Skip to content

No "security" same as empty "security" #33

Closed
@jdomenechb

Description

@jdomenechb

I have an example of contract that has the following structure (summerized to highlight the relevant):

# [...]
paths:
  /path/one:
    post:
      # [...]
      security: []

  /path/two:
    post:
      # [...]
      # No security entry defined there

components:
  securitySchemes:
    Bearer:
      type: http
      scheme: bearer
      bearerFormat: JWT

security:
  - Bearer: []

Theoreticaly, I expect:

  • In /path/one:
    • __isset() in the Operation object returns true, and __get() returns empty array.
  • In /path/two:
    • __isset() in the Operation object returns false, and __get() returns either empty array or null.
    • Alternativelly, I also might expect __isset() to return false, but __get() return the default security defined at contract root level. I consider this possibility as it is a solution similar like how references work in the scope of this library.

However, the problem is that what I actually get in both paths, is __isset() = true and __get() = empty array. As I get the same result in both, there is no way to determine that /path/one does not have at all security (and therefore, could be called directly), and that /path/two has default security.

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions