Added reqest back to security validation callback

hkarlstrom · hkarlstrom · commit 6728f43de15e · 2023-10-05T08:56:31.000+03:00
diff --git a/README.md b/README.md
@@ -95,11 +95,11 @@ $options = [
 ```
 
 #### validateSecurity
-If defined, the callback can return Psr\Http\Message\ResponseInterface if the operation is not allowed. `$type` can be none, http or apiKey.
+If defined, the callback can return Psr\Http\Message\ResponseInterface if the operation is not allowed. `$type` can be `none`, `http` or `apiKey`.
 
 ```php
 $options = [
-    'validateSecurity' => function (string $type, string $token = '', ?array $scopes) : ?\Psr\Http\Message\ResponseInterface {
+    'validateSecurity' => function (ServerRequestInterface $request, string $type, string $token = '', ?array $scopes) : ?\Psr\Http\Message\ResponseInterface {
         // if user is authorized
         return null;
 
diff --git a/src/OpenApiValidation.php b/src/OpenApiValidation.php
@@ -81,13 +81,12 @@ public function __construct($schema, array $options = [])
         }
 
         $this->validator = new Validator();
-        $this->validator->setMaxErrors(99); 
+        $this->validator->setMaxErrors(99);
 
         $this->formatResolver = $this->validator->parser()->getFormatResolver();
 
         // Password validator only checks that it's a string, as format=password only is a hint to the UI
-        $this->formatResolver->register("string", "password", new OpenApiValidation\Formats\PasswordValidator());
-
+        $this->formatResolver->register('string', 'password', new OpenApiValidation\Formats\PasswordValidator());
     }
 
     public function addFormat(string $type, string $name, \Opis\JsonSchema\Format $format)
@@ -160,7 +159,9 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface
     public function validateSecurity(string $path, string $method, ServerRequestInterface $request) : ?ResponseInterface
     {
         $securityRequirements = $this->openapi->getOperationSecurity($path, $method);
-        if (!count($securityRequirements)) return null;
+        if (!count($securityRequirements)) {
+            return null;
+        }
 
         $callback = $this->options['validateSecurity'];
 
@@ -174,7 +175,7 @@ public function validateSecurity(string $path, string $method, ServerRequestInte
                         if ($authorizationHeader) {
                             // Remove basic or bearer
                             $token = str_replace(ucwords($securitySceme->scheme).' ', '', $authorizationHeader);
-                            return $callback('http', $token, $scopes);
+                            return $callback($request, 'http', $token, $scopes);
                         }
                         break;
                     case 'apiKey':
@@ -192,7 +193,7 @@ public function validateSecurity(string $path, string $method, ServerRequestInte
                                 break;
                         }
                         if ($token) {
-                            return $callback('apiKey', $token, $scopes);
+                            return $callback($request, 'apiKey', $token, $scopes);
                         }
                         break;
                 }
@@ -431,7 +432,7 @@ private function validateProperties(array $properties) : ?array
             }
             if (isset($result) && $result->hasError()) {
                 $error = $this->parseErrors($result->error(), $property->name, $property->in, $property);
-            
+
                 foreach ($error as $parsedError) {
                     // As all query param values are strings type errors should be discarded
                     $discard = false;
@@ -451,7 +452,7 @@ private function validateProperties(array $properties) : ?array
                     }
                 }
             }
-            }
+        }
 
         return $errors;
     }
@@ -467,7 +468,7 @@ private function validateObject(array $schema, string $value) : array
         try {
             $value  = json_decode($value);
             $schema = json_decode(json_encode($schema, JSON_PRESERVE_ZERO_FRACTION));
-            $result = $this->validator->validate($value, $schema,);
+            $result = $this->validator->validate($value, $schema, );
         } catch (Exception $e) {
             return [[
                 'name'    => 'server',
@@ -591,7 +592,7 @@ private function error(int $code, string $message, array $errors = []) : Respons
         return $response->withBody((new StreamFactory())->createStream(json_encode($json, JSON_PRESERVE_ZERO_FRACTION)));
     }
 
-    private function parseErrors(ValidationError $error, $name = null, $in = null, ?Property $property = null ) : array
+    private function parseErrors(ValidationError $error, $name = null, $in = null, ?Property $property = null) : array
     {
         $errors = [];
         if ($error->subErrors()) {

