From 77a02263302316088fd7c6d871e9d34a9a970366 Mon Sep 17 00:00:00 2001
From: Jon Ursenbach <erunion@users.noreply.github.com>
Date: Wed, 1 Jul 2020 11:30:44 -0700
Subject: [PATCH] feat: properly handle cookie auth (#216)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* feat: properly handle cookie auth

* test: removing a now-filled test todo 🙂
---
 packages/tooling/__tests__/operation.test.js | 19 +++++++++++++++----
 packages/tooling/src/operation.js            |  8 ++++++--
 2 files changed, 21 insertions(+), 6 deletions(-)

diff --git a/packages/tooling/__tests__/operation.test.js b/packages/tooling/__tests__/operation.test.js
index 2ad74c774..c2290875d 100644
--- a/packages/tooling/__tests__/operation.test.js
+++ b/packages/tooling/__tests__/operation.test.js
@@ -197,6 +197,20 @@ describe('#prepareSecurity()', () => {
     });
   });
 
+  it('apiKey/cookie: should return with a type of Cookie', () => {
+    const oas = createSecurityOas({
+      securityScheme: {
+        type: 'apiKey',
+        in: 'cookie',
+      },
+    });
+    const operation = oas.operation(path, method);
+
+    expect(operation.prepareSecurity()).toStrictEqual({
+      Cookie: [oas.components.securitySchemes.securityScheme],
+    });
+  });
+
   it('should work for petstore', () => {
     const operation = new Oas(petstore).operation('/pet', 'post');
 
@@ -224,9 +238,6 @@ describe('#prepareSecurity()', () => {
 
   it.todo('should set a `key` property');
 
-  // TODO We dont currently support cookies?
-  it.todo('apiKey/cookie: should return with a type of Cookie');
-
   it.todo('should throw if attempting to use a non-existent scheme');
 
   it('should return empty object if no security', () => {
@@ -311,7 +322,7 @@ describe('#getHeaders()', () => {
     const operation = new Operation(oas, logOperation.url.path, logOperation.url.method, logOperation.operation);
 
     expect(operation.getHeaders()).toMatchObject({
-      request: ['Cookie', 'Authorization', 'Accept'],
+      request: ['Authorization', 'Cookie', 'Accept'],
       response: ['Content-Type'],
     });
   });
diff --git a/packages/tooling/src/operation.js b/packages/tooling/src/operation.js
index 00c3e5c24..9684fab3c 100644
--- a/packages/tooling/src/operation.js
+++ b/packages/tooling/src/operation.js
@@ -59,7 +59,8 @@ class Operation {
             type = 'OAuth2';
           } else if (security.type === 'apiKey') {
             if (security.in === 'query') type = 'Query';
-            else if (security.in === 'header' || security.in === 'cookie') type = 'Header';
+            else if (security.in === 'header') type = 'Header';
+            else if (security.in === 'cookie') type = 'Cookie';
           } else {
             return false;
           }
@@ -90,7 +91,6 @@ class Operation {
     const security = this.prepareSecurity();
     if (security.Header) {
       this.headers.request = security.Header.map(h => {
-        if (h.in === 'cookie') return 'Cookie';
         return h.name;
       });
     }
@@ -99,6 +99,10 @@ class Operation {
       this.headers.request.push('Authorization');
     }
 
+    if (security.Cookie) {
+      this.headers.request.push('Cookie');
+    }
+
     if (this.parameters) {
       this.headers.request = this.headers.request.concat(
         this.parameters