Class: OpenAPIParser::Schemas::SecuritySchemes

Inherits:

Base

• Object
• Base
• OpenAPIParser::Schemas::SecuritySchemes

Defined in:

lib/openapi_parser/schemas/classes.rb,
lib/openapi_parser/schemas/security_schemes.rb

Instance Attribute Summary

Attributes inherited from Base

#object_reference, #parent, #raw_schema, #root

Instance Method Summary

• #validate_security_schemes(securityScheme, headers) ⇒ Object

Methods inherited from Base

#after_init, #initialize, #inspect

Methods included from Expandable

#expand_reference

Methods included from Findable

#find_object, #purge_object_cache

Methods included from Parser

#_openapi_all_child_objects, #_update_child_object, included, #load_data

Constructor Details

This class inherits a constructor from OpenAPIParser::Schemas::Base

Instance Method Details

#validate_security_schemes(securityScheme, headers) ⇒ Object

# File 'lib/openapi_parser/schemas/security_schemes.rb', line 8

def validate_security_schemes(securityScheme, headers)
  if self.type == "http" && self.scheme == "bearer" && self.bearer_format == "JWT"
    raise "need authorization" unless headers["AUTHORIZATION"]
    raise "not bearer" unless headers["AUTHORIZATION"].split[0] == "Bearer"

    # check if the JWT token is being sent and try to decode.
    # if JWT token does not exist or token cannot decode, then deny access
    token = headers["AUTHORIZATION"].split[1]
    JWT.decode token, nil, false
  end
end