Ensure HttpApiKeyAuth headers are added to CORS

This change updates SecuritySchemeConverters to take in the trait being converted so that things like HttpApiKeyAuth can add their designated header to the CORS list of allowed headers.
smithy-lang · Mar 27, 2020 · b02158b · b02158b
1 parent 918bab2
commit b02158b
Show file tree

Hide file tree

Showing 9 changed files with 49 additions and 8 deletions.
diff --git a/.../main/java/software/amazon/smithy/aws/apigateway/openapi/AddCorsPreflightIntegration.java b/.../main/java/software/amazon/smithy/aws/apigateway/openapi/AddCorsPreflightIntegration.java
@@ -111,7 +111,7 @@ private static Map<CorsHeader, String> deduceCorsHeaders(
 
         // Add all headers generated by security schemes.
         for (SecuritySchemeConverter<? extends Trait> converter : context.getSecuritySchemeConverters()) {
-            headerNames.addAll(converter.getAuthRequestHeaders());
+            headerNames.addAll(getSecuritySchemeRequestHeaders(context, converter));
         }
 
         LOGGER.fine(() -> String.format(
@@ -121,6 +121,14 @@ private static Map<CorsHeader, String> deduceCorsHeaders(
         return corsHeaders;
     }
 
+    private static <T extends Trait> Set<String> getSecuritySchemeRequestHeaders(
+            Context<? extends Trait> context,
+            SecuritySchemeConverter<T> converter
+    ) {
+        T t = context.getService().expectTrait(converter.getAuthSchemeType());
+        return converter.getAuthRequestHeaders(t);
+    }
+
     private static Collection<String> findAllHeaders(String path, PathItem pathItem) {
         // Get all "in" = "header" parameters and gather up their "name" properties.
         return pathItem.getOperations().values().stream()

diff --git a/...rc/main/java/software/amazon/smithy/aws/apigateway/openapi/CognitoUserPoolsConverter.java b/...rc/main/java/software/amazon/smithy/aws/apigateway/openapi/CognitoUserPoolsConverter.java
@@ -60,7 +60,7 @@ public SecurityScheme createSecurityScheme(Context<? extends Trait> context, Cog
     }
 
     @Override
-    public Set<String> getAuthRequestHeaders() {
+    public Set<String> getAuthRequestHeaders(CognitoUserPoolsTrait trait) {
         return REQUEST_HEADERS;
     }
 }
diff --git a/...teway-openapi/src/main/java/software/amazon/smithy/aws/apigateway/openapi/CorsHeader.java b/...teway-openapi/src/main/java/software/amazon/smithy/aws/apigateway/openapi/CorsHeader.java
@@ -53,10 +53,19 @@ static <T extends Trait> Set<String> deduceOperationHeaders(
         // and any headers explicitly modeled on the operation.
         Set<String> result = new TreeSet<>(cors.getAdditionalExposedHeaders());
         result.addAll(context.getOpenApiProtocol().getProtocolResponseHeaders(context, shape));
+
         for (SecuritySchemeConverter<? extends Trait> converter : context.getSecuritySchemeConverters()) {
-            result.addAll(converter.getAuthResponseHeaders());
+            result.addAll(getSecuritySchemeResponseHeaders(context, converter));
         }
 
         return result;
     }
+
+    private static <T extends Trait> Set<String> getSecuritySchemeResponseHeaders(
+            Context<? extends Trait> context,
+            SecuritySchemeConverter<T> converter
+    ) {
+        T t = context.getService().expectTrait(converter.getAuthSchemeType());
+        return converter.getAuthResponseHeaders(t);
+    }
 }
diff --git a/...napi/src/main/java/software/amazon/smithy/openapi/fromsmithy/SecuritySchemeConverter.java b/...napi/src/main/java/software/amazon/smithy/openapi/fromsmithy/SecuritySchemeConverter.java
@@ -91,9 +91,10 @@ default List<String> createSecurityRequirements(Context<? extends Trait> context
      *
      * <p>This is useful when integrating with things like CORS.</p>
      *
+     * @param authTrait The auth trait that is being used.
      * @return A set of header names.
      */
-    default Set<String> getAuthRequestHeaders() {
+    default Set<String> getAuthRequestHeaders(T authTrait) {
         return SetUtils.of();
     }
 
