Check for authorization header.

It appears that Swagger-UI correctly sets an authorization header when added in the interface (api key field). However, if the endpoint has the option "authorizations" set with "oauth2", it will override the value. See ruby-grape#13.
sunnyrjuneja · Aug 19, 2015 · fdb02c4 · fdb02c4
1 parent c7a512e
commit fdb02c4
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 4 deletions.
diff --git a/spec/dummy/app/api/api.rb b/spec/dummy/app/api/api.rb
@@ -26,5 +26,10 @@ class API < Grape::API
     request.params.as_json
   end
 
+  desc 'Get Authorization header.', authorizations: { oauth2: [] }
+  get '/authorization' do
+    request.headers.slice('Authorization').as_json
+  end
+
   add_swagger_documentation
 end
diff --git a/spec/dummy/config/initializers/swagger.rb b/spec/dummy/config/initializers/swagger.rb
@@ -1,3 +1,6 @@
 GrapeSwaggerRails.options.url = '/api/swagger_doc'
 GrapeSwaggerRails.options.app_name = 'Swagger'
 GrapeSwaggerRails.options.app_url  = 'http://localhost:3000'
+GrapeSwaggerRails.options.api_auth     = 'bearer'
+GrapeSwaggerRails.options.api_key_name = 'Authorization'
+GrapeSwaggerRails.options.api_key_type = 'header'
diff --git a/spec/features/swagger_spec.rb b/spec/features/swagger_spec.rb
@@ -49,8 +49,8 @@
       it 'adds an Authorization header' do
         page.execute_script("$('#input_apiKey').val('username:password')")
         page.execute_script("$('#input_apiKey').trigger('change')")
-        find('#endpointListTogger_headers', visible: true).click
-        first('a[href="#!/headers/GET_api_headers_format"]', visible: true).click
+        find('#endpointListTogger_authorization', visible: true).click
+        first('a[href="#!/authorization/GET_api_authorization_format"]', visible: true).click
         click_button 'Try it out!'
         expect(page).to have_css 'span.attribute', text: 'Authorization'
         expect(page).to have_css 'span.string', text: "Basic #{Base64.encode64('username:password').strip}"
@@ -66,8 +66,8 @@
       it 'adds an Authorization header' do
         page.execute_script("$('#input_apiKey').val('token')")
         page.execute_script("$('#input_apiKey').trigger('change')")
-        find('#endpointListTogger_headers', visible: true).click
-        first('a[href="#!/headers/GET_api_headers_format"]', visible: true).click
+        find('#endpointListTogger_authorization', visible: true).click
+        first('a[href="#!/authorization/GET_api_authorization_format"]', visible: true).click
         click_button 'Try it out!'
         expect(page).to have_css 'span.attribute', text: 'Authorization'
         expect(page).to have_css 'span.string', text: 'Bearer token'