CODEWITHSUNDEEP
phplaravelswaggerswagger-ui
Gerard Luque
Gerard Luque

Reputation: 163

swagger security Laravel

I installed the "darkaonline/l5-swagger": "~3.0" to get Swagger on my Laravel 5.3 project, and I would like to set an api_key value to the user that tests my api by swagger get acces or not comparing the api_key value that he enters with one mine.

I have this on my security.php:

/**
 * @SWG\SecurityScheme(
 *   securityDefinition="api_key",
 *   type="apiKey",
 *   in="header",
 *   name="api_key"
 * )
 */

and on my UserController:

/**
     * @SWG\Post(
     *     path="/add_user",
     *     tags={"user"},
     *     operationId="adduser",
     *     summary="Add a new user to the store",
     *     description="",
     *     produces={"application/xml", "application/json"},
     *     @SWG\Parameter(
     *         name="name",
     *         in="formData",
     *         type="string",
     *         description="Name of the user",
     *         required=true,
     *     ),
     *      @SWG\Parameter(
     *         name="lastname",
     *         in="formData",
     *         type="string",
     *         description="Lastname of the user",
     *         required=true,
     *     ),     
     *      @SWG\Parameter(
     *         name="email",
     *         in="formData",
     *         type="string",
     *         description="Email of the user",
     *         required=true,
     *     ),
     *     @SWG\Parameter(
     *         name="password",
     *         in="formData",
     *         type="string",
     *         description="password of the user",
     *         required=true,
     *     ),
     *      @SWG\Parameter(
     *         name="website",
     *         in="formData",
     *         type="string",
     *         description="website of the user",
     *         required=true,
     *     ),
     *      @SWG\Parameter(
     *         name="platform",
     *         in="formData",
     *         type="string",
     *         description="website of the user",
     *         required=true,
     *     ),
     *     @SWG\Response(
     *         response=405,
     *         description="Invalid input",
     *     ),
     *     security={
     *         {
     *             "api_key": {},
     *         }
     *     },
     * )
     */

but I can store a new user even if I don't add an api_key value to my url or authorization dialog. What am I missing?

Upvotes: 1

Views: 3132

Answers (1)

KhorneHoly
KhorneHoly

Reputation: 4766

You still need to check the apikey by yourself. Swagger is just there to generate the documentation, it doesn't have an effect on your actual code.

Upvotes: 3

Related Questions