mirror of
https://github.com/LukeHagar/connexion.git
synced 2025-12-10 04:19:37 +00:00
Re-add attributes to OAuthScopeProblem
This commit is contained in:
Robbe Sneyders
@@ -124,7 +124,14 @@ class Forbidden(HTTPException):
|
|||||||
|
|
||||||
|
|
||||||
class OAuthScopeProblem(Forbidden):
|
class OAuthScopeProblem(Forbidden):
|
||||||
pass
|
def __init__(self, token_scopes: list, required_scopes: list) -> None:
|
||||||
|
self.required_scopes = required_scopes
|
||||||
|
self.token_scopes = token_scopes
|
||||||
|
detail = (
|
||||||
|
f"Provided token does not have the required scopes. "
|
||||||
|
f"Provided: {token_scopes}; Required: {required_scopes}"
|
||||||
|
)
|
||||||
|
super().__init__(detail=detail)
|
||||||
|
|
||||||
|
|
||||||
class UnsupportedMediaTypeProblem(ClientError):
|
class UnsupportedMediaTypeProblem(ClientError):
|
||||||
|
|||||||
@@ -395,7 +395,8 @@ class SecurityHandlerFactory:
|
|||||||
validation = await validation
|
validation = await validation
|
||||||
if not validation:
|
if not validation:
|
||||||
raise OAuthScopeProblem(
|
raise OAuthScopeProblem(
|
||||||
detail="Provided token doesn't have the required scope",
|
required_scopes=required_scopes,
|
||||||
|
token_scopes=token_scopes,
|
||||||
)
|
)
|
||||||
|
|
||||||
return token_info
|
return token_info
|
||||||
|
|||||||
@@ -105,9 +105,8 @@ def test_security(oauth_requests, secure_endpoint_app):
|
|||||||
assert get_bye_wrong_scope.status_code == 403
|
assert get_bye_wrong_scope.status_code == 403
|
||||||
assert get_bye_wrong_scope.headers.get("content-type") == "application/problem+json"
|
assert get_bye_wrong_scope.headers.get("content-type") == "application/problem+json"
|
||||||
get_bye_wrong_scope_reponse = get_bye_wrong_scope.json()
|
get_bye_wrong_scope_reponse = get_bye_wrong_scope.json()
|
||||||
assert (
|
assert get_bye_wrong_scope_reponse["detail"].startswith(
|
||||||
get_bye_wrong_scope_reponse["detail"]
|
"Provided token does not have the required scope"
|
||||||
== "Provided token doesn't have the required scope"
|
|
||||||
)
|
)
|
||||||
|
|
||||||
headers = {"Authorization": "Bearer 300"}
|
headers = {"Authorization": "Bearer 300"}
|
||||||
|
|||||||
@@ -88,7 +88,9 @@ async def test_verify_oauth_scopes_remote(monkeypatch):
|
|||||||
await wrapped_func(request)
|
await wrapped_func(request)
|
||||||
|
|
||||||
assert exc_info.value.status_code == 403
|
assert exc_info.value.status_code == 403
|
||||||
assert exc_info.value.detail == "Provided token doesn't have the required scope"
|
assert exc_info.value.detail.startswith(
|
||||||
|
"Provided token does not have the required scope"
|
||||||
|
)
|
||||||
|
|
||||||
tokeninfo["scope"] += " admin"
|
tokeninfo["scope"] += " admin"
|
||||||
assert await wrapped_func(request) is not None
|
assert await wrapped_func(request) is not None
|
||||||
@@ -98,7 +100,9 @@ async def test_verify_oauth_scopes_remote(monkeypatch):
|
|||||||
await wrapped_func(request)
|
await wrapped_func(request)
|
||||||
|
|
||||||
assert exc_info.value.status_code == 403
|
assert exc_info.value.status_code == 403
|
||||||
assert exc_info.value.detail == "Provided token doesn't have the required scope"
|
assert exc_info.value.detail.startswith(
|
||||||
|
"Provided token does not have the required scope"
|
||||||
|
)
|
||||||
|
|
||||||
tokeninfo["scope"].append("admin")
|
tokeninfo["scope"].append("admin")
|
||||||
assert await wrapped_func(request) is not None
|
assert await wrapped_func(request) is not None
|
||||||
@@ -138,7 +142,9 @@ async def test_verify_oauth_scopes_local():
|
|||||||
await wrapped_func(request)
|
await wrapped_func(request)
|
||||||
|
|
||||||
assert exc_info.value.status_code == 403
|
assert exc_info.value.status_code == 403
|
||||||
assert exc_info.value.detail == "Provided token doesn't have the required scope"
|
assert exc_info.value.detail.startswith(
|
||||||
|
"Provided token does not have the required scope"
|
||||||
|
)
|
||||||
|
|
||||||
tokeninfo["scope"] += " admin"
|
tokeninfo["scope"] += " admin"
|
||||||
assert await wrapped_func(request) is not None
|
assert await wrapped_func(request) is not None
|
||||||
@@ -148,7 +154,9 @@ async def test_verify_oauth_scopes_local():
|
|||||||
await wrapped_func(request)
|
await wrapped_func(request)
|
||||||
|
|
||||||
assert exc_info.value.status_code == 403
|
assert exc_info.value.status_code == 403
|
||||||
assert exc_info.value.detail == "Provided token doesn't have the required scope"
|
assert exc_info.value.detail.startswith(
|
||||||
|
"Provided token does not have the required scope"
|
||||||
|
)
|
||||||
|
|
||||||
tokeninfo["scope"].append("admin")
|
tokeninfo["scope"].append("admin")
|
||||||
assert await wrapped_func(request) is not None
|
assert await wrapped_func(request) is not None
|
||||||
@@ -277,15 +285,15 @@ async def test_verify_security_oauthproblem():
|
|||||||
"errors, most_specific",
|
"errors, most_specific",
|
||||||
[
|
[
|
||||||
([OAuthProblem()], OAuthProblem),
|
([OAuthProblem()], OAuthProblem),
|
||||||
([OAuthProblem(), OAuthScopeProblem()], OAuthScopeProblem),
|
([OAuthProblem(), OAuthScopeProblem([], [])], OAuthScopeProblem),
|
||||||
(
|
(
|
||||||
[OAuthProblem(), OAuthScopeProblem(), BadRequestProblem],
|
[OAuthProblem(), OAuthScopeProblem([], []), BadRequestProblem],
|
||||||
OAuthScopeProblem,
|
OAuthScopeProblem,
|
||||||
),
|
),
|
||||||
(
|
(
|
||||||
[
|
[
|
||||||
OAuthProblem(),
|
OAuthProblem(),
|
||||||
OAuthScopeProblem(),
|
OAuthScopeProblem([], []),
|
||||||
BadRequestProblem,
|
BadRequestProblem,
|
||||||
ConnexionException,
|
ConnexionException,
|
||||||
],
|
],
|
||||||
|
|||||||
Reference in New Issue
Block a user