openapi-ruby 2.3.0 → 2.4.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 398dab24d8afcf002fff3be85c3e47c2b83688904d2b3577e071ad790398caf0
-  data.tar.gz: 071ad3e3c2b9d15e6f4aa60fcf09f8fef2260f43e35e9c6a69af04071da2d6a6
+  metadata.gz: 625d042fe294eeec35636e245418a38ab1cdefb13412fb1cfd355429a90ead83
+  data.tar.gz: 354e09c385f606421e191f05bccfef6a1cefac42be17485f3eeb4bf38ccf3285
 SHA512:
-  metadata.gz: 7745b15a5b56b12b9a7c2b24ddfe761d37faea4835114722960dbc575bd2ae386780284a2791a1b57d08374cad5a8f5079ff410cefcbedce521c719bc892ab81
-  data.tar.gz: a6baddb8b5850f6b273506f04fa9e8917338431c3d08ab698f710fa791b7c99e4f4ad5b861c298ca08b9b156342606ca760efb7720d7d1a735f6197faee4807d
+  metadata.gz: de6d641c194b48f03e20c877a9c9ab787eaf20dd88fe8bf952bb2c22963e98b060f31aea0d5d57321a99d6ffd91fe9b80805b3bbeb4274d17f085b7481747588
+  data.tar.gz: f9790faa37a74d230addcf0fdaaa346454481c63791e73efa138aa1bdc212cf08111dee1eb1cfcc6b1b867d90189cf4e76bea4305d27474f7098c7214cbebe00

data/lib/openapi_ruby/adapters/minitest.rb

@@ -1,6 +1,8 @@
 # frozen_string_literal: true
 
 require "openapi_ruby"
+require "cgi"
+require "uri"
 
 module OpenapiRuby
   module Adapters
@@ -36,45 +38,64 @@ module OpenapiRuby
           response_ctx = operation.responses[expected_status.to_s]
           raise OpenapiRuby::Error, "No response #{expected_status} defined for #{method.upcase}" unless response_ctx
 
-          # Build the request path
-          path = expand_path(context.path_template, params.merge(path_params))
+          # Build the request path with base path from schema server URL
+          base_path = resolve_base_path(context.schema_name)
+          path = "#{base_path}#{expand_path(context.path_template, params.merge(path_params))}"
 
-          # Execute the request
-          request_params = body || params.reject { |k, _| path_param_names(context).include?(k.to_s) }
-          request_headers = headers.dup
+          # Resolve security scheme parameters
+          security_params = resolve_security_params(operation, context.schema_name)
+          security_params.each do |param|
+            val = params[param[:name].to_sym] || params[param[:name]]
+            next if val.nil?
 
-          if body
-            content_type = request_headers["Content-Type"] || context.operations[method.to_s]&.instance_variable_get(:@consumes_list)&.first
+            case param[:in].to_s
+            when "header" then headers[param[:name]] = val
+            when "query" then params[param[:name]] = val
+            when "cookie" then headers["Cookie"] = "#{param[:name]}=#{val}"
+            end
+          end
 
-            if content_type&.include?("form-data") || content_type&.include?("x-www-form-urlencoded")
-              request_params = body
-              request_headers["Content-Type"] ||= content_type
+          # Default Accept header for API requests
+          headers["Accept"] ||= "application/json"
+
+          # Build query params (exclude path params)
+          query_params = params.reject { |k, _| path_param_names(context).include?(k.to_s) }
+
+          # Execute the request
+          if body
+            content_type = operation.request_body_definition&.dig("content")&.keys&.first || "application/json"
+            request_args = if content_type.include?("form-data") || content_type.include?("x-www-form-urlencoded")
+              {params: body, headers: headers}
             else
-              request_params = body.is_a?(String) ? body : body.to_json
-              request_headers["Content-Type"] ||= content_type || "application/json"
+              {
+                params: body.is_a?(String) ? body : body.to_json,
+                headers: headers.merge("Content-Type" => content_type)
+              }
+            end
+            # Append query params to path when body is present
+            if query_params.any?
+              query_string = query_params.map { |k, v| "#{k}=#{CGI.escape(v.to_s)}" }.join("&")
+              path = "#{path}?#{query_string}"
             end
+          else
+            request_args = {params: query_params, headers: headers}
           end
 
