Rswag: Authorization header 出现在查询参数中
Rswag: Authorization header appeared in query parameter
版本:rswag (2.0.5),rspec (3.8.0)
环境:Rails5.2.3,Ruby2.4.5
第一次用,卡在授权header一天。
这是我所做的:
# in spec/swagger_helper.rb
config.swagger_docs = {
'api/v1/swagger.json' => {
swagger: '2.0',
info: {
title: 'API V1',
version: 'v1'
},
paths: {},
securityDefinitions: {
JWT: {
description: 'the jwt for API auth',
type: :apiKey,
name: 'Authorization',
in: :header
}
}
}
}
# in spec/integration/api/v1/nodes_spec.rb
path '/api/v1/nodes' do
get 'Get all servers' do
tags TAGS_NODE
produces 'application/json'
security [JWT: {}]
parameter name: :searchString, in: :query, type: :string
parameter name: :searchColumn, in: :query, type: :string
#parameter name: 'Authorization', :in => :header, :type => :string
let(:nodes) { create_list(:node_list, 32) }
response '200', 'Servers found' do
let(:'Authorization') { "Bearer #{gen_jwt}" }
let(:searchString) { 'test' }
let(:searchColumn) { ';Name;' }
run_test! do |repsonse|
data = JSON.parse(response.body)
puts data
end
end
end
end
预期:'Bearer ....' 设置为 'Authorization' header
实际:在测试日志中,我发现:
[INFO] [2019-09-29 01:11:13 UTC] [anony] [no session] [no req] [other other]Started GET "/api/v1/nodes?searchString =test&searchColumn=;Name;¶ms&headers[HTTP_AUTHORIZATION]=Bearer+eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1Njk3NjI2NzMsImVtYWlsIjoidGVzdEBpYm0uY29tIiwib3JnYW5pemF0aW9ucyI6WyJ0ZXN0X29yZzEiLCJvcmcyIl0sInJvbGVzIjpbImNjX2NvbnNvbGVfYWRtaW4iLCJyb2xlMiJdLCJpbnZlbnRvcnkiOlsidGVzdF9pbnYiXX0.eenTMWUy6kSHO58_kLKoKWmNjvQ9i5TU9ex4Ou-ausE&headers[ HTTP_ACCEPT]=application%2Fjson" for 127.0.0.1 at 2019-09-29 01:11:13 +0000
[INFO] [2019-09-29 01:11:13 UTC] [anony] [no session] [no req] [other other]Api::V1::NodesController#index as HTML 处理
……
[DEBUG] [2019-09-29 01:11:13 UTC] [anony] [no session] [no req] [other other] 通过 JWT 令牌验证....
[ERROR] [2019-09-29 01:11:13 UTC] [anony] [no session] [no req] [other other]请求中未包含 JWT 令牌
在日志中被标记为粗体,查询参数中出现了'Authorization'和'Accept'header,应该是httpheader s,因此无法从代码中的 header 检索到任何 JWT 令牌。
我也尝试过不使用securityDefinition,而是在header中指定一个参数如下:参数名称:'Authorization', :in => :header, :type => :细绳。也没用。
不确定我错过了什么配置,或者我做错了什么?谢谢!
更新: 好像跟其他gems冲突有关?我又尝试创建一个新的 Rails 5 api 应用程序,仅添加 rspec 和 rswag 宝石,并使用简单的测试用例 运行,它成功了!
这是我的 Gemfile:
source 'https://rubygems.org'
git_source(:github) { |repo| "https://github.com/#{repo}.git" }
ruby '2.4.5'
gem 'rails', '5.2.3'
gem 'puma', '3.11'
gem 'bootsnap', '1.1.0', require: false
group :development, :test do
# Call 'byebug' anywhere in the code to stop execution and get a debugger console
gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
end
group :development do
gem 'listen', '>= 3.0.5', '< 3.2'
end
group :test do
# Test framework
gem "rspec-rails"
gem "database_cleaner", '1.6.0'
gem "simplecov"
gem "simplecov-rcov"
gem "factory_bot_rails", '5.1.0'
gem "ci_reporter_rspec"
gem "faker"
end
# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
gem 'pg', '1.1.4'
gem 'delayed_job_active_record', '4.1.3'
gem 'delayed_job_worker_pool', '0.2.3'
gem 'dalli', '2.7.8'
gem 'ruby-kafka', '0.7.5'
gem 'active_model_serializers', '0.10.10'
gem 'will_paginate', '3.1.7'
gem 'rest-client', '1.8.0'
gem 'symmetric-encryption', '4.3.0', require: false
gem 'unicorn', '5.2.0'
gem 'rubyzip', '1.2.2'
gem 'jwt', '2.2.1'
gem 'rubyXL', '3.3.30'
gem 'apartment', '2.2.1'
gem 'rswag', '2.0.5'
[已解决]
似乎不适用于 Rack::Test::Methods
它在删除辅助文件中的“include Rack::Test::Methods”行后起作用,之前添加该行是为了使用 'get' 来测试 API。
似乎不适用于 Rack::Test::Methods
它在删除辅助文件中的“include Rack::Test::Methods”行后起作用,之前添加该行是为了使用 'get' 测试 API。
