t/plugin-security-extended-status.t


            
              1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
              use Mojo::Base -strict;
use Test::Mojo;
use Test::More;
use Mojolicious::Lite;
get '/securitytest' => sub {
  my $c = shift->openapi->valid_input or return;
  $c->render(openapi => {message => "ok"}, status => 200);
  },
  'securitytest';
plugin OpenAPI => {
  url      => 'data://main/sec.yaml',
  security => {
    api_key => sub {
      my ($self, $definition, $scopes, $cb) = @_;
      my $apikey  = $self->req->headers->header('apikey');
      my $apiuser = $self->req->headers->header('apiuser');
      return $self->$cb("apikey/apiuser missing") unless $apikey and $apiuser;
      if ($apikey eq "authenticated" and $apiuser eq "authenticated") {
        $self->stash(status => 403);
        return $self->$cb("Permission denied");
      }
      if ($apikey eq "authorized" and $apiuser eq "authorized") {
        return $self->$cb();
      }
      return $self->$cb("Unauthorized");
    },
  },
};
my $t = Test::Mojo->new;
$t->get_ok('/api/securitytest' => {apikey => 'authorized', apiuser => 'authorized'})
  ->status_is(200);
$t->get_ok('/api/securitytest' => {apikey => 'authenticated', apiuser => 'authenticated'})
  ->status_is(403);
$t->get_ok('/api/securitytest' => {apikey => 'unknown', apiuser => 'unknown'})->status_is(401);
$t->get_ok('/api/securitytest')->status_is(401);
done_testing;
__DATA__
@@ sec.yaml
openapi: 3.0.2
info:
  title: CSApi
  version: "1.0"
  description: API test
servers:
- url: /api
security:
  - api_key: []
    api_user: []
paths:
  /securitytest:
    get:
      x-mojo-name: securitytest
      summary: test security
      description: >
        Will grant authenticated and authorized apikeys access
      responses:
        200:
          $ref: "#/components/responses/200_OK_message"
        403:
          $ref: "#/components/responses/403_Forbidden"
components:
  securitySchemes:
    api_key:
      type: apiKey
      description: API key to authorize requests.
      name: apikey
      in: header
    api_user:
      type: apiKey
      description: Username going with that key.
      name: apiuser
      in: header
  schemas:
    Error:
      type: object
      required:
        - errors
      properties:
        errors:
          type: array
          items:
            type: object
            required:
              - message
            properties:
              message:
                type: string
              path:
                type: string
  responses:
    200_OK_message:
      description: OK
      content:
        application/json:
          schema:
            type: object
            required:
              - message
            properties:
              message:
                type: string
              path:
                type: string
    403_Forbidden:
      description: Insufficient priviliges
      content:
        application/json:
          schema:
            $ref: "#/components/schemas/Error"
    DefaultResponse:
      description: Default Response
      content:
        application/json:
          schema:
            $ref: "#/components/schemas/Error"

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)