I have a RAML 1.0 type definition:
types:
uuid: string
url: string
html: string
Credentials:
description: Authentication credentials for a user
type: object
properties:
userName: string
password: string
With an endpoint definition that takes the object as a POST JSON body:
/login:
is: [mobile]
displayName: Authentication
post:
description: Login
body:
application/json:
type: Credentials
If I import it into Paw, my endpoints are shown, but the custom type's fields are not correctly shown as a JSON object; instead, a "JSF" label is shown which then shows a popup which seems to indicate that the schema is not correctly referenced:
Should this work in the current version of Paw (3.1.3) with RAML 1.0? Are there changes to my RAML file I can make that will allow it to be imported correctly?
Thanks!
Related
I am using Remote URL option which reaches out to remote web server to retrieve needed data. Simply using this,
https://rundeck:test#myserver.com works. However, I would like to pass the password in secure way so...
Option 1 uses 'Secure pass input' and pass is retrieved from key storage, however the password is then not added to the remote URL in
Option 2, which uses Remote URL, https://rundeck:${option.password.value}#myserver.com. My remote servers receives the password as ${option.password.value} and not the actual password value retrieved in Option 1. I understand that Secure Remote Authentication can't be used in Options, however i don't believe I have seen restrictions on what I want to do with Secure † Password input in Rundeck's docs.
Lastly, typing in the password in Secure † Password input option does add the password to the mentioned URL above. I have tested and verified that ${option.password.value} value can be passed in a job's step, that part works. However, it does not appear to work in cascading options.
Currently, secure options values are not expanded as a part of remote options, you can suggest it here (similar to this). Alternatively, you can create a specific custom plugin for that.
Another approach is to design a workflow that uses the HTTP Workflow Step Plugin (passing your secure password as a part of the authentication in the URL) to access the web service + JQ Filter to generate the desired data, then in another/step you can get that data using data variables.
Like this:
- defaultTab: nodes
description: ''
executionEnabled: true
id: 7f34f7ff-c4a3-4616-a2aa-0df491450366
loglevel: INFO
name: HTTP
nodeFilterEditable: false
options:
- name: mypass
secure: true
storagePath: keys/password
valueExposed: true
plugins:
ExecutionLifecycle: null
scheduleEnabled: true
sequence:
commands:
- configuration:
authentication: None
checkResponseCode: 'false'
method: GET
printResponse: 'true'
printResponseToFile: 'false'
proxySettings: 'false'
remoteUrl: https://user:${option.mypass}#myserver.com
sslVerify: 'true'
timeout: '30000'
nodeStep: false
plugins:
LogFilter:
- config:
filter: .
logData: 'true'
prefix: result
type: json-mapper
type: edu.ohio.ais.rundeck.HttpWorkflowStepPlugin
- exec: echo "name 2 is ${data.Name2}"
keepgoing: false
strategy: node-first
uuid: 7f34f7ff-c4a3-4616-a2aa-0df491450366
I'm using API Platform v2.2.5 in a Symfony 4 Flex application, consisting of a functioning API with JWT Authentication, a number of resources and the default Open API/Swagger documentation page that is accessible via the /api route. Each API resource is included in the documentation automatically via the platform configuration, as per the library docs.
How do you generate documentation for custom operations such as the security component's auth routes? The API Platform Documentation does not seem to include these instructions.
I found the answer thanks to this comment in a Github issue. Since I am using YAML for resource configuration I had to translate, the example for the auth/login endpoint;
App\Entity\User:
collectionOperations:
auth:
route_name: auth
swagger_context:
parameters:
-
name: username
required: true
type: string
description: "User's username or email address"
-
name: password
required: true
type: string
description: "User's password"
responses:
200:
description: "Successful login attempt, returning a new token"
schema:
type: object
required:
- username
- password
properties:
username:
type: string
password:
type: string
summary: Performs a login attempt, returning a valid token on success
consumes:
- "application/json"
- "application/ld-json"
produces:
- "application/ld-json"
Update: its openapi_contex instead of swagger_contex for openapi/swagger v3.
I have an entire API deployed and accessible with Swagger UI. It uses Basic Auth over HTTPS, and one can easily hit the Authorize button and enter credentials and things work great with the nice Try it out! feature.
However, I would like to make a public sandboxed version of the API with a shared username and password, that is always authenticated; that is, no one should ever have to bring up the authorization dialog to enter credentials.
