diff --git a/test/secured-by.json b/test/secured-by.json index deb2861..d7186ac 100644 --- a/test/secured-by.json +++ b/test/secured-by.json @@ -29,6 +29,42 @@ }, "displayName": "oauth_2_0" }, + "oauth_2_0_withscopes": { + "name": "oauth_2_0_withscopes", + "type": "OAuth 2.0", + "describedBy": { + "headers": [ + { + "name": "Authorization", + "displayName": "Authorization", + "typePropertyKind": "TYPE_EXPRESSION", + "type": "string", + "required": true, + "key": "Authorization" + } + ], + "responses": [ + { + "code": "401", + "description": "Invalid or expired token." + } + ] + }, + "settings": { + "accessTokenUri": "/token", + "authorizationGrants": [ + "client_credentials" + ], + "scopes": [ + "add-a", + "remove-a", + "add-b", + "remove-b", + "read-c" + ] + }, + "displayName": "oauth_2_0_withscopes" + }, "custom_scheme": { "name": "custom_scheme", "type": "x-custom", @@ -109,6 +145,19 @@ ], "method": "post", "allUriParameters": [] + }, + { + "securedBy": [ + { + "schemeName": "oauth_2_0_withscopes", + "scopes": [ + "remove-b" + ] + }, + null + ], + "method": "delete", + "allUriParameters": [] } ], "relativeUri": "/B", @@ -126,7 +175,10 @@ { "securedBy": [ { - "schemeName": "oauth_2_0" + "schemeName": "oauth_2_0_withscopes", + "scopes": [ + "read-c" + ] }, { "schemeName": "custom_scheme" diff --git a/test/secured-by.raml b/test/secured-by.raml index 2ed46f5..d4e4533 100644 --- a/test/secured-by.raml +++ b/test/secured-by.raml @@ -13,6 +13,18 @@ securitySchemes: settings: accessTokenUri: /token authorizationGrants: [ client_credentials ] + oauth_2_0_withscopes: + type: OAuth 2.0 + describedBy: + headers: + Authorization: string + responses: + 401: + description: Invalid or expired token. + settings: + accessTokenUri: /token + authorizationGrants: [ client_credentials ] + scopes: [ add-a, remove-a, add-b, remove-b, read-c ] custom_scheme: description: | A custom security scheme for authenticating requests. @@ -43,7 +55,9 @@ securitySchemes: securedBy: [ oauth_2_0 ] post: securedBy: [ oauth_2_0, null ] + delete: + securedBy: [ oauth_2_0_withscopes: { scopes: [ remove-b ] }, null ] /C: get: - securedBy: [ oauth_2_0, custom_scheme ] + securedBy: [ oauth_2_0_withscopes: { scopes: [ read-c ] }, custom_scheme ] diff --git a/test/secured-by.spec.js b/test/secured-by.spec.js index b7047dd..4a9b0f4 100644 --- a/test/secured-by.spec.js +++ b/test/secured-by.spec.js @@ -45,12 +45,24 @@ describe('raml2obj', () => { assert.strictEqual(B.methods[1].securedBy[0].schemeName, 'oauth_2_0'); assert.strictEqual(B.methods[1].securedBy[1], null); + assert.strictEqual(B.methods[2].securedBy.constructor, Array); + assert.strictEqual(B.methods[2].securedBy.length, 2); + assert.strictEqual(B.methods[2].securedBy[0], Object(B.methods[2].securedBy[0])); + assert.strictEqual(B.methods[2].securedBy[0].schemeName, 'oauth_2_0_withscopes'); + assert.strictEqual(B.methods[2].securedBy[0].scopes.constructor, Array); + assert.strictEqual(B.methods[2].securedBy[0].scopes.length, 1); + assert.strictEqual(B.methods[2].securedBy[0].scopes[0], 'remove-b'); + assert.strictEqual(B.methods[2].securedBy[1], null); + const C = obj.resources[2]; assert.strictEqual(C.methods[0].securedBy.constructor, Array); assert.strictEqual(C.methods[0].securedBy.length, 2); assert.strictEqual(C.methods[0].securedBy[0], Object(C.methods[0].securedBy[0])); - assert.strictEqual(C.methods[0].securedBy[0].schemeName, 'oauth_2_0'); + assert.strictEqual(C.methods[0].securedBy[0].schemeName, 'oauth_2_0_withscopes'); + assert.strictEqual(C.methods[0].securedBy[0].scopes.constructor, Array); + assert.strictEqual(C.methods[0].securedBy[0].scopes.length, 1); + assert.strictEqual(C.methods[0].securedBy[0].scopes[0], 'read-c'); assert.strictEqual(C.methods[0].securedBy[1], Object(C.methods[0].securedBy[1])); assert.strictEqual(C.methods[0].securedBy[1].schemeName, 'custom_scheme'); });