Hotfix: addParametersFromSecurity on assertHttpResponseForOperation

ovr · ovr · commit aba05d46b92c · 2018-01-24T11:23:40.000+09:00
diff --git a/src/SwaggerWrapper.php b/src/SwaggerWrapper.php
@@ -77,39 +77,47 @@ protected function prepareOperation(Operation $operation)
         $operation = clone $operation;
         $operation->path = $this->swagger->basePath . $operation->path;
 
-        /**
-         * I don't known How will be better
-         * But I am going to add a new required Parameter to check this in Request Scheme
-         */
         if ($operation->security) {
-            foreach ($operation->security as $security) {
-                parent::assertInternalType(
-                    'array',
-                    $security,
-                    'Operation->security must be array of objects'
-                );
+            $this->addParametersFromSecurity($operation);
+        }
 
-                $name = key($security);
+        return $operation;
+    }
 
-                $securityDefinition = $this->getSecurityByName($name);
-                parent::assertInternalType(
-                    'object',
-                    $securityDefinition,
-                    "Unknown security definition {$name}"
-                );
 
-                $operation->parameters[] = new Parameter(
-                    [
-                        'name' => $securityDefinition->name,
-                        'in' => $securityDefinition->in,
-                        'description' => $securityDefinition->description,
-                        'required' => true
-                    ]
-                );
-            }
-        }
+    /**
+     * I don't known How will be better
+     * But I am going to add a new required Parameter to check this in Request Scheme
+     *
+     * @param Operation $operation
+     */
+    protected function addParametersFromSecurity(Operation $operation)
+    {
+        foreach ($operation->security as $security) {
+            parent::assertInternalType(
+                'array',
+                $security,
+                'Operation->security must be array of objects'
+            );
 
-        return $operation;
+            $name = key($security);
+
+            $securityDefinition = $this->getSecurityByName($name);
+            parent::assertInternalType(
+                'object',
+                $securityDefinition,
+                "Unknown security definition {$name}"
+            );
+
+            $operation->parameters[] = new Parameter(
+                [
+                    'name' => $securityDefinition->name,
+                    'in' => $securityDefinition->in,
+                    'description' => $securityDefinition->description,
+                    'required' => true
+                ]
+            );
+        }
     }
 
     /**
@@ -208,6 +216,11 @@ public function findResponseByStatusCode(Operation $path, $statusCode = 200)
      */
     public function assertHttpResponseForOperation(Response $httpResponse, Operation $path, $statusCode = 200)
     {
+        // User can mutate Operation->security, and we should re-enable it
+        if ($path->security) {
+            $this->addParametersFromSecurity($path);
+        }
+
         $response = $this->findResponseByStatusCode($path, $statusCode);
         if ($response) {
             return $this->assertHttpResponseForOperationResponse(
