Check for authorization header.

It appears that Swagger-UI correctly sets an authorization header when added in the interface (api key field). However, if the endpoint has the option "authorizations" set with "oauth2", it will override the value. See #13.
ruby-grape · Aug 19, 2015 · fdb02c4 · fdb02c4
1 parent c7a512e
commit fdb02c4
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 4 deletions.
diff --git a/spec/dummy/app/api/api.rb b/spec/dummy/app/api/api.rb
@@ -26,5 +26,10 @@ class API < Grape::API
     request.params.as_json
   end
 
+  desc 'Get Authorization header.', authorizations: { oauth2: [] }
+  get '/authorization' do
+    request.headers.slice('Authorization').as_json
+  end
+
   add_swagger_documentation
 end
diff --git a/spec/dummy/config/initializers/swagger.rb b/spec/dummy/config/initializers/swagger.rb
@@ -1,3 +1,6 @@
 GrapeSwaggerRails.options.url = '/api/swagger_doc'
 GrapeSwaggerRails.options.app_name = 'Swagger'
 GrapeSwaggerRails.options.app_url  = 'http://localhost:3000'
+GrapeSwaggerRails.options.api_auth     = 'bearer'
+GrapeSwaggerRails.options.api_key_name = 'Authorization'
+GrapeSwaggerRails.options.api_key_type = 'header'
diff --git a/spec/features/swagger_spec.rb b/spec/features/swagger_spec.rb
@@ -49,8 +49,8 @@
       it 'adds an Authorization header' do
         page.execute_script("$('#input_apiKey').val('username:password')")
         page.execute_script("$('#input_apiKey').trigger('change')")
-        find('#endpointListTogger_headers', visible: true).click
-        first('a[href="#!/headers/GET_api_headers_format"]', visible: true).click
+        find('#endpointListTogger_authorization', visible: true).click
+        first('a[href="#!/authorization/GET_api_authorization_format"]', visible: true).click
         click_button 'Try it out!'
         expect(page).to have_css 'span.attribute', text: 'Authorization'
         expect(page).to have_css 'span.string', text: "Basic #{Base64.encode64('username:password').strip}"
@@ -66,8 +66,8 @@
       it 'adds an Authorization header' do
         page.execute_script("$('#input_apiKey').val('token')")
         page.execute_script("$('#input_apiKey').trigger('change')")
-        find('#endpointListTogger_headers', visible: true).click
-        first('a[href="#!/headers/GET_api_headers_format"]', visible: true).click
+        find('#endpointListTogger_authorization', visible: true).click
+        first('a[href="#!/authorization/GET_api_authorization_format"]', visible: true).click
         click_button 'Try it out!'
         expect(page).to have_css 'span.attribute', text: 'Authorization'
         expect(page).to have_css 'span.string', text: 'Bearer token'