Error when using auth: Cannot read properties of undefined

[crowbait]

Describe the bug
When using BasicAuth in my spec, express-openapi-validator fails with the following message:

Cannot read properties of undefined (reading 'undefined')

Validator settings as follows:

app.use(OpenApiValidator.middleware({
  apiSpec: specYAML /* const, path to spec generated on runtime */,
  validateRequests: {
    coerceTypes: false,
    allowUnknownQueryParameters: false,
    removeAdditional: 'all'
  },
  validateResponses: {
    coerceTypes: false,
    removeAdditional: 'failing'
  }
}));

I'm using the following spec (cut for consistency):

openapi: 3.0.0
paths:
  /auth:
    get:
      operationId: auth
      description: Accepts credentials in HTTP Basic Auth and validates them. Will respond with HTTP status codes but no content.
      parameters: []
      responses:
        '200':
          description: The request has succeeded.
        '401':
          description: Access is unauthorized.
      security:
        - BasicAuth: []
  securitySchemes:
    BasicAuth:
      type: http
      scheme: basic

Using the same security scheme on any other route fails with the same message. Removing the security description from the spec "solves" the issue.

[cdimascio]

This sounds similar to #1003 which is fixed in 5.3.9.

…

On Thu, Oct 31, 2024, 5:29 PM Traxx ***@***.***> wrote: *Describe the bug* When using BasicAuth in my spec, express-openapi-validator fails with the following message: Cannot read properties of undefined (reading 'undefined') Validator settings as follows: app.use(OpenApiValidator.middleware({ apiSpec: specYAML /* const, path to spec generated on runtime */, validateRequests: { coerceTypes: false, allowUnknownQueryParameters: false, removeAdditional: 'all' }, validateResponses: { coerceTypes: false, removeAdditional: 'failing' }})); I'm using the following spec (cut for consistency): openapi: 3.0.0paths: /auth: get: operationId: auth description: Accepts credentials in HTTP Basic Auth and validates them. Will respond with HTTP status codes but no content. parameters: [] responses: '200': description: The request has succeeded. '401': description: Access is unauthorized. security: - BasicAuth: [] securitySchemes: BasicAuth: type: http scheme: basic Using the same security scheme on any other route fails with the same message. Removing the security description from the spec "solves" the issue. — Reply to this email directly, view it on GitHub <#1005>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABD5CORBA7RBDDZLVCVUVYDZ6KOKNAVCNFSM6AAAAABQ7FGALCVHI2DSMVQWIX3LMV43ASLTON2WKOZSGYZDOOBWGM4TCNQ> . You are receiving this because you are subscribed to this thread.Message ID: ***@***.***>

[crowbait]

This sounds similar to #1003 which is fixed in 5.3.9.

You are absolutely right.

I severy misinterpreted that issue - I thought "this is about cookies which I don't use, this can't possibly affect me" ... without realizing the issue was actually about a lack of cookies on an auth-enabled request. It is indeed fixed in 5.3.9 .

Sorry for not thinking this one through.

[cdimascio]

No glad its resolved. Cheers