Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incorrect validation of openIdConnect server security definition #431

Closed
Tracked by #953
jonaslagoni opened this issue Oct 9, 2023 · 1 comment
Closed
Tracked by #953

Incorrect validation of openIdConnect server security definition #431

jonaslagoni opened this issue Oct 9, 2023 · 1 comment
Labels
bug Something isn't working

Comments

@jonaslagoni
Copy link
Member

How to Reproduce

Using the test document in the CLI exposed a bug when servers define the following security:

      - type: openIdConnect
        openIdConnectUrl: openIdConnectUrl
        scopes:
        - 'some:scope:1'
        - 'some:scope:2'

Full document:

asyncapi: 3.0.0
id: 'urn:example:com:smartylighting:streetlights:server'
info:
  title: AsyncAPI Sample App
  version: 1.0.1
  description: This is a sample app.
  termsOfService: 'https://asyncapi.com/terms/'
  contact:
    name: API Support
    url: 'https://www.asyncapi.com/support'
    email: [email protected]
  license:
    name: Apache 2.0
    url: 'https://www.apache.org/licenses/LICENSE-2.0.html'
  tags:
    - name: e-commerce
    - name: another-tag
      description: Description...
  externalDocs:
    description: Find more info here
    url: 'https://www.asyncapi.com'
defaultContentType: application/json
servers:
  default:
    host: 'api.streetlights.smartylighting.com:{port}'
    protocol: mqtt
    description: Test broker
    variables:
      port:
        description: Secure connection (TLS) is available through port 8883.
        default: '1883'
        enum:
          - '1883'
          - '8883'
    security:
      - $ref: '#/components/securitySchemes/apiKey'
      - type: oauth2
        flows:
          implicit:
            authorizationUrl: 'https://example.com/api/oauth/dialog'
            availableScopes:
              'write:pets': modify pets in your account
              'read:pets': read your pets
        scopes:
          - 'write:pets'
      - type: openIdConnect
        openIdConnectUrl: openIdConnectUrl
        scopes:
        - 'some:scope:1'
        - 'some:scope:2'
  production:
    host: 'api.streetlights.smartylighting.com:{port}'
    pathname: /some/path
    protocol: mqtt
    description: Test broker
    variables:
      port:
        description: Secure connection (TLS) is available through port 8883.
        default: '1883'
        enum:
          - '1883'
          - '8883'
    security:
      - $ref: '#/components/securitySchemes/apiKey'
  withProtocol:
    host: 'api.streetlights.smartylighting.com:{port}'
    pathname: /some/path
    protocol: mqtt
    description: Test broker
    variables:
      port:
        description: Secure connection (TLS) is available through port 8883.
        default: '1883'
        enum:
          - '1883'
          - '8883'
    security:
      - $ref: '#/components/securitySchemes/apiKey'
channels:
  'smartylighting/streetlights/1/0/event/{streetlightId}/lighting/measured':
    address: 'smartylighting/streetlights/1/0/event/{streetlightId}/lighting/measured'
    messages:
      lightMeasured.message:
        payload:
          type: object
    servers:
      - $ref: '#/servers/production'
    parameters:
      streetlightId:
        $ref: '#/components/parameters/streetlightId'
  'smartylighting/streetlights/1/0/action/{streetlightId}/turn/on':
    address: 'smartylighting/streetlights/1/0/action/{streetlightId}/turn/on'
    messages:
      publish.message:
        $ref: '#/components/messages/lightMeasured'
      subscribe.message.0:
        $ref: '#/components/messages/turnOnOff'
      customMessageId:
        messageId: customMessageId
        payload:
          type: object
      subscribe.message.2:
        payload:
          type: object
      subscribe.message.3:
        $ref: 'https://example.com/message'
    servers:
      - $ref: '#/servers/default'
      - $ref: '#/servers/production'
    parameters:
      streetlightId:
        $ref: '#/components/parameters/streetlightId'
  customChannelId:
    address: 'smartylighting/streetlights/1/0/action/{streetlightId}/turn/off'
    messages:
      turnOnOff.message:
        $ref: '#/components/messages/turnOnOff'
    parameters:
      streetlightId:
        $ref: '#/components/parameters/streetlightId'
    x-channelId: customChannelId
  'smartylighting/streetlights/1/0/action/{streetlightId}/dim':
    address: 'smartylighting/streetlights/1/0/action/{streetlightId}/dim'
    messages:
      dimLight.message:
        $ref: '#/components/messages/dimLight'
    parameters:
      streetlightId:
        $ref: '#/components/parameters/streetlightId'
operations:
  lightMeasured:
    action: receive
    channel:
