chore: add missing allowsAnonymous declarations for anonymous operations in BodyApi

jackdevis · jackdevis · commit e2fab1bf692d · 2026-01-21T06:41:26.000-08:00
diff --git a/modules/openapi-generator/src/main/java/org/openapitools/codegen/CodegenOperation.java b/modules/openapi-generator/src/main/java/org/openapitools/codegen/CodegenOperation.java
@@ -30,8 +30,7 @@ public class CodegenOperation {
             hasVersionHeaders = false, hasVersionQueryParams = false,
             isResponseBinary = false, isResponseFile = false, isResponseOptional = false, hasReference = false, defaultReturnType = false,
             isDeprecated, isCallbackRequest, uniqueItems,
-            hasErrorResponseObject, // if 4xx, 5xx responses have at least one error object defined
-            allowsAnonymous = false; // if the operation allows anonymous access (empty security requirement)
+            hasErrorResponseObject; // if 4xx, 5xx responses have at least one error object defined
     public CodegenProperty returnProperty;
     public String path, operationId, returnType, returnFormat, httpMethod, returnBaseType,
             returnContainer, summary, unescapedNotes, notes, baseName, defaultResponse;
@@ -404,7 +403,6 @@ public String toString() {
         final StringBuffer sb = new StringBuffer("CodegenOperation{");
         sb.append("responseHeaders=").append(responseHeaders);
         sb.append(", hasAuthMethods=").append(hasAuthMethods);
-        sb.append(", allowsAnonymous=").append(allowsAnonymous);
         sb.append(", hasConsumes=").append(hasConsumes);
         sb.append(", hasProduces=").append(hasProduces);
         sb.append(", hasOptionalParams=").append(hasOptionalParams);
@@ -477,7 +475,6 @@ public boolean equals(Object o) {
         if (o == null || getClass() != o.getClass()) return false;
         CodegenOperation that = (CodegenOperation) o;
         return hasAuthMethods == that.hasAuthMethods &&
-                allowsAnonymous == that.allowsAnonymous &&
                 hasConsumes == that.hasConsumes &&
                 hasProduces == that.hasProduces &&
                 hasOptionalParams == that.hasOptionalParams &&
@@ -546,7 +543,7 @@ public boolean equals(Object o) {
     @Override
     public int hashCode() {
 
-        return Objects.hash(responseHeaders, hasAuthMethods, allowsAnonymous, hasConsumes, hasProduces, hasOptionalParams,
+        return Objects.hash(responseHeaders, hasAuthMethods, hasConsumes, hasProduces, hasOptionalParams,
                 returnTypeIsPrimitive, returnSimpleType, subresourceOperation, isMap,
                 isArray, isMultipart, isVoid, isResponseBinary, isResponseFile, isResponseOptional, hasReference,
                 isDeprecated, isCallbackRequest, uniqueItems, path, operationId, returnType, httpMethod,
diff --git a/modules/openapi-generator/src/main/java/org/openapitools/codegen/DefaultGenerator.java b/modules/openapi-generator/src/main/java/org/openapitools/codegen/DefaultGenerator.java
@@ -1579,19 +1579,6 @@ private void processOperation(String resourcePath, String httpMethod, Operation
                         continue;
                     }
 
-                    // Check if anonymous access is allowed (empty SecurityRequirement means anonymous is allowed)
-                    // This must be checked before processing auth methods to properly handle mixed security requirements
-                    boolean allowsAnonymous = checkAllowsAnonymous(securities);
-                    if (!allowsAnonymous && securities == null) {
-                        // If no operation-level securities, check global securities
-                        allowsAnonymous = checkAllowsAnonymous(globalSecurities);
-                    }
-                    // If no securities at all (neither operation nor global), anonymous is allowed by default
-                    if (!allowsAnonymous && securities == null && (globalSecurities == null || globalSecurities.isEmpty())) {
-                        allowsAnonymous = true;
-                    }
-                    codegenOperation.allowsAnonymous = allowsAnonymous;
-
                     Map<String, SecurityScheme> authMethods = getAuthMethods(securities, securitySchemes);
 
                     if (authMethods != null && !authMethods.isEmpty()) {
@@ -1801,25 +1788,6 @@ private ModelsMap processModels(CodegenConfig config, Map<String, Schema> defini
         return objs;
     }
 
