025-12-09 20:47:44 +00:00 · 2023-06-16 06:16:14 -04:00
parent db27267e09
commit fcf2f332d9
4 changed files with 74 additions and 2 deletions
--- a/datamodel/high/v3/operation.go
+++ b/datamodel/high/v3/operation.go
@@ -68,7 +68,11 @@ func NewOperation(operation *low.Operation) *Operation {
 		for s := range operation.Security.Value {
 			sec = append(sec, base.NewSecurityRequirement(operation.Security.Value[s].Value))
 		}
-		o.Security = sec
+		if len(sec) > 0 {
+			o.Security = sec
+		} else {
+			o.Security = []*base.SecurityRequirement{} // security is defined, but empty.
+		}
 	}
 	var servers []*Server
 	for i := range operation.Servers.Value {
--- a/datamodel/high/v3/operation_test.go
+++ b/datamodel/high/v3/operation_test.go
@@ -129,3 +129,39 @@ requestBody:
 	assert.Equal(t, desired, strings.TrimSpace(string(rend)))

 }
+
+func TestOperation_EmptySecurity(t *testing.T) {
+	yml := `
+security: []`
+
+	var idxNode yaml.Node
+	_ = yaml.Unmarshal([]byte(yml), &idxNode)
+	idx := index.NewSpecIndex(&idxNode)
+
+	var n v3.Operation
+	_ = low.BuildModel(&idxNode, &n)
+	_ = n.Build(idxNode.Content[0], idx)
+
+	r := NewOperation(&n)
+
+	assert.NotNil(t, r.Security)
+	assert.Len(t, r.Security, 0)
+
+}
+
+func TestOperation_NoSecurity(t *testing.T) {
+	yml := `operationId: test`
+
+	var idxNode yaml.Node
+	_ = yaml.Unmarshal([]byte(yml), &idxNode)
+	idx := index.NewSpecIndex(&idxNode)
+
+	var n v3.Operation
+	_ = low.BuildModel(&idxNode, &n)
+	_ = n.Build(idxNode.Content[0], idx)
+
+	r := NewOperation(&n)
+
+	assert.Nil(t, r.Security)
+
+}
--- a/datamodel/low/v3/operation.go
+++ b/datamodel/low/v3/operation.go
@@ -110,7 +110,9 @@ func (o *Operation) Build(root *yaml.Node, idx *index.SpecIndex) error {
 	if sErr != nil {
 		return sErr
 	}
-	if sec != nil {
+
+	// if security is defined and requirements are provided.
+	if sln != nil && len(svn.Content) > 0 && sec != nil {
 		o.Security = low.NodeReference[[]low.ValueReference[*base.SecurityRequirement]]{
 			Value:     sec,
 			KeyNode:   sln,
@@ -118,6 +120,16 @@ func (o *Operation) Build(root *yaml.Node, idx *index.SpecIndex) error {
 		}
 	}

+	// if security is set, but no requirements are defined.
+	// https://github.com/pb33f/libopenapi/issues/111
+	if sln != nil && len(svn.Content) == 0 && sec == nil {
+		o.Security = low.NodeReference[[]low.ValueReference[*base.SecurityRequirement]]{
+			Value:     []low.ValueReference[*base.SecurityRequirement]{}, // empty
+			KeyNode:   sln,
+			ValueNode: svn,
+		}
+	}
+
 	// extract servers
 	servers, sl, sn, serErr := low.ExtractArray[*Server](ServersLabel, root, idx)
 	if serErr != nil {
--- a/datamodel/low/v3/operation_test.go
+++ b/datamodel/low/v3/operation_test.go
@@ -286,3 +286,23 @@ x-mint: sweet`
 	assert.Nil(t, n.FindSecurityRequirement("I do not exist"))

 }
+
+func TestOperation_EmptySecurity(t *testing.T) {
+
+	yml := `
+security: []`
+
+	var idxNode yaml.Node
+	_ = yaml.Unmarshal([]byte(yml), &idxNode)
+	idx := index.NewSpecIndex(&idxNode)
+
+	var n Operation
+	err := low.BuildModel(idxNode.Content[0], &n)
+	assert.NoError(t, err)
+
+	err = n.Build(idxNode.Content[0], idx)
+	assert.NoError(t, err)
+
+	assert.Len(t, n.Security.Value, 0)
+
+}