diff --git a/src/Plugin/openapi/OpenApiGenerator/JsonApiGenerator.php b/src/Plugin/openapi/OpenApiGenerator/JsonApiGenerator.php index 71466fa..fa5f798 100644 --- a/src/Plugin/openapi/OpenApiGenerator/JsonApiGenerator.php +++ b/src/Plugin/openapi/OpenApiGenerator/JsonApiGenerator.php @@ -3,6 +3,7 @@ namespace Drupal\openapi\Plugin\openapi\OpenApiGenerator; use Drupal\openapi\Plugin\openapi\OpenApiGeneratorBase; +use Drupal\Core\Authentication\AuthenticationCollectorInterface; use Drupal\Core\Config\ConfigFactoryInterface; use Drupal\Core\Config\Entity\ConfigEntityTypeInterface; use Drupal\Core\Entity\ContentEntityTypeInterface; @@ -87,13 +88,15 @@ class JsonApiGenerator extends OpenApiGeneratorBase { * The current request stack. * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory * The configuration object factory. + * @param \Drupal\Core\Authentication\AuthenticationCollectorInterface $authentication_collector + * The authentication collector. * @param \Drupal\Core\Extension\ModuleHandlerInterface $module_handler * The module handler service. * @param \Drupal\Core\ParamConverter\ParamConverterManagerInterface $param_converter_manager * The parameter converter manager service. */ - public function __construct(array $configuration, $plugin_id, $plugin_definition, EntityTypeManagerInterface $entity_type_manager, RouteProviderInterface $routing_provider, EntityFieldManagerInterface $field_manager, SchemaFactory $schema_factory, SerializerInterface $serializer, RequestStack $request_stack, ConfigFactoryInterface $config_factory, ModuleHandlerInterface $module_handler, ParamConverterManagerInterface $param_converter_manager) { - parent::__construct($configuration, $plugin_id, $plugin_definition, $entity_type_manager, $routing_provider, $field_manager, $schema_factory, $serializer, $request_stack, $config_factory); + public function __construct(array $configuration, $plugin_id, $plugin_definition, EntityTypeManagerInterface $entity_type_manager, RouteProviderInterface $routing_provider, EntityFieldManagerInterface $field_manager, SchemaFactory $schema_factory, SerializerInterface $serializer, RequestStack $request_stack, ConfigFactoryInterface $config_factory, AuthenticationCollectorInterface $authentication_collector, ModuleHandlerInterface $module_handler, ParamConverterManagerInterface $param_converter_manager) { + parent::__construct($configuration, $plugin_id, $plugin_definition, $entity_type_manager, $routing_provider, $field_manager, $schema_factory, $serializer, $request_stack, $config_factory, $authentication_collector); $this->moduleHandler = $module_handler; $this->paramConverterManager = $param_converter_manager; } @@ -113,6 +116,7 @@ class JsonApiGenerator extends OpenApiGeneratorBase { $container->get('serializer'), $container->get('request_stack'), $container->get('config.factory'), + $container->get('authentication_collector'), $container->get('module_handler'), $container->get('paramconverter_manager') ); @@ -165,6 +169,14 @@ class JsonApiGenerator extends OpenApiGeneratorBase { $path_method['parameters'] = $this->getMethodParameters($route, $resource_type, $method); $path_method['tags'] = [$this->getBundleTag($entity_type_id, $bundle_name)]; $path_method['responses'] = $this->getEntityResponses($entity_type_id, $method, $bundle_name, $route_name); + /* + * @TODO: #2977109 - Calculate oauth scopes required. + * + * if (array_key_exists('oauth2', $path_method['security'])) { + * ... + * } + */ + $api_path[$method] = $path_method; } // Each path contains the "base path" from a OpenAPI perspective. diff --git a/src/Plugin/openapi/OpenApiGenerator/RestGenerator.php b/src/Plugin/openapi/OpenApiGenerator/RestGenerator.php index faf530d..3e2afbe 100644 --- a/src/Plugin/openapi/OpenApiGenerator/RestGenerator.php +++ b/src/Plugin/openapi/OpenApiGenerator/RestGenerator.php @@ -32,52 +32,6 @@ class RestGenerator extends OpenApiGeneratorBase { use RestInspectionTrait; /** - * RestGenerator constructor. - * - * @param array $configuration - * Plugin configuration. - * @param string $plugin_id - * Unique