From 6686f54ef730beeb719346330a4ca6bef3099cd6 Mon Sep 17 00:00:00 2001
From: Lehp <40690143+Lehp@users.noreply.github.com>
Date: Tue, 8 Mar 2022 12:07:35 +0100
Subject: [PATCH] feat: [security] feature add or-option (#1151)

---
 operation.go      | 38 ++++++++++++++++++++------------------
 operation_test.go | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 53 insertions(+), 18 deletions(-)

diff --git a/operation.go b/operation.go
index 5d35963cc..b52bc0193 100644
--- a/operation.go
+++ b/operation.go
@@ -649,27 +649,29 @@ func (operation *Operation) ParseRouterComment(commentLine string) error {
 
 // ParseSecurityComment parses comment for given `security` comment string.
 func (operation *Operation) ParseSecurityComment(commentLine string) error {
+	//var securityMap map[string][]string = map[string][]string{}
+
+	var securityMap = make(map[string][]string)
 	securitySource := commentLine[strings.Index(commentLine, "@Security")+1:]
-	l := strings.Index(securitySource, "[")
-	r := strings.Index(securitySource, "]")
-	// exists scope
-	if !(l == -1 && r == -1) {
-		scopes := securitySource[l+1 : r]
-		var s []string
-		for _, scope := range strings.Split(scopes, ",") {
-			s = append(s, strings.TrimSpace(scope))
+	for _, securityOption := range strings.Split(securitySource, "||") {
+		securityOption = strings.TrimSpace(securityOption)
+		l := strings.Index(securityOption, "[")
+		r := strings.Index(securityOption, "]")
+		if !(l == -1 && r == -1) {
+			scopes := securityOption[l+1 : r]
+			var s []string
+			for _, scope := range strings.Split(scopes, ",") {
+				s = append(s, strings.TrimSpace(scope))
+			}
+			securityKey := securityOption[0:l]
+			securityMap[securityKey] = append(securityMap[securityKey], s...)
+
+		} else {
+			securityKey := strings.TrimSpace(securityOption)
+			securityMap[securityKey] = []string{}
 		}
-		securityKey := securitySource[0:l]
-		securityMap := map[string][]string{}
-		securityMap[securityKey] = append(securityMap[securityKey], s...)
-		operation.Security = append(operation.Security, securityMap)
-	} else {
-		securityKey := strings.TrimSpace(securitySource)
-		securityMap := map[string][]string{}
-		securityMap[securityKey] = []string{}
-		operation.Security = append(operation.Security, securityMap)
 	}
-
+	operation.Security = append(operation.Security, securityMap)
 	return nil
 }
 
diff --git a/operation_test.go b/operation_test.go
index 1f2f03e08..c797962bc 100644
--- a/operation_test.go
+++ b/operation_test.go
@@ -2081,6 +2081,39 @@ func TestParseSecurityComment(t *testing.T) {
 	})
 }
 
+func TestParseSecurityCommentSimple(t *testing.T) {
+	t.Parallel()
+
+	comment := `@Security ApiKeyAuth`
+	operation := NewOperation(nil)
+
+	err := operation.ParseComment(comment, nil)
+	assert.NoError(t, err)
+
+	assert.Equal(t, operation.Security, []map[string][]string{
+		{
+			"ApiKeyAuth": {},
+		},
+	})
+}
+
+func TestParseSecurityCommentOr(t *testing.T) {
+	t.Parallel()
+
+	comment := `@Security OAuth2Implicit[read, write] || Firebase[]`
+	operation := NewOperation(nil)
+
+	err := operation.ParseComment(comment, nil)
+	assert.NoError(t, err)
+
+	assert.Equal(t, operation.Security, []map[string][]string{
+		{
+			"OAuth2Implicit": {"read", "write"},
+			"Firebase":       {""},
+		},
+	})
+}
+
 func TestParseMultiDescription(t *testing.T) {
 	t.Parallel()