-          send_args = {params: request_params}
-          send_args[:headers] = request_headers if request_headers.any?
-
-          send(method, path, **send_args)
+          send(method, path, **request_args)
 
           # Validate response
-          if OpenapiRuby.configuration.validate_responses_in_tests
-            assert_equal expected_status, response.status,
-              "Expected status #{expected_status}, got #{response.status}"
-
-            if response_ctx.schema_definition
-              validator = Testing::ResponseValidator.new
-              body_data = parse_response_body
-              errors = validator.validate(
-                response_body: body_data,
-                status_code: response.status,
-                response_context: response_ctx
-              )
-              assert errors.empty?, "Response validation failed:\n#{errors.join("\n")}"
-            end
+          assert_equal expected_status, response.status,
+            "Expected status #{expected_status}, got #{response.status}\nResponse body: #{response.body}"
+
+          if OpenapiRuby.configuration.validate_responses_in_tests && response_ctx.schema_definition
+            validator = Testing::ResponseValidator.new
+            body_data = parse_response_body
+            errors = validator.validate(
+              response_body: body_data,
+              status_code: response.status,
+              response_context: response_ctx
+            )
+            assert errors.empty?, "Response validation failed:\n#{errors.join("\n")}"
           end
 
           # Execute additional assertions
@@ -94,10 +115,8 @@ module OpenapiRuby
             next false unless ctx.operations.key?(method.to_s)
 
             if has_path_params
-              # Pick the context that has path parameter placeholders
               ctx.path_template.include?("{")
             else
-              # Pick the context without path parameter placeholders
               !ctx.path_template.include?("{")
             end
           end
@@ -115,6 +134,52 @@ module OpenapiRuby
           context.path_parameters.map { |p| p["name"] }
         end
 
+        def resolve_base_path(schema_name)
+          return "" unless schema_name
+
+          config = OpenapiRuby.configuration
+          schema_config = config.schemas[schema_name.to_sym] || config.schemas[schema_name.to_s]
+          return "" unless schema_config
+
+          server_url = schema_config.dig(:servers, 0, :url) || schema_config.dig("servers", 0, "url")
+          return "" unless server_url
+
+          URI.parse(server_url).path.chomp("/")
+        rescue URI::InvalidURIError
+          ""
+        end
+
+        def resolve_security_params(operation, schema_name)
+          security_list = operation.instance_variable_get(:@security_list)
+          return [] unless security_list
+
+          config = OpenapiRuby.configuration
+          schema_config = config.schemas[schema_name.to_sym] || config.schemas[schema_name.to_s]
+          return [] unless schema_config
+
+          security_schemes = schema_config.dig(:components, :securitySchemes) ||
+            schema_config.dig("components", "securitySchemes") || {}
+
+          if security_schemes.empty?
+            loader = Components::Loader.new(scope: schema_name.to_s.tr("/", "_").to_sym)
+            security_schemes = loader.security_schemes
+          end
+
+          scheme_names = security_list.flat_map { |s| s.is_a?(Hash) ? s.keys.map(&:to_s) : [] }
+
+          scheme_names.filter_map do |name|
+            scheme = security_schemes[name] || security_schemes[name.to_sym]
+            next unless scheme
+
+            type = scheme[:type] || scheme["type"]
+            if type.to_s == "apiKey"
+              {name: (scheme[:name] || scheme["name"]).to_s, in: (scheme[:in] || scheme["in"]).to_s}
+            else
+              {name: "Authorization", in: "header"}
+            end
+          end.uniq { |p| [p[:name], p[:in]] }
+        end
+
         def parse_response_body
           return nil if response.body.empty?
 