plugin id. - * @param array|mixed $plugin_definition - * Plugin instance definition. - * @param \Drupal\Core\Entity\EntityTypeManagerInterface $entity_type_manager - * The entity type manager. - * @param \Drupal\Core\Routing\RouteProviderInterface $routing_provider - * The routing provider. - * @param \Drupal\Core\Entity\EntityFieldManagerInterface $field_manager - * The field manager. - * @param \Drupal\schemata\SchemaFactory $schema_factory - * The schema factory. - * @param \Symfony\Component\Serializer\SerializerInterface $serializer - * The serializer. - * @param \Symfony\Component\HttpFoundation\RequestStack $request_stack - * The current request stack. - * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory - * The configuration object factory. - */ - public function __construct(array $configuration, $plugin_id, $plugin_definition, EntityTypeManagerInterface $entity_type_manager, RouteProviderInterface $routing_provider, EntityFieldManagerInterface $field_manager, SchemaFactory $schema_factory, SerializerInterface $serializer, RequestStack $request_stack, ConfigFactoryInterface $config_factory) { - parent::__construct($configuration, $plugin_id, $plugin_definition, $entity_type_manager, $routing_provider, $field_manager, $schema_factory, $serializer, $request_stack, $config_factory); - } - - /** - * {@inheritdoc} - */ - public static function create(ContainerInterface $container, array $configuration, $plugin_id, $plugin_definition) { - return new static( - $configuration, - $plugin_id, - $plugin_definition, - $container->get('entity_type.manager'), - $container->get('router.route_provider'), - $container->get('entity_field.manager'), - $container->get('schemata.schema_factory'), - $container->get('serializer'), - $container->get('request_stack'), - $container->get('config.factory') - ); - } - - /** * Return resources for non-entity resources. * * @return \Symfony\Component\HttpFoundation\JsonResponse @@ -171,26 +125,6 @@ class RestGenerator extends OpenApiGeneratorBase { } /** - * Gets available security definitions. - * - * @return array - * The security definitions. - */ - public function getSecurityDefinitions() { - // @todo Determine definitions from available auth. - return [ - 'csrf_token' => [ - 'type' => 'apiKey', - 'name' => 'X-CSRF-Token', - 'in' => 'header', - ], - 'basic_auth' => [ - 'type' => 'basic', - ], - ]; - } - - /** * Get tags. */ public function getTags() { @@ -267,7 +201,7 @@ class RestGenerator extends OpenApiGeneratorBase { $path_method_spec['operationId'] = $resource_plugin->getPluginId() . ":" . $method; $path_method_spec['schemes'] = [$this->request->getScheme()]; - $path_method_spec['security'] = $this->getSecurity($resource_config, $method, $formats); + $path_method_spec['security'] = $this->getResourceSecurity($resource_config, $method, $formats); $api_paths[$path][$open_api_method] = $path_method_spec; } } @@ -447,12 +381,17 @@ class RestGenerator extends OpenApiGeneratorBase { * * @see http://swagger.io/specification/#securityDefinitionsObject */ - protected function getSecurity(RestResourceConfigInterface $resource_config, $method, array $formats) { + public function getResourceSecurity(RestResourceConfigInterface $resource_config, $method, array $formats) { $security = []; foreach ($resource_config->getAuthenticationProviders($method) as $auth) { switch ($auth) { case 'basic_auth': - $security[] = ['basic_auth' => []]; + case 'cookie': + case 'oauth': + case 'oauth2': + // @TODO: #2977109 - Calculate oauth scopes required. + $security[] = [$auth => []]; + break; } } // @todo Handle tokens that need to be set in headers. diff --git a/src/Plugin/openapi/OpenApiGeneratorBase.php b/src/Plugin/openapi/OpenApiGeneratorBase.php index 895c565..35db84a 100644 --- a/src/Plugin/openapi/OpenApiGeneratorBase.php +++ b/src/Plugin/openapi/OpenApiGeneratorBase.php @@ -3,6 +3,7 @@ namespace Drupal\openapi\Plugin\openapi; use Drupal\Component\Plugin\PluginBase; +use Drupal\Core\Authentication\AuthenticationCollectorInterface; use Drupal\Core\Config\ConfigFactoryInterface; use