fixes security test order #456
Conversation
|
i just saw that this migh be related to #419 |
| @@ -4,7 +4,8 @@ | |||
| "description": "Various tools for using and integrating with Swagger.", | |||
| "main": "index.js", | |||
| "scripts": { | |||
| "test": "gulp" | |||
| "test": "gulp", | |||
| "test-debug": "node --debug-brk node_modules/.bin/gulp" | |||
There was a problem hiding this comment.
This could be a separate commit, also "test": "gulp" could be updated to use node node_modules/.bin/gulp if/when you do it.
There was a problem hiding this comment.
I would rather not change the default test-command to explicit call the gulp script. npm should take care of script path resolution.
the reason i do manually for test-debug is because gulp has no option to enable node's debug mode. this is more of a workaround than a reliable solution i think.
There was a problem hiding this comment.
In that case, I'm cool with keeping this part as-is.
ghost
force-pushed
the
master
branch
2 times, most recently
from
448357d
to
3f26ae5
Compare
|
ok, this pull request only contains the security order stuff. i made separate pull requests for docker-compose and test-debug, as you wished. thanks for all the work |
|
Do you mind removing the Thanks for your contribution, and your patience with my review. As soon as you get this taken care of, I'll merge all 3 PRs from you. |
* added tests for delayed security functions * modified OR sequence to async.mapSeries * modified tests securityDef to resolve delayed
|
ok, no problem. |
|
Thanks for your help. |
this pull request fixes the security testing order. Imagine a security-setup like this
I want to process the security definitions in order so that satisfying client_credentials AND user_credentials always wins.
Appearently this does not resolve reliable until now since the security middleware invokes the security handlers with
async.map()so that both OR-sets are tried to resolve in parallel, so that sometimes wins the first, sometimes the second.In my usecase i save client- and user-credentials to the request-object so that i do not have to do it again in the controller. with this pull request i changed the implementation to work sequentially for the OR-set by using
async.mapSeriesinstead ofasync.map. this ensures that testing the first set has to finish in order to test the second one. also the second set is never invoked if the first satisfys successfully.i hope i could make myself clear. feel free to include the docker-stuff. i find it convenient, but not necessary.