      $ref: >-
        #/channels/smartylighting~1streetlights~11~10~1event~1{streetlightId}~1lighting~1measured
    messages:
      - $ref: >-
          #/channels/smartylighting~1streetlights~11~10~1event~1{streetlightId}~1lighting~1measured/messages/lightMeasured.message
  'smartylighting/streetlights/1/0/action/{streetlightId}/turn/on.publish':
    action: receive
    channel:
      $ref: >-
        #/channels/smartylighting~1streetlights~11~10~1action~1{streetlightId}~1turn~1on
    messages:
      - $ref: '#/components/messages/lightMeasured'
  'smartylighting/streetlights/1/0/action/{streetlightId}/turn/on.subscribe':
    action: send
    channel:
      $ref: >-
        #/channels/smartylighting~1streetlights~11~10~1action~1{streetlightId}~1turn~1on
    messages:
      - $ref: '#/components/messages/turnOnOff'
      - $ref: >-
          #/channels/smartylighting~1streetlights~11~10~1action~1{streetlightId}~1turn~1on/messages/customMessageId
      - $ref: >-
          #/channels/smartylighting~1streetlights~11~10~1action~1{streetlightId}~1turn~1on/messages/subscribe.message.2
      - $ref: 'https://example.com/message'
  turnOnOff:
    action: send
    channel:
      $ref: '#/channels/customChannelId'
    messages:
      - $ref: '#/components/messages/turnOnOff'
  dimLight:
    action: send
    channel:
      $ref: >-
        #/channels/smartylighting~1streetlights~11~10~1action~1{streetlightId}~1dim
    security:
      - type: oauth2
        flows:
          implicit:
            authorizationUrl: 'https://example.com/api/oauth/dialog'
            availableScopes:
              'write:pets': modify pets in your account
              'read:pets': read your pets
        scopes:
          - 'write:pets'
    messages:
      - $ref: '#/components/messages/dimLight'
components:
  messages:
    lightMeasured:
      summary: >-
        Inform about environmental lighting conditions for a particular
        streetlight.
      payload:
        $ref: '#/components/schemas/lightMeasuredPayload'
    turnOnOff:
      summary: Command a particular streetlight to turn the lights on or off.
      payload:
        $ref: '#/components/schemas/turnOnOffPayload'
    dimLight:
      summary: Command a particular streetlight to dim the lights.
      payload:
        $ref: '#/components/schemas/dimLightPayload'
  schemas:
    lightMeasuredPayload:
      type: object
      properties:
        lumens:
          type: integer
          minimum: 0
          description: Light intensity measured in lumens.
        sentAt:
          $ref: '#/components/schemas/sentAt'
    turnOnOffPayload:
      type: object
      properties:
        command:
          type: string
          enum:
            - 'on'
            - 'off'
          description: Whether to turn on or off the light.
        sentAt:
          $ref: '#/components/schemas/sentAt'
    dimLightPayload:
      type: object
      properties:
        percentage:
          type: integer
          description: Percentage to which the light should be dimmed to.
          minimum: 0
          maximum: 100
        sentAt:
          $ref: '#/components/schemas/sentAt'
    sentAt:
      type: string
      format: date-time
      description: Date and time when the message was sent.
  securitySchemes:
    apiKey:
      type: apiKey
      in: user
      description: Provide your API key as the user and leave the password empty.
    flows:
      type: oauth2
      flows:
        implicit:
          authorizationUrl: 'https://example.com/api/oauth/dialog'
          availableScopes:
            'write:pets': modify pets in your account
            'read:pets': read your pets
    openIdConnect:
      type: openIdConnect
      openIdConnectUrl: openIdConnectUrl
    unusedFlows:
      type: oauth2
      flows:
        implicit:
          authorizationUrl: 'https://example.com/api/oauth/dialog'
          availableScopes:
            'write:pets': modify pets in your account
            'read:pets': read your pets
  parameters:
    streetlightId:
      description: The ID of the streetlight.

I have not checked whether it works for v2.

Expected behavior

Expected this to be a valid document.
@jonaslagoni jonaslagoni added the bug Something isn't working label Oct 9, 2023
@fmvilas fmvilas mentioned this issue Oct 10, 2023
Closed
13 tasks
@fmvilas
Copy link
Member

fmvilas commented Oct 10, 2023

Closing as it's working as expected. @jonaslagoni just didn't read the error properly 😂

@fmvilas fmvilas closed this as completed Oct 10, 2023
@fmvilas fmvilas closed this as not planned Won't fix, can't repro, duplicate, stale Oct 10, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fmvilas @jonaslagoni