From d13bebaaf5ff2f35774e71f10b288831cf8ffe2f Mon Sep 17 00:00:00 2001 From: kriptoburak Date: Fri, 3 Jul 2026 02:34:19 +0300 Subject: [PATCH] test: cover empty operation security override --- test/oas3/execute/authorization.js | 50 ++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) diff --git a/test/oas3/execute/authorization.js b/test/oas3/execute/authorization.js index 2e662b5d1..22d290798 100644 --- a/test/oas3/execute/authorization.js +++ b/test/oas3/execute/authorization.js @@ -792,6 +792,56 @@ describe('Authorization - OpenAPI Specification 3.0', () => { }, }); }); + test('should not add global authorization when operation security is empty', () => { + const spec = { + openapi: '3.0.0', + security: [{ myOAuth2Implicit: [] }], + components: { + securitySchemes: { + myOAuth2Implicit: { + type: 'oauth2', + flows: { + implicit: { + authorizationUrl: 'http://google.com/', + scopes: { + myScope: 'blah blah blah', + }, + }, + }, + }, + }, + }, + paths: { + '/': { + get: { + operationId: 'myOperation', + security: [], + }, + }, + }, + }; + + const req = buildRequest({ + spec, + operationId: 'myOperation', + securities: { + authorized: { + myOAuth2Implicit: { + token: { + access_token: 'myTokenValue', + }, + }, + }, + }, + }); + + expect(req).toEqual({ + method: 'GET', + url: '/', + credentials: 'same-origin', + headers: {}, + }); + }); test('should build a request without authorization when spec does not require it', () => { const spec = { openapi: '3.0.0',