@@ -103,9 +104,10 @@ default Set<String> getAuthRequestHeaders() {
      *
      * <p>This is useful when integrating with things like CORS.</p>
      *
+     * @param authTrait The auth trait that is being used.
      * @return A set of header names.
      */
-    default Set<String> getAuthResponseHeaders() {
+    default Set<String> getAuthResponseHeaders(T authTrait) {
         return SetUtils.of();
     }
 

diff --git a/...napi/src/main/java/software/amazon/smithy/openapi/fromsmithy/security/AwsV4Converter.java b/...napi/src/main/java/software/amazon/smithy/openapi/fromsmithy/security/AwsV4Converter.java
@@ -49,7 +49,7 @@ public SecurityScheme createSecurityScheme(Context<? extends Trait> context, Sig
     }
 
     @Override
-    public Set<String> getAuthRequestHeaders() {
+    public Set<String> getAuthRequestHeaders(SigV4Trait trait) {
         return REQUEST_HEADERS;
     }
 }
diff --git a/...main/java/software/amazon/smithy/openapi/fromsmithy/security/HttpApiKeyAuthConverter.java b/...main/java/software/amazon/smithy/openapi/fromsmithy/security/HttpApiKeyAuthConverter.java
@@ -15,11 +15,13 @@
 
 package software.amazon.smithy.openapi.fromsmithy.security;
 
+import java.util.Set;
 import software.amazon.smithy.model.traits.HttpApiKeyAuthTrait;
 import software.amazon.smithy.model.traits.Trait;
 import software.amazon.smithy.openapi.fromsmithy.Context;
 import software.amazon.smithy.openapi.fromsmithy.SecuritySchemeConverter;
 import software.amazon.smithy.openapi.model.SecurityScheme;
+import software.amazon.smithy.utils.SetUtils;
 
 /**
  * Uses an HTTP header named X-Api-Key that contains an API key.
@@ -42,4 +44,9 @@ public SecurityScheme createSecurityScheme(Context<? extends Trait> context, Htt
                 .in(trait.getIn().toString())
                 .build();
     }
+
+    @Override
+    public Set<String> getAuthRequestHeaders(HttpApiKeyAuthTrait trait) {
+        return SetUtils.of(trait.getName());
+    }
 }
diff --git a/.../java/software/amazon/smithy/openapi/fromsmithy/security/HttpApiKeyAuthConverterTest.java b/.../java/software/amazon/smithy/openapi/fromsmithy/security/HttpApiKeyAuthConverterTest.java
@@ -1,9 +1,13 @@
 package software.amazon.smithy.openapi.fromsmithy.security;
 
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsInAnyOrder;
+
 import org.junit.jupiter.api.Test;
 import software.amazon.smithy.model.Model;
 import software.amazon.smithy.model.node.Node;
 import software.amazon.smithy.model.shapes.ShapeId;
+import software.amazon.smithy.model.traits.HttpApiKeyAuthTrait;
 import software.amazon.smithy.openapi.fromsmithy.OpenApiConverter;
 import software.amazon.smithy.openapi.model.OpenApi;
 import software.amazon.smithy.utils.IoUtils;
@@ -22,4 +26,15 @@ public void addsCustomApiKeyAuth() {
 
         Node.assertEquals(result, expectedNode);
     }
+
+    @Test
+    public void returnsTraitHeader() {
+        HttpApiKeyAuthConverter converter = new HttpApiKeyAuthConverter();
+        HttpApiKeyAuthTrait trait = HttpApiKeyAuthTrait.builder()
+                .name("x-api-key")
+                .in(HttpApiKeyAuthTrait.Location.HEADER)
+                .build();
+
+        assertThat(converter.getAuthRequestHeaders(trait), containsInAnyOrder("x-api-key"));
+    }
 }
diff --git a/...t/resources/software/amazon/smithy/openapi/fromsmithy/security/http-api-key-security.json b/...t/resources/software/amazon/smithy/openapi/fromsmithy/security/http-api-key-security.json
@@ -12,7 +12,7 @@
             "traits": {
                 "aws.protocols#restJson1": true,
                 "smithy.api#httpApiKeyAuth": {
-                    "name": "X-Api-Key",
+                    "name": "x-api-key",
                     "in": "header"
                 }
             }

diff --git a/...ces/software/amazon/smithy/openapi/fromsmithy/security/http-api-key-security.openapi.json b/...ces/software/amazon/smithy/openapi/fromsmithy/security/http-api-key-security.openapi.json
@@ -20,7 +20,7 @@
         "securitySchemes": {
             "smithy.api#httpApiKeyAuth": {
                 "type": "apiKey",
-                "name": "X-Api-Key",
+                "name": "x-api-key",
                 "in": "header"
             }
         }