Tests improvement

validate_security_object have to raises only for apiKey security definitions

bravado_core/validate.py

@@ -7,6 +7,7 @@
 from bravado_core.exception import SwaggerMappingError, SwaggerSecurityValidationError
 from bravado_core.schema import SWAGGER_PRIMITIVES
 from bravado_core.swagger20_validator import get_validator_type
+from six import itervalues
 
 
 def validate_schema_object(swagger_spec, schema_object_spec, value):
@@ -82,14 +83,22 @@ def validate_security_object(op, request_data):
     :type request_data: dict
     :raise: SwaggerSecurityValidationError
     """
-    if len(op.security_requirements) > 0:
+
+    security_types = set([
+        definition.type
+        for security_requirement in op.security_requirements
+        for definition in itervalues(security_requirement.security_definitions)
+    ])
+
+    # At the moment we are handling only apiKey securities
+    if 'apiKey' in security_types:
         matched_security_indexes = []
         for security_index, security_params_list in enumerate(op.security_requirements):
-            if all([request_data[security_param.name] is not None for security_param in security_params_list]):
+            if all([request_data.get(security_param.name) is not None for security_param in security_params_list]):
                 matched_security_indexes.append(security_index)
 
         if len(matched_security_indexes) == 0:
-            raise SwaggerSecurityValidationError('No security definition used.')  # TODO: improve error message
+            raise SwaggerSecurityValidationError('No security definition used.')
 
         if len(matched_security_indexes) > 1:
             # if more than one security defs are matched then check if one security definition contains all the others

test-data/2.0/security/swagger.json

@@ -84,6 +84,23 @@
       }
     },
     "/example4": {
+      "get": {
+        "description": "Endpoint uses oauth2, no handling provided at the moment",
+        "security": [
+          {
+            "oauth2": [
+              "write:resource"
+            ]
+          }
+        ],
+        "responses": {
+          "200": {
+            "description": "OK"
+          }
+        }
+      }
+    },
+    "/example5": {
       "get": {
         "description": "Endpoint not requires any header parameter",
         "security": [],

tests/operation/security_object_test.py

@@ -111,7 +111,8 @@ def test_wrong_request_with_apiKey_security(petstore_spec):
         ('example1', 'get_example1', (('apiKey1',), ('apiKey2',))),
         ('example2', 'get_example2', (('apiKey3',),)),
         ('example3', 'get_example3', (('apiKey1', 'apiKey2',), ('apiKey2',))),
-        ('example4', 'get_example4', ()),
+        ('example4', 'get_example4', (('oauth2',),)),
+        ('example5', 'get_example5', ()),
     ]
 )
 def test_security_parameters_selection(

tests/security_test.py

@@ -1,8 +1,30 @@
-# from bravado_core.security_definition import SecurityDefinition
-#
-# def test_a(security_spec):
-#     oauth2 = security_spec.security_definitions['oauth2']
-#     example1 = security_spec.resources['example1'].operations['get_example1']
-#     example2 = security_spec.resources['example2'].operations['get_example2']
-#     example3 = security_spec.resources['example3'].operations['get_example3']
-#     example4 = security_spec.resources['example4'].operations['get_example4']
+import pytest
+from six import iteritems
+
+
+def test_security_definition_property_extraction(security_dict, security_spec):
+    security_definitions = security_dict['securityDefinitions']
+    for security_name, security_spec_dict in iteritems(security_definitions):
+        security_object = security_spec.security_definitions[security_name]
+        for key, value in iteritems(security_spec_dict):
+            assert getattr(security_object, key if key != 'in' else 'location') == value
+
+
+@pytest.mark.parametrize(
+    'resource, operation, expected_scopes',
+    [
+        ('example1', 'get_example1', [{'apiKey1': []}, {'apiKey2': []}]),
+        ('example2', 'get_example2', [{'apiKey3': []}]),
+        ('example3', 'get_example3', [{'apiKey1': [], 'apiKey2': []}, {'apiKey2': []}]),
+        ('example4', 'get_example4', [{'oauth2': ['write:resource']}]),
+        ('example5', 'get_example5', []),
+    ]
+)
+def test_security_scopes(security_spec, resource, operation, expected_scopes):
+    def _get_operation():
+        return security_spec.resources[resource].operations[operation]
+
+    assert [
+        security_requirement.security_scopes
+        for security_requirement in _get_operation().security_requirements
+    ] == expected_scopes

tests/validate/validate_security_object_test.py

@@ -0,0 +1,35 @@
+import pytest
+
+from bravado_core.exception import SwaggerValidationError
+from bravado_core.validate import validate_security_object
+
+
+@pytest.mark.parametrize(
+    'resource, operation, request_data',
+    [
+        ('example1', 'get_example1', {'apiKey1': 'key'}),
+        ('example1', 'get_example1', {'apiKey2': 'key'}),
+        ('example2', 'get_example2', {'apiKey3': 'key'}),
+        ('example3', 'get_example3', {'apiKey1': 'key', 'apiKey2': 'key'}),
+        ('example3', 'get_example3', {'apiKey2': 'key'}),
+        ('example4', 'get_example4', {}),
+        ('example5', 'get_example5', {}),
+    ]
+)
+def test_validate_correct_security_objects(security_spec, resource, operation, request_data):
+    op = security_spec.resources[resource].operations[operation]
+    validate_security_object(op, request_data)
+
+
+@pytest.mark.parametrize(
+    'resource, operation, request_data',
+    [
+        ('example1', 'get_example1', {}),
+        ('example1', 'get_example1', {'apiKey1': 'key', 'apiKey2': 'key'}),
+        ('example3', 'get_example3', {'apiKey1': 'key', 'apiKey3': 'key'}),
+    ]
+)
+def test_validate_incorrect_security_objects(security_spec, resource, operation, request_data):
+    op = security_spec.resources[resource].operations[operation]
+    with pytest.raises(SwaggerValidationError):
+        validate_security_object(op, request_data)