Skip to content

Commit

Permalink
Ensure HttpApiKeyAuth headers are added to CORS
Browse files Browse the repository at this point in the history
This change updates SecuritySchemeConverters to take in the trait being
converted so that things like HttpApiKeyAuth can add their designated
header to the CORS list of allowed headers.
  • Loading branch information
mtdowling committed Mar 27, 2020
1 parent 918bab2 commit b02158b
Show file tree
Hide file tree
Showing 9 changed files with 49 additions and 8 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ private static Map<CorsHeader, String> deduceCorsHeaders(

// Add all headers generated by security schemes.
for (SecuritySchemeConverter<? extends Trait> converter : context.getSecuritySchemeConverters()) {
headerNames.addAll(converter.getAuthRequestHeaders());
headerNames.addAll(getSecuritySchemeRequestHeaders(context, converter));
}

LOGGER.fine(() -> String.format(
Expand All @@ -121,6 +121,14 @@ private static Map<CorsHeader, String> deduceCorsHeaders(
return corsHeaders;
}

private static <T extends Trait> Set<String> getSecuritySchemeRequestHeaders(
Context<? extends Trait> context,
SecuritySchemeConverter<T> converter
) {
T t = context.getService().expectTrait(converter.getAuthSchemeType());
return converter.getAuthRequestHeaders(t);
}

private static Collection<String> findAllHeaders(String path, PathItem pathItem) {
// Get all "in" = "header" parameters and gather up their "name" properties.
return pathItem.getOperations().values().stream()
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,7 +60,7 @@ public SecurityScheme createSecurityScheme(Context<? extends Trait> context, Cog
}

@Override
public Set<String> getAuthRequestHeaders() {
public Set<String> getAuthRequestHeaders(CognitoUserPoolsTrait trait) {
return REQUEST_HEADERS;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -53,10 +53,19 @@ static <T extends Trait> Set<String> deduceOperationHeaders(
// and any headers explicitly modeled on the operation.
Set<String> result = new TreeSet<>(cors.getAdditionalExposedHeaders());
result.addAll(context.getOpenApiProtocol().getProtocolResponseHeaders(context, shape));

for (SecuritySchemeConverter<? extends Trait> converter : context.getSecuritySchemeConverters()) {
result.addAll(converter.getAuthResponseHeaders());
result.addAll(getSecuritySchemeResponseHeaders(context, converter));
}

return result;
}

private static <T extends Trait> Set<String> getSecuritySchemeResponseHeaders(
Context<? extends Trait> context,
SecuritySchemeConverter<T> converter
) {
T t = context.getService().expectTrait(converter.getAuthSchemeType());
return converter.getAuthResponseHeaders(t);
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -91,9 +91,10 @@ default List<String> createSecurityRequirements(Context<? extends Trait> context
*
* <p>This is useful when integrating with things like CORS.</p>
*
* @param authTrait The auth trait that is being used.
* @return A set of header names.
*/
default Set<String> getAuthRequestHeaders() {
default Set<String> getAuthRequestHeaders(T authTrait) {
return SetUtils.of();
}

Expand All @@ -103,9 +104,10 @@ default Set<String> getAuthRequestHeaders() {
*
* <p>This is useful when integrating with things like CORS.</p>
*
* @param authTrait The auth trait that is being used.
* @return A set of header names.
*/
default Set<String> getAuthResponseHeaders() {
default Set<String> getAuthResponseHeaders(T authTrait) {
return SetUtils.of();
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ public SecurityScheme createSecurityScheme(Context<? extends Trait> context, Sig
}

@Override
public Set<String> getAuthRequestHeaders() {
public Set<String> getAuthRequestHeaders(SigV4Trait trait) {
return REQUEST_HEADERS;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -15,11 +15,13 @@

package software.amazon.smithy.openapi.fromsmithy.security;

import java.util.Set;
import software.amazon.smithy.model.traits.HttpApiKeyAuthTrait;
import software.amazon.smithy.model.traits.Trait;
import software.amazon.smithy.openapi.fromsmithy.Context;
import software.amazon.smithy.openapi.fromsmithy.SecuritySchemeConverter;
import software.amazon.smithy.openapi.model.SecurityScheme;
import software.amazon.smithy.utils.SetUtils;

/**
* Uses an HTTP header named X-Api-Key that contains an API key.
Expand All @@ -42,4 +44,9 @@ public SecurityScheme createSecurityScheme(Context<? extends Trait> context, Htt
.in(trait.getIn().toString())
.build();
}

@Override
public Set<String> getAuthRequestHeaders(HttpApiKeyAuthTrait trait) {
return SetUtils.of(trait.getName());
}
}
Original file line number Diff line number Diff line change
@@ -1,9 +1,13 @@
package software.amazon.smithy.openapi.fromsmithy.security;

import static org.hamcrest.MatcherAssert.assertThat;
import static org.hamcrest.Matchers.containsInAnyOrder;

import org.junit.jupiter.api.Test;
import software.amazon.smithy.model.Model;
import software.amazon.smithy.model.node.Node;
import software.amazon.smithy.model.shapes.ShapeId;
import software.amazon.smithy.model.traits.HttpApiKeyAuthTrait;
import software.amazon.smithy.openapi.fromsmithy.OpenApiConverter;
import software.amazon.smithy.openapi.model.OpenApi;
import software.amazon.smithy.utils.IoUtils;
Expand All @@ -22,4 +26,15 @@ public void addsCustomApiKeyAuth() {

Node.assertEquals(result, expectedNode);
}

@Test
public void returnsTraitHeader() {
HttpApiKeyAuthConverter converter = new HttpApiKeyAuthConverter();
HttpApiKeyAuthTrait trait = HttpApiKeyAuthTrait.builder()
.name("x-api-key")
.in(HttpApiKeyAuthTrait.Location.HEADER)
.build();

assertThat(converter.getAuthRequestHeaders(trait), containsInAnyOrder("x-api-key"));
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
"traits": {
"aws.protocols#restJson1": true,
"smithy.api#httpApiKeyAuth": {
"name": "X-Api-Key",
"name": "x-api-key",
"in": "header"
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@
"securitySchemes": {
"smithy.api#httpApiKeyAuth": {
"type": "apiKey",
"name": "X-Api-Key",
"name": "x-api-key",
"in": "header"
}
}
Expand Down

0 comments on commit b02158b

Please sign in to comment.