data/lib/openapi_ruby/adapters/rspec.rb

@@ -1,256 +1,256 @@
 # frozen_string_literal: true
 
 require "openapi_ruby"
+require "cgi"
+require "uri"
 
 module OpenapiRuby
   module Adapters
     module RSpec
+      # Class-level DSL methods extended onto :openapi example groups.
+      # All methods are inherited by nested describe/context/it_behaves_like blocks.
+      # Data is stored in RSpec metadata which propagates to child groups.
       module ExampleGroupHelpers
         def path(template, &block)
           schema_name = metadata[:openapi_schema_name]
           context = DSL::Context.new(template, schema_name: schema_name)
 
           describe template do
-            # Store context reference on the example group metadata
             metadata[:openapi_path_context] = context
-
-            # Evaluate the block which defines operations via get/post/etc.
-            # We need a proxy that captures DSL calls and maps them to RSpec describe blocks
-            proxy = PathProxy.new(self, context)
-            proxy.instance_eval(&block) if block
-
-            # Register the context for spec generation
+            instance_eval(&block) if block
             DSL::MetadataStore.register(context)
           end
         end
-      end
-
-      class PathProxy
-        def initialize(example_group, context)
-          @example_group = example_group
-          @context = context
-        end
-
-        def parameter(attributes = {})
-          @context.parameter(attributes)
-        end
 
         DSL::Context::HTTP_METHODS.each do |method|
           define_method(method) do |summary = nil, &block|
+            path_ctx = metadata[:openapi_path_context]
             op_context = DSL::OperationContext.new(method, summary)
-            # Copy path-level parameters
-            @context.path_parameters.each { |p| op_context.parameter(p) }
-            @context.operations[method.to_s] = op_context
-
-            @example_group.describe "#{method.to_s.upcase} #{@context.path_template}" do
-              # Evaluate operation-level DSL
-              op_proxy = OperationProxy.new(self, op_context, @context)
-              op_proxy.instance_eval(&block) if block
+            path_ctx.path_parameters.each { |p| op_context.parameter(p) }
+            path_ctx.operations[method.to_s] = op_context
+
+            describe "#{method.to_s.upcase} #{path_ctx.path_template}" do
+              metadata[:openapi_operation] = op_context
+              instance_eval(&block) if block
             end
           end
         end
 
-        private
-
-        # Forward missing methods to the example group for non-DSL calls
-        def method_missing(name, ...)
-          if @example_group.respond_to?(name)
-            @example_group.send(name, ...)
-          else
-            super
+        def parameter(attributes = {})
+          if metadata[:openapi_operation]
+            metadata[:openapi_operation].parameter(attributes)
+          elsif metadata[:openapi_path_context]
+            metadata[:openapi_path_context].parameter(attributes)
           end
         end
 
-        def respond_to_missing?(name, include_private = false)
-          @example_group.respond_to?(name, include_private) || super
+        %i[tags operationId deprecated security].each do |attr_name|
+          define_method(attr_name) do |value|
+            metadata[:openapi_operation]&.send(attr_name, value)
+          end
         end
-      end
 
-      class OperationProxy
-        def initialize(example_group, operation_context, path_context)
-          @example_group = example_group
-          @operation = operation_context
-          @path_context = path_context
+        def description(value = nil)
+          return super() if value.nil?
+          metadata[:openapi_operation]&.description(value)
         end
 
-        %i[tags operationId description deprecated consumes produces security
-          parameter request_body request_body_example].each do |method|
-          define_method(method) do |*args, **kwargs, &block|
-            if kwargs.empty?
-              @operation.send(method, *args, &block)
-            else
-              @operation.send(method, *args, **kwargs, &block)
-            end
-          end
+        def consumes(*content_types)
+          metadata[:openapi_operation]&.consumes(*content_types)
         end
 
-        def response(status_code, description, hidden: false, &block)
-          response_ctx = @operation.response(status_code, description, hidden: hidden)
-          operation = @operation
-
-          @example_group.context "response #{status_code} #{description}" do
-            metadata[:openapi_operation] = operation
-            metadata[:openapi_response] = response_ctx
-
-            # Evaluate response-level DSL
-            resp_proxy = ResponseProxy.new(self, response_ctx)
-            resp_proxy.instance_eval(&block) if block
-          end
+        def produces(*content_types)
+          metadata[:openapi_operation]&.produces(*content_types)
         end
 
-        private
-
-        def method_missing(name, ...)
-          if @example_group.respond_to?(name)
-            @example_group.send(name, ...)
-          else
-            super
-          end
+        def request_body(attributes = {})
+          metadata[:openapi_operation]&.request_body(attributes)
         end
 
