-
Notifications
You must be signed in to change notification settings - Fork 98
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make Security Definition and Security Requirement as Python Objects #124
Make Security Definition and Security Requirement as Python Objects #124
Conversation
Can confirm that this is working for me using my simple spec where the API key can be in the query or header. |
I have added test care with apiKey security with parameter in query. @jlumpe the test modified is checking even that case. |
640a765
to
129b62a
Compare
@sjaensch if you have some time in the next days could you have a look to this? Thanks a lot |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lg2m, sorry for the long review time turnaround. Let's get this shipped!
:raise: SwaggerSecurityValidationError | ||
""" | ||
|
||
security_types = set([ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No need to create a temporary list here, you can just remove the square brackets.
|
||
# is the longest security definition a superset for all the others? | ||
# if no there is no way to discriminate the security definition matched | ||
exists_superset = all( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So this is something that the spec allows? Is it something that we expect to encounter in the real world? I don't see how it would make sense, at least in the context of API keys, to require either one or more than one. Wouldn't you then just say "hey the one is enough"?
Security parameters validation Prevent overriding parameters from security object
validate_security_object have to raises only for apiKey security definitions
7260c2b
to
df8b4bf
Compare
🛳 |
The goal of this PR is to target #123.
As @jlumpe the initial implementation of the security object added by PR #112 was not 100% compliant with the swagger specs.
To achieve a better matching of the specs I have created specific classes for Security Definition and Security Requirement. In this way will be easier to integrate the handling of
oauth2
security format.Main differences:
security_objects
property ofoperation
is removed: the definition was incomplete and is replaced bysecurity_requirements
property which returns the list of Security Requirement objectsexample3
on issue Fix handling of security requirements to match spec #123)unmarshal_request
performs proper validation of security related parameters:example5
on issue Fix handling of security requirements to match spec #123)I know that reviewing it could be hard ... so I added a long set of tests to guarantee a good coverage of the modifications.
NOTE: I'll update
CHANGELOG.rst
after the end of the review