Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

How to validate securityScheme #193

Open
gohelkiran opened this issue Mar 16, 2023 · 1 comment
Open

How to validate securityScheme #193

gohelkiran opened this issue Mar 16, 2023 · 1 comment

Comments

@gohelkiran
Copy link

Get this error when securityScheme set with header

Osteel\OpenApi\Testing\Exceptions\ValidationException: None of security schemas did match for Request [get /operation/{operationUuid}]

Defined security scheme as Bearer header

securitySchemes:
  X-Session:
    scheme: bearer
    bearerFormat: ''
    type: http
    description: Bearer Session Token
    x-last-modified: 1668326446280

and when validating request with below code
$validator->validate($request, '/permissions/{permissionUuid}', 'GET');

It gives this error

Osteel\OpenApi\Testing\Exceptions\ValidationException: None of security schemas did match for Request [get /operation/{operationUuid}]

/web/vendor/osteel/openapi-httpfoundation-testing/src/Exceptions/ValidationException.php:32
/web/vendor/osteel/openapi-httpfoundation-testing/src/Validator.php:70
/web/tests/TestCase/Action/Operation/OperationTest.php:83

Caused by
League\OpenAPIValidation\PSR7\Exception\Validation\InvalidSecurity: None of security schemas did match for Request [get /operation/{operationUuid}]

/web/vendor/league/openapi-psr7-validator/src/PSR7/Exception/Validation/AddressValidationFailed.php:39
/web/vendor/league/openapi-psr7-validator/src/PSR7/Exception/Validation/InvalidSecurity.php:24
/web/vendor/league/openapi-psr7-validator/src/PSR7/Validators/SecurityValidator.php:80
/web/vendor/league/openapi-psr7-validator/src/PSR7/Validators/SecurityValidator.php:53
/web/vendor/league/openapi-psr7-validator/src/PSR7/Validators/ValidatorChain.php:25
/web/vendor/league/openapi-psr7-validator/src/PSR7/RoutedServerRequestValidator.php:49
/web/vendor/osteel/openapi-httpfoundation-testing/src/Validator.php:68
/web/tests/TestCase/Permission/OperationTest.php:83

Is there support to add headers to validator request? If yes than how to add headers and if there is no support than how to validate request with security scheme.

Your environment

php 8.0
openapi 3.0
@trip-somers
Copy link

I just ran into this problem because we are using this package as middleware and couldn't figure out why a missing Authorization header was causing a 422 in our app instead of a 401.

Your request is most likely missing either the Authorization header or the 'Bearer' portion of its value.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@trip-somers @gohelkiran