-    /**
-     * Check if the security requirements allow anonymous access.
-     * An empty SecurityRequirement (empty map) indicates anonymous access is allowed.
-     *
-     * @param securities List of security requirements to check
-     * @return true if any security requirement is empty (allows anonymous), false otherwise
-     */
-    private boolean checkAllowsAnonymous(List<SecurityRequirement> securities) {
-        if (securities == null || securities.isEmpty()) {
-            return false;
-        }
-        for (SecurityRequirement req : securities) {
-            if (req == null || req.isEmpty()) {
-                return true;
-            }
-        }
-        return false;
-    }
-
     private Map<String, SecurityScheme> getAuthMethods(List<SecurityRequirement> securities, Map<String, SecurityScheme> securitySchemes) {
         if (securities == null || (securitySchemes == null || securitySchemes.isEmpty())) {
             return null;
diff --git a/modules/openapi-generator/src/main/resources/typescript-axios/apiInner.mustache b/modules/openapi-generator/src/main/resources/typescript-axios/apiInner.mustache
@@ -67,7 +67,6 @@ export const {{classname}}AxiosParamCreator = function (configuration?: Configur
             const localVarHeaderParameter = {} as any;
             const localVarQueryParameter = {} as any;{{#vendorExtensions}}{{#hasFormParams}}
             const localVarFormParams = new {{^multipartFormData}}URLSearchParams(){{/multipartFormData}}{{#multipartFormData}}((configuration && configuration.formDataCtor) || FormData)(){{/multipartFormData}};{{/hasFormParams}}{{/vendorExtensions}}
-            const allowsAnonymous = {{allowsAnonymous}};
 
     {{#authMethods}}
             // authentication {{name}} required
@@ -77,23 +76,23 @@ export const {{classname}}AxiosParamCreator = function (configuration?: Configur
             await setAWS4SignatureInterceptor(globalAxios, configuration)
             {{/withAWSV4Signature}}
             {{#isKeyInHeader}}
-            await setApiKeyToObject(localVarHeaderParameter, "{{keyParamName}}", configuration, allowsAnonymous)
+            await setApiKeyToObject(localVarHeaderParameter, "{{keyParamName}}", configuration)
             {{/isKeyInHeader}}
             {{#isKeyInQuery}}
-            await setApiKeyToObject(localVarQueryParameter, "{{keyParamName}}", configuration, allowsAnonymous)
+            await setApiKeyToObject(localVarQueryParameter, "{{keyParamName}}", configuration)
             {{/isKeyInQuery}}
             {{/isApiKey}}
             {{#isBasicBasic}}
             // http basic authentication required
-            setBasicAuthToObject(localVarRequestOptions, configuration, allowsAnonymous)
+            setBasicAuthToObject(localVarRequestOptions, configuration)
             {{/isBasicBasic}}
             {{#isBasicBearer}}
             // http bearer authentication required
-            await setBearerAuthToObject(localVarHeaderParameter, configuration, allowsAnonymous)
+            await setBearerAuthToObject(localVarHeaderParameter, configuration)
             {{/isBasicBearer}}
             {{#isOAuth}}
             // oauth required
-            await setOAuthToObject(localVarHeaderParameter, "{{name}}", [{{#scopes}}"{{{scope}}}"{{^-last}}, {{/-last}}{{/scopes}}], configuration, allowsAnonymous)
+            await setOAuthToObject(localVarHeaderParameter, "{{name}}", [{{#scopes}}"{{{scope}}}"{{^-last}}, {{/-last}}{{/scopes}}], configuration)
             {{/isOAuth}}
 
     {{/authMethods}}
diff --git a/modules/openapi-generator/src/main/resources/typescript-axios/common.mustache b/modules/openapi-generator/src/main/resources/typescript-axios/common.mustache
@@ -25,70 +25,36 @@ export const assertParamExists = function (functionName: string, paramName: stri
     }
 }
 
-export const setApiKeyToObject = async function (object: any, keyParamName: string, configuration?: Configuration, allowsAnonymous?: boolean) {
+export const setApiKeyToObject = async function (object: any, keyParamName: string, configuration?: Configuration) {
     if (configuration && configuration.apiKey) {
-        try {
-            const localVarApiKeyValue = typeof configuration.apiKey === 'function'
-                ? await configuration.apiKey(keyParamName)
-                : await configuration.apiKey;
-            if (localVarApiKeyValue) {
-                object[keyParamName] = localVarApiKeyValue;
-            }
-        } catch (error) {
-            if (!allowsAnonymous) {
-                throw error;
-            }
-            // If anonymous is allowed, silently ignore authentication failures
-        }
+        const localVarApiKeyValue = typeof configuration.apiKey === 'function'
+            ? await configuration.apiKey(keyParamName)
+            : await configuration.apiKey;
+        object[keyParamName] = localVarApiKeyValue;
     }
 }
 
