Fix no security for a specific operation

src/parser/security.js

@@ -9,13 +9,18 @@ import _ from 'lodash-es';
 export const parseSecurity = (operation, spec, securityHandlers) => {
   const securitySchemes = spec?.components?.securitySchemes;
   const globalSecurity = spec?.security;
-  const securityRequirements = operation?.security || globalSecurity;
+  const securityRequirements = operation?.security || globalSecurity || [];
 
   // Check if security schemes and operation security are defined in the spec
-  if (!securitySchemes || Object.keys(securitySchemes).length === 0 || !securityRequirements) {
+  if (!securitySchemes || Object.keys(securitySchemes).length === 0 || securityRequirements.length === 0) {
     return;
   }
 
+  // TODO: Handle optional security
+  // security:
+  //    - {}   # <----
+  //    - api_key: []
+
   // Prepare security blocks
   const securityBlocks = securityRequirements.map(requirement => {
     return Object.keys(requirement).map(schemeName => {
@@ -132,6 +137,7 @@ export const validateSecurity = async (options, spec) => {
           .find(s => !s.ok && !!s.error)
           .value();
 
+        // TODO: Handle the error in a better way
         throw failed.error;
       })
   };

src/parser/security.test.js

@@ -100,6 +100,18 @@ describe('security - parseSecurity', () => {
     expectTypeOf(parseSecurity({}, { components, security: [{ foo: [] }] })).toBeFunction();
   });
 
+  it('should return undefined if `security` is disabled in operation', async () => {
+    const components = {
+      securitySchemes: {
+        OAuth2: { type: 'oauth2' }
+      }
+    };
+
+    const onRequest = parseSecurity({ security: [] }, { components, security: [{ OAuth2: [] }] });
+
+    expect(onRequest).toBeUndefined();
+  });
+
   it('should normalize data to empty object when security handler not returned', async () => {
     const request = { [DECORATOR_NAME]: {} };
     const components = {