-        def respond_to_missing?(name, include_private = false)
-          @example_group.respond_to?(name, include_private) || super
+        def request_body_example(**kwargs)
+          metadata[:openapi_operation]&.request_body_example(**kwargs)
         end
-      end
 
-      class ResponseProxy
-        def initialize(example_group, response_context)
-          @example_group = example_group
-          @response = response_context
+        def response(status_code, description, hidden: false, &block)
+          operation = metadata[:openapi_operation]
+          response_ctx = operation.response(status_code, description, hidden: hidden)
+
+          context "response #{status_code} #{description}" do
+            metadata[:openapi_response] = response_ctx
+            instance_eval(&block) if block
+          end
         end
 
         def schema(definition)
-          @response.schema(definition)
+          metadata[:openapi_response]&.schema(definition)
         end
 
         def header(name, attributes = {})
-          @response.header(name, attributes)
+          metadata[:openapi_response]&.header(name, attributes)
         end
 
-        def example(content_type, **)
-          @response.example(content_type, **)
-        end
+        def run_test!(description = nil, &block)
+          response_ctx = metadata[:openapi_response]
 
-        def produces(*content_types)
-          @response.produces(*content_types)
+          before do |example|
+            submit_openapi_request(example.metadata)
+          end
+
+          it(description || "returns #{response_ctx.status_code}") do |example|
+            assert_openapi_response(example.metadata)
+            instance_eval(&block) if block
+          end
         end
+      end
 
-        def run_test!(description = nil, &block)
-          response_ctx = @response
-          @example_group.it(description || "returns #{response_ctx.status_code}") do |example|
-            example_metadata = example.metadata
-
-            # Resolve path parameters from let variables
-            path = resolve_path(example_metadata)
-            operation = find_operation(example_metadata)
-
-            # Build params and headers from let variables
-            params = resolve_let(:request_params) || {}
-            headers = resolve_let(:request_headers) || {}
-            body = resolve_let(:request_body)
-
-            # Merge individual parameter let values
-            operation&.parameters&.each do |param|
-              name = param["name"]
-              val = resolve_let(name.to_sym)
-              next unless val
-
-              case param["in"]
-              when "query"
-                params[name] = val
-              when "header"
-                headers[name] = val
-              when "path"
-                # Already handled in resolve_path
-              end
-            end
+      # Instance-level helper methods mixed into RSpec examples
+      module ExampleHelpers
+        # submit_openapi_request is public so specs can call it directly
+        # (e.g., for rate limiting tests that need multiple requests)
+        def submit_openapi_request(metadata)
+          path = resolve_path(metadata)
+          operation = find_in_metadata(metadata, :openapi_operation)
+
+          params = resolve_let(:request_params) || {}
+          headers = resolve_let(:request_headers) || {}
+          body = resolve_let(:request_body)
+
+          # Merge individual parameter let values
+          operation&.parameters&.each do |param|
+            name = param["name"]
+            val = resolve_let(name.to_sym)
+            next if val.nil?
 
-            # Execute the request
-            method = operation&.verb || example_metadata[:openapi_operation]&.verb || "get"
-            send_args = {params: body || params}
-            send_args[:headers] = headers if headers.any?
-
-            if body
-              content_type = headers["Content-Type"] || operation&.instance_variable_get(:@consumes_list)&.first
-
-              if content_type&.include?("form-data") || content_type&.include?("x-www-form-urlencoded")
-                send_args[:params] = body
-                send_args[:headers] = (headers || {}).merge("Content-Type" => content_type)
-              else
-                send_args[:params] = body.is_a?(String) ? body : body.to_json
-                send_args[:headers] = (headers || {}).merge("Content-Type" => content_type || "application/json")
-              end
+            case param["in"]
+            when "query" then params[name] = val
+            when "header" then headers[name] = val
             end
+          end
 
