LukeParke/connexion
1
0
Fork 0
mirror of https://github.com/LukeHagar/connexion.git synced 2025-12-09 20:37:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Connexion 2.0 (#619)

Browse Source 
- App and Api options must be provided through the "options" argument (``old_style_options`` have been removed).
- You must specify a form content-type in 'consumes' in order to consume form data.
- The `Operation` interface has been formalized in the `AbstractOperation` class.
- The `Operation` class has been renamed to `Swagger2Operation`.
- Array parameter deserialization now follows the Swagger 2.0 spec more closely.
  In situations when a query parameter is passed multiple times, and the collectionFormat is either csv or pipes, the right-most value will be used.
  For example, `?q=1,2,3&q=4,5,6` will result in `q = [4, 5, 6]`.
  The old behavior is available by setting the collectionFormat to `multi`, or by importing `decorators.uri_parsing.AlwaysMultiURIParser` and passing `parser_class=AlwaysMultiURIParser` to your Api.
- The spec validator library has changed from `swagger-spec-validator` to `openapi-spec-validator`.
- Errors that previously raised `SwaggerValidationError` now raise the `InvalidSpecification` exception.
  All spec validation errors should be wrapped with `InvalidSpecification`.
- Support for nullable/x-nullable, readOnly and writeOnly/x-writeOnly has been added to the standard json schema validator.
- Custom validators can now be specified on api level (instead of app level).
- Added support for basic authentication and apikey authentication
- If unsupported security requirements are defined or ``x-tokenInfoFunc``/``x-tokenInfoUrl`` is missing, connexion now denies requests instead of allowing access without security-check.
- Accessing ``connexion.request.user`` / ``flask.request.user`` is no longer supported, use ``connexion.context['user']`` instead
This commit is contained in:
João Santos
2018-11-05 14:50:42 +01:00
committed by GitHub
parent 08faf2aa86
commit 44ea9336fe
160 changed files with 4561 additions and 39687 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
tests/api/test_secure_api.py
View File

@@ -3,13 +3,8 @@ import json
from connexion import FlaskApp
def test_security_over_inexistent_endpoints(oauth_requests, secure_api_spec_dir):
app1 = FlaskApp(__name__, port=5001, specification_dir=secure_api_spec_dir,
swagger_ui=False, debug=True, auth_all_paths=True)
app1.add_api('swagger.yaml')
assert app1.port == 5001
app_client = app1.app.test_client()
def test_security_over_nonexistent_endpoints(oauth_requests, secure_api_app):
app_client = secure_api_app.app.test_client()
headers = {"Authorization": "Bearer 300"}
get_inexistent_endpoint = app_client.get('/v1.0/does-not-exist-invalid-token',
headers=headers) # type: flask.Response
@@ -68,9 +63,11 @@ def test_security(oauth_requests, secure_endpoint_app):
assert get_bye_bad_token_reponse['detail'] == "Provided oauth token is not valid"
response = app_client.get('/v1.0/more-than-one-security-definition') # type: flask.Response
assert response.status_code == 200
assert response.status_code == 401
response = app_client.get('/v1.0/user-handled-security') # type: flask.Response
# also tests case-insensitivity
headers = {"X-AUTH": "mykey"}
response = app_client.get('/v1.0/more-than-one-security-definition', headers=headers) # type: flask.Response
assert response.status_code == 200
headers = {"Authorization": "Bearer 100"}