PAS-580 | Use OpenApiSecurityRequirement instead of headers for auth (#…

…739)
bitwarden · Oct 1, 2024 · 1e05cbb · 1e05cbb
1 parent 7dd581f
commit 1e05cbb
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 9 deletions.
diff --git a/src/Api/OpenApi/Filters/AuthorizationOperationFilter.cs b/src/Api/OpenApi/Filters/AuthorizationOperationFilter.cs
@@ -20,6 +20,21 @@ public void Apply(OpenApiOperation operation, OperationFilterContext context)
         switch (policy.AuthenticationSchemes.SingleOrDefault())
         {
             case Constants.PublicKeyAuthenticationScheme:
+                operation.Security.Add(new OpenApiSecurityRequirement
+                {
+                    {
+                        new OpenApiSecurityScheme
+                        {
+                            Reference = new OpenApiReference
+                            {
+                                Type = ReferenceType.SecurityScheme,
+                                Id = Constants.PublicKeyAuthenticationScheme
+                            }
+                        },
+                        []
+                    }
+                });
+
                 operation.Parameters.Add(new OpenApiParameter
                 {
                     Name = Constants.PublicKeyHeaderName,
@@ -35,17 +50,18 @@ public void Apply(OpenApiOperation operation, OperationFilterContext context)
                 });
                 break;
             case Constants.SecretKeyAuthenticationScheme:
-                operation.Parameters.Add(new OpenApiParameter
+                operation.Security.Add(new OpenApiSecurityRequirement
                 {
-                    Name = Constants.SecretKeyHeaderName,
-                    In = ParameterLocation.Header,
-                    Required = true,
-                    Schema = new OpenApiSchema
                     {
-                        Description = "Your private API key",
-                        Example = new OpenApiString("yourappid:secret:00000000000000000000000000000000"),
-                        Nullable = false,
-                        Type = "string"
+                        new OpenApiSecurityScheme
+                        {
+                            Reference = new OpenApiReference
+                            {
+                                Type = ReferenceType.SecurityScheme,
+                                Id = Constants.SecretKeyAuthenticationScheme
+                            }
+                        },
+                        []
                     }
                 });
                 break;

diff --git a/src/Api/OpenApi/OpenApiBootstrap.cs b/src/Api/OpenApi/OpenApiBootstrap.cs
@@ -24,6 +24,25 @@ public static void AddOpenApi(this IServiceCollection services)
             swagger.OperationFilter<AuthorizationOperationFilter>();
             swagger.OperationFilter<ExtendedStatusDescriptionsOperationFilter>();
             swagger.OperationFilter<ExternalDocsOperationFilter>();
+
+            swagger.AddSecurityDefinition(Constants.PublicKeyAuthenticationScheme, new OpenApiSecurityScheme
+            {
+                Description = "Front-end integrations",
+                Type = SecuritySchemeType.ApiKey,
+                Name = Constants.PublicKeyHeaderName,
+                Scheme = Constants.PublicKeyAuthenticationScheme,
+                In = ParameterLocation.Header
+            });
+
+            swagger.AddSecurityDefinition(Constants.SecretKeyAuthenticationScheme, new OpenApiSecurityScheme
+            {
+                Description = "Back-end integrations",
+                Type = SecuritySchemeType.ApiKey,
+                Name = Constants.SecretKeyHeaderName,
+                Scheme = Constants.SecretKeyAuthenticationScheme,
+                In = ParameterLocation.Header
+            });
+
             swagger.SupportNonNullableReferenceTypes();
             swagger.SwaggerDoc("v4", new OpenApiInfo
             {