-            send(method.to_sym, path, **send_args)
-
-            # Validate response
-            if OpenapiRuby.configuration.validate_responses_in_tests && response_ctx.schema_definition
-              validator = Testing::ResponseValidator.new
-              errors = validator.validate(
-                response_body: parsed_response_body,
-                status_code: response.status,
-                response_context: response_ctx
-              )
-              expect(errors).to be_empty, "Response validation failed:\n#{errors.join("\n")}"
-            else
-              expect(response.status).to eq(response_ctx.status_code.to_i)
-            end
+          # Resolve security scheme parameters from let variables
+          resolve_security_params(operation, metadata).each do |param|
+            val = resolve_let(param[:name].to_sym)
+            next unless val
 
-            # Execute additional assertions
-            instance_eval(&block) if block
+            case param[:in].to_s
+            when "header" then headers[param[:name]] = val
+            when "query" then params[param[:name]] = val
+            when "cookie" then headers["Cookie"] = "#{param[:name]}=#{val}"
+            end
           end
-        end
 
-        # Forward let/before/after/subject to RSpec
-        def method_missing(name, ...)
-          if @example_group.respond_to?(name)
-            @example_group.send(name, ...)
+          method = operation&.verb || "get"
+          # Default to JSON Accept header for API requests
+          headers["Accept"] ||= "application/json"
+
+          if body
+            content_type = operation&.request_body_definition&.dig("content")&.keys&.first || "application/json"
+            request_args = if content_type.include?("form-data") || content_type.include?("x-www-form-urlencoded")
+              {params: body, headers: headers}
+            else
+              {
+                params: body.is_a?(String) ? body : body.to_json,
+                headers: headers.merge("Content-Type" => content_type)
+              }
+            end
+            # Append query params to path when body is present
+            if params.any?
+              query_string = params.map { |k, v| "#{k}=#{CGI.escape(v.to_s)}" }.join("&")
+              path = "#{path}?#{query_string}"
+            end
           else
-            super
+            request_args = {params: params, headers: headers}
           end
+
+          send(method.to_sym, path, **request_args)
         end
 
-        def respond_to_missing?(name, include_private = false)
-          @example_group.respond_to?(name, include_private) || super
+        def assert_openapi_response(metadata)
+          response_ctx = find_in_metadata(metadata, :openapi_response)
+
+          expected_status = response_ctx.status_code.to_i
+          actual_status = response.status
+
+          unless actual_status == expected_status
+            raise "Response validation failed:\n" \
+              "Expected status #{expected_status}, got #{actual_status}\n" \
+              "Response body: #{response.body}"
+          end
         end
-      end
 
-      # Helper methods mixed into RSpec examples
-      module ExampleHelpers
         private
 
         def resolve_path(metadata)
-          path_ctx = find_path_context(metadata)
+          path_ctx = find_in_metadata(metadata, :openapi_path_context)
           template = path_ctx&.path_template || ""
-          find_operation(metadata)
 
-          # Substitute {param} placeholders with let values
-          template.gsub(/\{(\w+)\}/) do
+          base_path = resolve_base_path(path_ctx&.schema_name)
+          full_path = "#{base_path}#{template}"
+
+          full_path.gsub(/\{(\w+)\}/) do
             name = ::Regexp.last_match(1)
-            val = resolve_let(name.to_sym)
-            val || "{#{name}}"
+            resolve_let(name.to_sym) || "{#{name}}"
           end
         end
 
-        def find_path_context(metadata)
+        def find_in_metadata(metadata, key)
           meta = metadata
           while meta
-            return meta[:openapi_path_context] if meta[:openapi_path_context]
-
+            return meta[key] if meta[key]
             meta = meta[:parent_example_group]
           end
           nil
         end
 
-        def find_operation(metadata)
-          meta = metadata
-          while meta
-            return meta[:openapi_operation] if meta[:openapi_operation]
+        def resolve_base_path(schema_name)
+          return "" unless schema_name
 