Original file line number	Diff line number	Diff line change
`@@ -81,13 +81,12 @@ public function __construct($schema, array $options = [])`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`$this->validator = new Validator();`
`84`		`- $this->validator->setMaxErrors(99);`
	`84`	`+ $this->validator->setMaxErrors(99);`
`85`	`85`
`86`	`86`	`$this->formatResolver = $this->validator->parser()->getFormatResolver();`
`87`	`87`
`88`	`88`	`// Password validator only checks that it's a string, as format=password only is a hint to the UI`
`89`		`- $this->formatResolver->register("string", "password", new OpenApiValidation\Formats\PasswordValidator());`
`90`		`-`
	`89`	`+ $this->formatResolver->register('string', 'password', new OpenApiValidation\Formats\PasswordValidator());`
`91`	`90`	`}`
`92`	`91`
`93`	`92`	`public function addFormat(string $type, string $name, \Opis\JsonSchema\Format $format)`
`@@ -160,7 +159,9 @@ public function process(ServerRequestInterface $request, RequestHandlerInterface`
`160`	`159`	`public function validateSecurity(string $path, string $method, ServerRequestInterface $request) : ?ResponseInterface`
`161`	`160`	`{`
`162`	`161`	`$securityRequirements = $this->openapi->getOperationSecurity($path, $method);`
`163`		`- if (!count($securityRequirements)) return null;`
	`162`	`+ if (!count($securityRequirements)) {`
	`163`	`+ return null;`
	`164`	`+ }`
`164`	`165`
`165`	`166`	`$callback = $this->options['validateSecurity'];`
`166`	`167`
`@@ -174,7 +175,7 @@ public function validateSecurity(string $path, string $method, ServerRequestInte`
`174`	`175`	`if ($authorizationHeader) {`
`175`	`176`	`// Remove basic or bearer`
`176`	`177`	`$token = str_replace(ucwords($securitySceme->scheme).' ', '', $authorizationHeader);`
`177`		`- return $callback('http', $token, $scopes);`
	`178`	`+ return $callback($request, 'http', $token, $scopes);`
`178`	`179`	`}`
`179`	`180`	`break;`
`180`	`181`	`case 'apiKey':`
`@@ -192,7 +193,7 @@ public function validateSecurity(string $path, string $method, ServerRequestInte`
`192`	`193`	`break;`
`193`	`194`	`}`
`194`	`195`	`if ($token) {`
`195`		`- return $callback('apiKey', $token, $scopes);`
	`196`	`+ return $callback($request, 'apiKey', $token, $scopes);`
`196`	`197`	`}`
`197`	`198`	`break;`
`198`	`199`	`}`
`@@ -431,7 +432,7 @@ private function validateProperties(array $properties) : ?array`
`431`	`432`	`}`
`432`	`433`	`if (isset($result) && $result->hasError()) {`
`433`	`434`	`$error = $this->parseErrors($result->error(), $property->name, $property->in, $property);`
`434`		`-`
	`435`	`+`
`435`	`436`	`foreach ($error as $parsedError) {`
`436`	`437`	`// As all query param values are strings type errors should be discarded`
`437`	`438`	`$discard = false;`
`@@ -451,7 +452,7 @@ private function validateProperties(array $properties) : ?array`
`451`	`452`	`}`
`452`	`453`	`}`
`453`	`454`	`}`
`454`		`- }`
	`455`	`+ }`
`455`	`456`
`456`	`457`	`return $errors;`
`457`	`458`	`}`
`@@ -467,7 +468,7 @@ private function validateObject(array $schema, string $value) : array`
`467`	`468`	`try {`
`468`	`469`	`$value = json_decode($value);`
`469`	`470`	`$schema = json_decode(json_encode($schema, JSON_PRESERVE_ZERO_FRACTION));`
`470`		`- $result = $this->validator->validate($value, $schema,);`
	`471`	`+ $result = $this->validator->validate($value, $schema, );`
`471`	`472`	`} catch (Exception $e) {`
`472`	`473`	`return [[`
`473`	`474`	`'name' => 'server',`
`@@ -591,7 +592,7 @@ private function error(int $code, string $message, array $errors = []) : Respons`
`591`	`592`	`return $response->withBody((new StreamFactory())->createStream(json_encode($json, JSON_PRESERVE_ZERO_FRACTION)));`
`592`	`593`	`}`
`593`	`594`
`594`		`- private function parseErrors(ValidationError $error, $name = null, $in = null, ?Property $property = null ) : array`
	`595`	`+ private function parseErrors(ValidationError $error, $name = null, $in = null, ?Property $property = null) : array`
`595`	`596`	`{`
`596`	`597`	`$errors = [];`
`597`	`598`	`if ($error->subErrors()) {`