-export const setBasicAuthToObject = function (object: any, configuration?: Configuration, allowsAnonymous?: boolean) {
+export const setBasicAuthToObject = function (object: any, configuration?: Configuration) {
     if (configuration && (configuration.username || configuration.password)) {
-        try {
-            object["auth"] = { username: configuration.username, password: configuration.password };
-        } catch (error) {
-            if (!allowsAnonymous) {
-                throw error;
-            }
-            // If anonymous is allowed, silently ignore authentication failures
-        }
+        object["auth"] = { username: configuration.username, password: configuration.password };
     }
 }
 
-export const setBearerAuthToObject = async function (object: any, configuration?: Configuration, allowsAnonymous?: boolean) {
+export const setBearerAuthToObject = async function (object: any, configuration?: Configuration) {
     if (configuration && configuration.accessToken) {
-        try {
-            const accessToken = typeof configuration.accessToken === 'function'
-                ? await configuration.accessToken()
-                : await configuration.accessToken;
-            if (accessToken) {
-                object["Authorization"] = "Bearer " + accessToken;
-            }
-        } catch (error) {
-            if (!allowsAnonymous) {
-                throw error;
-            }
-            // If anonymous is allowed, silently ignore authentication failures
-        }
+        const accessToken = typeof configuration.accessToken === 'function'
+            ? await configuration.accessToken()
+            : await configuration.accessToken;
+        object["Authorization"] = "Bearer " + accessToken;
     }
 }
 
-export const setOAuthToObject = async function (object: any, name: string, scopes: string[], configuration?: Configuration, allowsAnonymous?: boolean) {
+export const setOAuthToObject = async function (object: any, name: string, scopes: string[], configuration?: Configuration) {
     if (configuration && configuration.accessToken) {
-        try {
-            const localVarAccessTokenValue = typeof configuration.accessToken === 'function'
-                ? await configuration.accessToken(name, scopes)
-                : await configuration.accessToken;
-            if (localVarAccessTokenValue) {
-                object["Authorization"] = "Bearer " + localVarAccessTokenValue;
-            }
-        } catch (error) {
-            if (!allowsAnonymous) {
-                throw error;
-            }
-            // If anonymous is allowed, silently ignore authentication failures
-        }
+        const localVarAccessTokenValue = typeof configuration.accessToken === 'function'
+            ? await configuration.accessToken(name, scopes)
+            : await configuration.accessToken;
+        object["Authorization"] = "Bearer " + localVarAccessTokenValue;
     }
 }
 
diff --git a/samples/client/echo_api/typescript-axios/build/api.ts b/samples/client/echo_api/typescript-axios/build/api.ts
@@ -160,11 +160,10 @@ export const AuthApiAxiosParamCreator = function (configuration?: Configuration)
             const localVarRequestOptions = { method: 'POST', ...baseOptions, ...options};
             const localVarHeaderParameter = {} as any;
             const localVarQueryParameter = {} as any;
-            const allowsAnonymous = false;
 
             // authentication http_auth required
             // http basic authentication required
-            setBasicAuthToObject(localVarRequestOptions, configuration, allowsAnonymous)
+            setBasicAuthToObject(localVarRequestOptions, configuration)
 
             localVarHeaderParameter['Accept'] = 'text/plain';
 
@@ -195,11 +194,10 @@ export const AuthApiAxiosParamCreator = function (configuration?: Configuration)
             const localVarRequestOptions = { method: 'POST', ...baseOptions, ...options};
             const localVarHeaderParameter = {} as any;
             const localVarQueryParameter = {} as any;
-            const allowsAnonymous = false;
 
             // authentication http_bearer_auth required
             // http bearer authentication required
-            await setBearerAuthToObject(localVarHeaderParameter, configuration, allowsAnonymous)
+            await setBearerAuthToObject(localVarHeaderParameter, configuration)
 
             localVarHeaderParameter['Accept'] = 'text/plain';
 
@@ -325,6 +323,7 @@ export const BodyApiAxiosParamCreator = function (configuration?: Configuration)
             const localVarRequestOptions = { method: 'POST', ...baseOptions, ...options};
             const localVarHeaderParameter = {} as any;
             const localVarQueryParameter = {} as any;
+            const allowsAnonymous = true;
 
             localVarHeaderParameter['Accept'] = 'image/gif';
 
