Properly test for security. (#50)

jonthegeek · Apr 2, 2024 · eb4f4de · eb4f4de
1 parent 76c4ea5
commit eb4f4de
Show file tree

Hide file tree

Showing 5 changed files with 67 additions and 106 deletions.
diff --git a/R/generate_pkg-security.R b/R/generate_pkg-security.R
@@ -94,6 +94,9 @@ S7::method(as_bk_data, class_security_schemes) <- function(x) {
     security_arg_helps = .generate_security_arg_help(
       security_schemes,
       security_args
+    ),
+    security_arg_nulls = .collapse_comma(
+      glue("{security_args} = NULL")
     )
   ))
 }

diff --git a/R/paths-apis.R b/R/paths-apis.R
diff --git a/inst/templates/020-security.R b/inst/templates/020-security.R
@@ -6,10 +6,12 @@
 # pass the same parameter in a header, possibly with a different name. Consult
 # the text description of authentication in your API documentation.
 
-{{api_abbr}}_security <- function(req, {{security_arg_names}}) {
-  {{#api_schemes}}
-  req <- {{api_abbr}}_security_{{name}}(req, {{arg_name}})
-  {{/api_schemes}}
+{{api_abbr}}_security <- function(req, {{security_arg_nulls}}) {
+{{#security_schemes}}
+  if (!is.null({{arg_name}})) {
+    req <- {{api_abbr}}_security_{{name}}(req, {{arg_name}})
+  }
+{{/security_schemes}}
   return(req)
 }
 

diff --git a/tests/testthat/_fixtures/trello-020-security.R b/tests/testthat/_fixtures/trello-020-security.R
@@ -0,0 +1,37 @@
+# These functions were generated by the {beekeeper} package, based on
+# components@security_schemes from the source API description. You may want to
+# delete unused options. In addition, APIs often have additional security
+# options that are not formally documented in the API description. For example,
+# for any `location = query` `api_key` options, it might be possible to instead
+# pass the same parameter in a header, possibly with a different name. Consult
+# the text description of authentication in your API documentation.
+
+trello_security <- function(req, key = NULL, token = NULL) {
+  if (!is.null(key)) {
+    req <- trello_security_api_key(req, key)
+  }
+  if (!is.null(token)) {
+    req <- trello_security_api_token(req, token)
+  }
+  return(req)
+}
+
+# An API key provided by the API provider. This key is not clearly documented in the API description. Check the API documentation for details.
+trello_security_api_key <- function(req, key) {
+  nectar::security_api_key(
+    req,
+    location = "query",
+    parameter_name = "key",
+    api_key = key
+  )
+}
+
+# An API key provided by the API provider. This key is not clearly documented in the API description. Check the API documentation for details.
+trello_security_api_token <- function(req, token) {
+  nectar::security_api_key(
+    req,
+    location = "query",
+    parameter_name = "token",
+    api_key = token
+  )
+}
diff --git a/tests/testthat/test-generate_pkg-security.R b/tests/testthat/test-generate_pkg-security.R
@@ -18,3 +18,24 @@ test_that("generate_pkg() generates call function with API keys", {
   call_result <- scrub_testpkg(readLines("R/010-call.R"))
   expect_identical(call_result, call_expected)
 })
+
+test_that("generate_pkg() generates security functions", {
+  skip_on_cran()
+  local_mocked_bindings(
+    .generate_paths = function(...) {
+      character()
+    }
+  )
+  config <- readLines(test_path("_fixtures", "trello_beekeeper.yml"))
+  trello_rapid <- readRDS(test_path("_fixtures", "trello_rapid.rds"))
+  security_expected <- readLines(test_path("_fixtures", "trello-020-security.R"))
+
+  create_local_package()
+  writeLines(config, "_beekeeper.yml")
+  saveRDS(trello_rapid, "trello_rapid.rds")
+
+  generate_pkg(pkg_agent = "TESTPKG (https://example.com)")
+
+  security_result <- scrub_testpkg(readLines("R/020-security.R"))
+  expect_identical(security_result, security_expected)
+})