Drupal\Core\Config\Entity\ConfigEntityTypeInterface; use Drupal\Core\Entity\ContentEntityTypeInterface; @@ -94,6 +95,13 @@ abstract class OpenApiGeneratorBase extends PluginBase implements OpenApiGenerat protected $options; /** + * The configuration object factory. + * + * @var \Drupal\Core\Authentication\AuthenticationCollectorInterface + */ + protected $authenticationCollector; + + /** * OpenApiGeneratorBase constructor. * * @param array $configuration @@ -116,8 +124,10 @@ abstract class OpenApiGeneratorBase extends PluginBase implements OpenApiGenerat * The current request stack. * @param \Drupal\Core\Config\ConfigFactoryInterface $config_factory * The configuration object factory. + * @param \Drupal\Core\Authentication\AuthenticationCollectorInterface $authentication_collector + * The authentication collector. */ - public function __construct(array $configuration, $plugin_id, $plugin_definition, EntityTypeManagerInterface $entity_type_manager, RouteProviderInterface $routing_provider, EntityFieldManagerInterface $field_manager, SchemaFactory $schema_factory, SerializerInterface $serializer, RequestStack $request_stack, ConfigFactoryInterface $config_factory) { + public function __construct(array $configuration, $plugin_id, $plugin_definition, EntityTypeManagerInterface $entity_type_manager, RouteProviderInterface $routing_provider, EntityFieldManagerInterface $field_manager, SchemaFactory $schema_factory, SerializerInterface $serializer, RequestStack $request_stack, ConfigFactoryInterface $config_factory, AuthenticationCollectorInterface $authentication_collector) { parent::__construct($configuration, $plugin_id, $plugin_definition); $this->label = $this->getPluginDefinition()["label"]; @@ -128,6 +138,7 @@ abstract class OpenApiGeneratorBase extends PluginBase implements OpenApiGenerat $this->serializer = $serializer; $this->request = $request_stack->getCurrentRequest(); $this->configFactory = $config_factory; + $this->authenticationCollector = $authentication_collector; $this->options = []; } @@ -145,7 +156,8 @@ abstract class OpenApiGeneratorBase extends PluginBase implements OpenApiGenerat $container->get('schemata.schema_factory'), $container->get('serializer'), $container->get('request_stack'), - $container->get('config.factory') + $container->get('config.factory'), + $container->get('authentication_collector') ); } @@ -193,6 +205,7 @@ abstract class OpenApiGeneratorBase extends PluginBase implements OpenApiGenerat 'host' => $this->request->getHttpHost(), 'basePath' => empty($basePath) ? '/' : $basePath, 'securityDefinitions' => $this->getSecurityDefinitions(), + 'security' => $this->getSecurity(), 'tags' => $this->getTags(), 'definitions' => $this->getDefinitions(), 'consumes' => $this->getConsumes(), @@ -236,7 +249,66 @@ abstract class OpenApiGeneratorBase extends PluginBase implements OpenApiGenerat * {@inheritdoc} */ public function getSecurityDefinitions() { - return []; + $auth_providers = $this->authenticationCollector->getSortedProviders(); + $security_definitions = []; + + foreach ($auth_providers as $provider => $info) { + $def = [ + 'type' => 'unknown', + 'description' => 'Unknown Authentication Provider', + ]; + $base_url = $this->request->getSchemeAndHttpHost() . '/' . $this->request->getBasePath(); + switch($provider) { + case 'basic_auth': + $def = [ + 'type' => 'basic' + ]; + break; + case 'cookie': + $def = [ + 'type' => 'cookie', + 'in' => 'cookie', + 'name' => 'JSESSIONID', + ]; + break; + case 'oauth': + $def = [ + 'type' => 'oauth1', + 'flow' => 'implicit', + 'authorizationUrl' => $base_url . 'authenticate', + 'tokenUrl' => $base_url . 'oauth/access_token', + 'x-requestUrl' => $base_url . 'request_token', + ]; + break; + case 'oauth2': + $def = [ + 'type' => 'oauth2', + 'flow' => 'password', + 'tokenUrl' => $base_url . 'oauth/token', + ]; + break; + } + $security_definitions[$provider] = $def; + } + + // Core's CSRF token doesn't have an auth provider. + $security_definitions['csrf_token'] = [ + 'type' => 'apiKey', + 'name' => 'X-CSRF-Token', + 'in' => 'header', + 'tokenUrl' => $base_url . 