@@ -356,6 +355,7 @@ export const BodyApiAxiosParamCreator = function (configuration?: Configuration)
             const localVarRequestOptions = { method: 'POST', ...baseOptions, ...options};
             const localVarHeaderParameter = {} as any;
             const localVarQueryParameter = {} as any;
+            const allowsAnonymous = true;
 
             localVarHeaderParameter['Content-Type'] = 'application/octet-stream';
             localVarHeaderParameter['Accept'] = 'text/plain';
@@ -392,6 +392,7 @@ export const BodyApiAxiosParamCreator = function (configuration?: Configuration)
             const localVarHeaderParameter = {} as any;
             const localVarQueryParameter = {} as any;
             const localVarFormParams = new ((configuration && configuration.formDataCtor) || FormData)();
+            const allowsAnonymous = true;
 
             if (files) {
                 files.forEach((element) => {
@@ -432,6 +433,7 @@ export const BodyApiAxiosParamCreator = function (configuration?: Configuration)
             const localVarHeaderParameter = {} as any;
             const localVarQueryParameter = {} as any;
             const localVarFormParams = new ((configuration && configuration.formDataCtor) || FormData)();
+            const allowsAnonymous = true;
 
 
             if (myFile !== undefined) { 
diff --git a/samples/client/echo_api/typescript-axios/build/common.ts b/samples/client/echo_api/typescript-axios/build/common.ts
@@ -29,70 +29,36 @@ export const assertParamExists = function (functionName: string, paramName: stri
     }
 }
 
-export const setApiKeyToObject = async function (object: any, keyParamName: string, configuration?: Configuration, allowsAnonymous?: boolean) {
+export const setApiKeyToObject = async function (object: any, keyParamName: string, configuration?: Configuration) {
     if (configuration && configuration.apiKey) {
-        try {
-            const localVarApiKeyValue = typeof configuration.apiKey === 'function'
-                ? await configuration.apiKey(keyParamName)
-                : await configuration.apiKey;
-            if (localVarApiKeyValue) {
-                object[keyParamName] = localVarApiKeyValue;
-            }
-        } catch (error) {
-            if (!allowsAnonymous) {
-                throw error;
-            }
-            // If anonymous is allowed, silently ignore authentication failures
-        }
+        const localVarApiKeyValue = typeof configuration.apiKey === 'function'
+            ? await configuration.apiKey(keyParamName)
+            : await configuration.apiKey;
+        object[keyParamName] = localVarApiKeyValue;
     }
 }
 
-export const setBasicAuthToObject = function (object: any, configuration?: Configuration, allowsAnonymous?: boolean) {
+export const setBasicAuthToObject = function (object: any, configuration?: Configuration) {
     if (configuration && (configuration.username || configuration.password)) {
-        try {
-            object["auth"] = { username: configuration.username, password: configuration.password };
-        } catch (error) {
-            if (!allowsAnonymous) {
-                throw error;
-            }
-            // If anonymous is allowed, silently ignore authentication failures
-        }
+        object["auth"] = { username: configuration.username, password: configuration.password };
     }
 }
 
-export const setBearerAuthToObject = async function (object: any, configuration?: Configuration, allowsAnonymous?: boolean) {
+export const setBearerAuthToObject = async function (object: any, configuration?: Configuration) {
     if (configuration && configuration.accessToken) {
-        try {
-            const accessToken = typeof configuration.accessToken === 'function'
-                ? await configuration.accessToken()
-                : await configuration.accessToken;
-            if (accessToken) {
-                object["Authorization"] = "Bearer " + accessToken;
-            }
-        } catch (error) {
-            if (!allowsAnonymous) {
-                throw error;
-            }
-            // If anonymous is allowed, silently ignore authentication failures
-        }
+        const accessToken = typeof configuration.accessToken === 'function'
+            ? await configuration.accessToken()
+            : await configuration.accessToken;
+        object["Authorization"] = "Bearer " + accessToken;
     }
 }
 
-export const setOAuthToObject = async function (object: any, name: string, scopes: string[], configuration?: Configuration, allowsAnonymous?: boolean) {
+export const setOAuthToObject = async function (object: any, name: string, scopes: string[], configuration?: Configuration) {
     if (configuration && configuration.accessToken) {
-        try {
-            const localVarAccessTokenValue = typeof configuration.accessToken === 'function'
-                ? await configuration.accessToken(name, scopes)
-                : await configuration.accessToken;
-            if (localVarAccessTokenValue) {
-                object["Authorization"] = "Bearer " + localVarAccessTokenValue;
-            }
-        } catch (error) {
-            if (!allowsAnonymous) {
-                throw error;
-            }
-            // If anonymous is allowed, silently ignore authentication failures
-        }
+        const localVarAccessTokenValue = typeof configuration.accessToken === 'function'
+            ? await configuration.accessToken(name, scopes)
+            : await configuration.accessToken;
+        object["Authorization"] = "Bearer " + localVarAccessTokenValue;
     }
 }
 