I tried to enter an authorization based on the answer from another Stack Overflow question by putting the following code inside a script element on the HTML page:
window.swaggerUi.load();
swaggerUi.api.clientAuthorizations.add("key",
new SwaggerClient.ApiKeyAuthorization(
"Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ=", "header"));
However, when I hit the Try it out! button the authorization is not used.
What would be the proper way to go about globally setting the auth header on all endpoints, so that no user has to enter the credentials manually?
(I know that might sound like a weird question, but like I mention, it is a public username/password.)
If you use Swagger UI v.3.13.0 or later, you can use the following methods to authorize the endpoints automatically:
preauthorizeBasic – for Basic auth
preauthorizeApiKey – for API keys and OpenAPI 3.x Bearer auth
To use these methods, the corresponding security schemes must be defined in your API definition. For example:
openapi: 3.0.0
...
components:
securitySchemes:
basicAuth:
type: http
scheme: basic
api_key:
type: apiKey
in: header
name: X-Api-Key
bearerAuth:
type: http
scheme: bearer
security:
- basicAuth: []
- api_key: []
- bearerAuth: []
Call preauthorizeNNN from the onComplete handler, like so:
// index.html
const ui = SwaggerUIBundle({
url: "https://my.api.com/swagger.yaml",
...
onComplete: function() {
// Default basic auth
ui.preauthorizeBasic("basicAuth", "username", "password");
// Default API key
ui.preauthorizeApiKey("api_key", "abcde12345");
// Default Bearer token
ui.preauthorizeApiKey("bearerAuth", "your_bearer_token");
}
})
In this example, "basicAuth", "api_key", and "bearerAuth" are the keys name of the security schemes as specified in the API definition.
I found a solution, using PasswordAuthorization instead of ApiKeyAuthorization.
The correct thing to do is to add the following line into the onComplete handler:
swaggerUi.api.clientAuthorizations.add("basicAuth",
new SwaggerClient.PasswordAuthorization(
"8939927d-4b8a-4a69-81e4-8290a83fd2e7",
"fbb7a689-2bb7-4f26-8697-d15c27ec9d86"));
swaggerUi is passed to the callback so this is the value to use. Also, make sure the name of your auth object matches the name in the YAML file.
I have an object in my definitions section that needs to have a property named security, but when i do this the swagger editor gives me the error message:
Semantic error at definitions.User.properties.security.properties
security requirements must match a security definition
Jump to line 49
Here's my definition
definitions:
Security:
type: object
properties:
name:
type: string
User:
type: object
required:
- can
- username
properties:
can:
type: integer
readOnly: true
username:
type: string
format: email
readOnly: true
security:
$ref: '#/definitions/Security'
Is there anything I can do this and avoid the error?
This bug was fixed in Swagger Editor 3.2.0+ back in 2017.
The issue was that model properties named security were incorrectly flagged as part of security definitions. Actually security should be treated as a reserved keyword only when used on the global level or path level; it's OK to have a model property named security.
Seems like a bug in Swagger Editor that needs to be reported. What you have is perfectly fine with Old Swagger Editor whereas the new Swagger Editor is reporting the issue you mentioned.
I have also seen this tool that lets you build visually your API definitions and then export them to swagger (or import):
https://apibldr.com
Perhaps it can help you build your API definitions.
I need implement RESTful API for my site on symfony 2, so i use FOSRestBundle + JMSSerializerBundle
I have such serializer yml for my entity:
Acme\DemoBundle\Entity\Product:
exclusion_policy: ALL
accessor_order: custom
custom_accessor_order: [id, title]
properties:
id:
expose: true
title:
expose: true
virtual_properties:
getMainPhoto:
serialized_name: photo
The problem is that getMainPhoto return me url to full sized image. I want preprocess this url before sending response to api client where i can generate new url to resized version of such image. I already have service in sf2 which can do this job:
$resized_url = $someService->generateResizedUrl($item->getMainPhoto(), 640, 480);
But i don't know how can i use this service with JMSSerializer. Maybe there is some callbacks for FOSRestBundle\JMSSerializerBundle just before it send response?
Have a look at the documentation. There are is a number of events and/or annotations you can use to hook into the serialization process.
You can exclude the original url, and then add the resized url using http://jmsyst.com/libs/serializer/master/event_system#serializer-post-serialize event.
You have to write a listener that listen when "Product" instances are serialized.