-            meta = meta[:parent_example_group]
+          config = OpenapiRuby.configuration
+          schema_config = config.schemas[schema_name.to_sym] || config.schemas[schema_name.to_s]
+          return "" unless schema_config
+
+          server_url = schema_config.dig(:servers, 0, :url) || schema_config.dig("servers", 0, "url")
+          return "" unless server_url
+
+          URI.parse(server_url).path.chomp("/")
+        rescue URI::InvalidURIError
+          ""
+        end
+
+        def resolve_security_params(operation, metadata)
+          security_list = operation&.instance_variable_get(:@security_list)
+          return [] unless security_list
+
+          schema_name = find_in_metadata(metadata, :openapi_schema_name)
+          return [] unless schema_name
+
+          config = OpenapiRuby.configuration
+          schema_config = config.schemas[schema_name.to_sym] || config.schemas[schema_name.to_s]
+          return [] unless schema_config
+
+          security_schemes = schema_config.dig(:components, :securitySchemes) ||
+            schema_config.dig("components", "securitySchemes") || {}
+
+          # Also check registered components
+          if security_schemes.empty?
+            loader = Components::Loader.new(scope: schema_name.to_s.tr("/", "_").to_sym)
+            security_schemes = loader.security_schemes
           end
-          nil
+
+          scheme_names = security_list.flat_map { |s| s.is_a?(Hash) ? s.keys.map(&:to_s) : [] }
+
+          scheme_names.filter_map do |name|
+            scheme = security_schemes[name] || security_schemes[name.to_sym]
+            next unless scheme
+
+            type = scheme[:type] || scheme["type"]
+            if type.to_s == "apiKey"
+              {name: (scheme[:name] || scheme["name"]).to_s, in: (scheme[:in] || scheme["in"]).to_s}
+            else
+              # OAuth2, http bearer, etc. → Authorization header
+              {name: "Authorization", in: "header"}
+            end
+          end.uniq { |p| [p[:name], p[:in]] }
         end
 
         def resolve_let(name)
@@ -261,21 +261,10 @@ module OpenapiRuby
 
         def parsed_response_body
           return nil if response.body.empty?
-
           JSON.parse(response.body)
         rescue JSON::ParserError
           response.body
         end
-
-        def operation_context_from_parent
-          meta = self.class.metadata
-          while meta
-            return meta[:openapi_operation] if meta[:openapi_operation]
-
-            meta = meta[:parent_example_group]
-          end
-          nil
-        end
       end
 
       def self.install!
@@ -283,7 +272,6 @@ module OpenapiRuby
           config.extend ExampleGroupHelpers, type: :openapi
           config.include ExampleHelpers, type: :openapi
 
-          # Make type: :openapi behave like request specs (includes integration test methods)
           if defined?(::RSpec::Rails)
             config.include ::RSpec::Rails::RequestExampleGroup, type: :openapi
           end

data/lib/openapi_ruby/components/registry.rb

@@ -65,11 +65,11 @@ module OpenapiRuby
           existing_scopes = existing._component_scopes
           existing_scopes_set = existing._component_scopes_explicitly_set
 
-          # Skip when exactly one side has explicitly configured scopes — during initial
+          # Skip when scopes haven't been explicitly configured yet — during initial
           # loading, components are registered with empty default scopes before the Loader
-          # assigns inferred scopes. The unconfigured side may get scopes later via
-          # component_scopes, which unregisters/re-registers and retriggers this check.
-          next if new_scopes_set != existing_scopes_set
+          # assigns inferred scopes. Only check for duplicates when both sides have
+          # explicitly set their scopes.
+          next unless new_scopes_set && existing_scopes_set
 
           if scopes_overlap?(new_scopes, existing_scopes)
             raise DuplicateComponentError,

data/lib/openapi_ruby/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module OpenapiRuby
-  VERSION = "2.3.0"
+  VERSION = "2.4.0"
 end

data/lib/tasks/openapi_ruby.rake

@@ -1,9 +1,11 @@
 # frozen_string_literal: true
 
 namespace :openapi_ruby do
-  desc "Generate OpenAPI spec files from test definitions and components"
+  desc "Generate OpenAPI schema files from spec definitions and components"
   task generate: :environment do
-    require "openapi_ruby"
-    OpenapiRuby::Generator::SchemaWriter.generate_all!
+    pattern = ENV.fetch("PATTERN", "spec/**/*_spec.rb")
+    command = "bundle exec rspec --pattern '#{pattern}' --dry-run --order defined"
+    puts "Generating OpenAPI schemas..."
+    system(command) || abort("Schema generation failed")
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: openapi-ruby
 version: !ruby/object:Gem::Version
-  version: 2.3.0
+  version: 2.4.0
 platform: ruby
 authors:
 - Morten Hartvig