'user/token', + ]; + + return $security_definitions; + } + + public function getSecurity() { + // @TODO: #2977109 - Calculate oauth scopes required. + $security = []; + foreach (array_keys($this->getSecurityDefinitions()) as $method) { + $security[$method] = []; + } + return $security; } /** diff --git a/src/Plugin/openapi/OpenApiGeneratorInterface.php b/src/Plugin/openapi/OpenApiGeneratorInterface.php index b648c39..8d1a413 100644 --- a/src/Plugin/openapi/OpenApiGeneratorInterface.php +++ b/src/Plugin/openapi/OpenApiGeneratorInterface.php @@ -52,6 +52,17 @@ interface OpenApiGeneratorInterface { public function getBasePath(); /** + * Returns a list of valid security types for the api. + * + * Values of returned array will be empty, except for OAuth2 definitions, for + * which the required scopes should be returned. + * + * @return array + * An array where keys correspond to a security scheme. + */ + public function getSecurity(); + + /** * Get a list a valid security method definitions. * * Returned schema should be similar to the below structure. diff --git a/tests/src/Functional/RequestTest.php b/tests/src/Functional/RequestTest.php index ee16dcc..e828d46 100644 --- a/tests/src/Functional/RequestTest.php +++ b/tests/src/Functional/RequestTest.php @@ -74,6 +74,7 @@ class RequestTest extends BrowserTestBase { 'openapi', 'rest', 'openapi_test', + 'basic_auth', ]; /** @@ -293,6 +294,18 @@ class RequestTest extends BrowserTestBase { } } + // Validate that all security definitions are valid, and have a provider. + $security_definitions = $decoded_response['securityDefinitions']; + $auth_providers = $this->container->get('authentication_collector')->getSortedProviders(); + $supported_security_types = ['basic', 'apiKey', 'cookie', 'oauth', 'oauth2']; + foreach ($security_definitions as $definition_id => $definition) { + if ($definition_id !== 'csrf_token') { + // CSRF Token will never have an auth collector, all others shoud. + $this->assertTrue(array_key_exists($definition_id, $auth_providers), 'Security definition ' . $definition_id . ' not an auth collector.'); + } + $this->assertTrue(in_array($definition['type'], $supported_security_types), 'Security definition schema ' . $definition_id . ' has invalid type '. $definition['type']); + } + // Test paths for valid tags, schema, security, and definitions. $paths = &$decoded_response['paths']; $tag_names = array_column($tags, 'name'); @@ -304,18 +317,18 @@ class RequestTest extends BrowserTestBase { $all_method_tags = array_merge($all_method_tags, $method_schema['tags']); $this->assertTrue(empty($missing_tags), 'Method ' . $method . ' for ' . $path . ' has invalid tag(s): ' . implode(', ', $missing_tags)); - // The security and scheme indexes are not present for jsonapi. - // @TODO: #2940412 - Define schemes and security for jsonapi. - if ($api_module !== 'jsonapi') { - // Ensure all request schemes are defined. + // Ensure all request schemes are defined. + if (isset($method_schema['schemes'])) { $missing_schemas = array_diff($method_schema['schemes'], $decoded_response['schemes']); $this->assertTrue(empty($missing_schemas), 'Method ' . $method . ' for ' . $path . ' has invalid scheme(s): ' . implode(', ', $missing_schemas)); + } + $response_security_types = array_keys($decoded_response['securityDefinitions']); + if (isset($method_schema['security'])) { foreach ($method_schema['security'] as $security_definitions) { $security_types = array_keys($security_definitions); - $response_security_types = array_keys($decoded_response['securityDefinitions']); $missing_security_types = array_diff($security_types, $response_security_types); - $this->assertTrue(empty($missing_security_types), 'Method ' . $method . ' for ' . $path . ' has invalid security type(s): ' . implode(', ', $missing_security_types)); + $this->assertTrue(empty($missing_security_types), 'Method ' . $method . ' for ' . $path . ' has invalid security type(s): ' . implode(', ', $missing_security_types) . ' + ' . implode(', ', $security_types) . ' + ' . implode(', ', $response_security_types)); }; }