版本:rswag (2.0.5),rspec (3.8.0)
环境:Rails5.2.3,Ruby2.4.5
第一次用,卡在授权header一天。 这是我所做的:
# in spec/swagger_helper.rb
config.swagger_docs = {
'api/v1/swagger.json' => {
swagger: '2.0',
info: {
title: 'API V1',
version: 'v1'
},
paths: {},
securityDefinitions: {
JWT: {
description: 'the jwt for API auth',
type: :apiKey,
name: 'Authorization',
in: :header
}
}
}
}
# in spec/integration/api/v1/nodes_spec.rb
path '/api/v1/nodes' do
get 'Get all servers' do
tags TAGS_NODE
produces 'application/json'
security [JWT: {}]
parameter name: :searchString, in: :query, type: :string
parameter name: :searchColumn, in: :query, type: :string
#parameter name: 'Authorization', :in => :header, :type => :string
let(:nodes) { create_list(:node_list, 32) }
response '200', 'Servers found' do
let(:'Authorization') { "Bearer #{gen_jwt}" }
let(:searchString) { 'test' }
let(:searchColumn) { ';Name;' }
run_test! do |repsonse|
data = JSON.parse(response.body)
puts data
end
end
end
end
预期:'Bearer ....' 设置为 'Authorization' header 实际:在测试日志中,我发现:
[INFO] [2019-09-29 01:11:13 UTC] [anony] [no session] [no req] [other other]Started GET "/api/v1/nodes?searchString =test&searchColumn=;Name;¶ms&headers[HTTP_AUTHORIZATION]=Bearer+eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE1Njk3NjI2NzMsImVtYWlsIjoidGVzdEBpYm0uY29tIiwib3JnYW5pemF0aW9ucyI6WyJ0ZXN0X29yZzEiLCJvcmcyIl0sInJvbGVzIjpbImNjX2NvbnNvbGVfYWRtaW4iLCJyb2xlMiJdLCJpbnZlbnRvcnkiOlsidGVzdF9pbnYiXX0.eenTMWUy6kSHO58_kLKoKWmNjvQ9i5TU9ex4Ou-ausE&headers[ HTTP_ACCEPT]=application%2Fjson" for 127.0.0.1 at 2019-09-29 01:11:13 +0000 [INFO] [2019-09-29 01:11:13 UTC] [anony] [no session] [no req] [other other]Api::V1::NodesController#index as HTML 处理 …… [DEBUG] [2019-09-29 01:11:13 UTC] [anony] [no session] [no req] [other other] 通过 JWT 令牌验证.... [ERROR] [2019-09-29 01:11:13 UTC] [anony] [no session] [no req] [other other]请求中未包含 JWT 令牌
在日志中被标记为粗体,查询参数中出现了'Authorization'和'Accept'header,应该是httpheader s,因此无法从代码中的 header 检索到任何 JWT 令牌。
我也尝试过不使用securityDefinition,而是在header中指定一个参数如下:参数名称:'Authorization', :in => :header, :type => :细绳。也没用。
不确定我错过了什么配置,或者我做错了什么?谢谢!
更新: 好像跟其他gems冲突有关?我又尝试创建一个新的 Rails 5 api 应用程序,仅添加 rspec 和 rswag 宝石,并使用简单的测试用例 运行,它成功了! 这是我的 Gemfile:
source 'https://rubygems.org'
git_source(:github) { |repo| "https://github.com/#{repo}.git" }
ruby '2.4.5'
gem 'rails', '5.2.3'
gem 'puma', '3.11'
gem 'bootsnap', '1.1.0', require: false
group :development, :test do
# Call 'byebug' anywhere in the code to stop execution and get a debugger console
gem 'byebug', platforms: [:mri, :mingw, :x64_mingw]
end
group :development do
gem 'listen', '>= 3.0.5', '< 3.2'
end
group :test do
# Test framework
gem "rspec-rails"
gem "database_cleaner", '1.6.0'
gem "simplecov"
gem "simplecov-rcov"
gem "factory_bot_rails", '5.1.0'
gem "ci_reporter_rspec"
gem "faker"
end
# Windows does not include zoneinfo files, so bundle the tzinfo-data gem
gem 'tzinfo-data', platforms: [:mingw, :mswin, :x64_mingw, :jruby]
gem 'pg', '1.1.4'
gem 'delayed_job_active_record', '4.1.3'
gem 'delayed_job_worker_pool', '0.2.3'
gem 'dalli', '2.7.8'
gem 'ruby-kafka', '0.7.5'
gem 'active_model_serializers', '0.10.10'
gem 'will_paginate', '3.1.7'
gem 'rest-client', '1.8.0'
gem 'symmetric-encryption', '4.3.0', require: false
gem 'unicorn', '5.2.0'
gem 'rubyzip', '1.2.2'
gem 'jwt', '2.2.1'
gem 'rubyXL', '3.3.30'
gem 'apartment', '2.2.1'
gem 'rswag', '2.0.5'
[已解决] 似乎不适用于 Rack::Test::Methods
它在删除辅助文件中的“include Rack::Test::Methods”行后起作用,之前添加该行是为了使用 'get' 来测试 API。
似乎不适用于 Rack::Test::Methods
它在删除辅助文件中的“include Rack::Test::Methods”行后起作用,之前添加该行是为了使用 'get' 测试 API。