* Set up code skeleton for validation middleware
* Add more boilerplate code
* WIP
* Add ASGI JSONBodyValidator
* Revert example changes
* Remove incorrect content type test
Co-authored-by: Ruwan <ruwanlambrichts@gmail.com>
* WIP: rework required_scopes checking
* Update tests for security scopes
* Add test for oauth security scheme with multiple possible scopes
* Update security tests
* Change optional auth test to correct behaviour
* Update security documentation
* Remove TODOs
* Catch possible exceptions from failed checks in async security factory
* Add .venv/ to gitignore
* Try to raise most specific exception
* Add test for raising most specific error
* Update async security handler factory
* Fix security handler error catching
* Fix imports order
* Add a relative resolver
* Fix super() usage
* Apply suggestions from code review
* Allow root_path to be a Python module
* Expand documentation for RelativeResolver
* Add tests for relative resolver
* Add support for multiple security schemes in AND fashion
* Add test for operation with multiple security schemes combined using logical AND
* Add test for multiple oauth combined using logical AND
Fixes#206 - Handle nested paths in swagger definitions.
- Allow nested paths to be handled in `get` and `search` handlers
An explicit decision has been made to resolve paths (with a prefix like `my.api`) like:
- `/hello/{hello_id}/world` --> `my.api.hello.world:search(hello_id)`
- `/hello/world/{world_id}` --> `my.api.hello.world:get(world_id)`
* Fix typo in security.rst from of to an or
Changed `of` to an `or`, I guessed a Dutch person wrote this and noticed it's one of the biggest gotchas to see if a Dutchie is the author.
* Changed 'of' to 'with a value of'
* Add swagger_ui_config option to configure the Swagger UI
There was no possibility to configure the Swagger UI. Through
this new option a config object can be passed to the UI via
a `swagger-ui-config.json` file.
* Add tests for swagger_ui_config option
* Added MethodViewResolver
By subclassing RestyResolver and modifying its `resolve_function_from_operation_id` method, it is now possible to use automatic routing functionality with Flask's MethodView together with MethodViewResolver.
* Add MethodView example
* Add tests for methodview
* add documentation on how to use MethodViewResolver
- App and Api options must be provided through the "options" argument (``old_style_options`` have been removed).
- You must specify a form content-type in 'consumes' in order to consume form data.
- The `Operation` interface has been formalized in the `AbstractOperation` class.
- The `Operation` class has been renamed to `Swagger2Operation`.
- Array parameter deserialization now follows the Swagger 2.0 spec more closely.
In situations when a query parameter is passed multiple times, and the collectionFormat is either csv or pipes, the right-most value will be used.
For example, `?q=1,2,3&q=4,5,6` will result in `q = [4, 5, 6]`.
The old behavior is available by setting the collectionFormat to `multi`, or by importing `decorators.uri_parsing.AlwaysMultiURIParser` and passing `parser_class=AlwaysMultiURIParser` to your Api.
- The spec validator library has changed from `swagger-spec-validator` to `openapi-spec-validator`.
- Errors that previously raised `SwaggerValidationError` now raise the `InvalidSpecification` exception.
All spec validation errors should be wrapped with `InvalidSpecification`.
- Support for nullable/x-nullable, readOnly and writeOnly/x-writeOnly has been added to the standard json schema validator.
- Custom validators can now be specified on api level (instead of app level).
- Added support for basic authentication and apikey authentication
- If unsupported security requirements are defined or ``x-tokenInfoFunc``/``x-tokenInfoUrl`` is missing, connexion now denies requests instead of allowing access without security-check.
- Accessing ``connexion.request.user`` / ``flask.request.user`` is no longer supported, use ``connexion.context['user']`` instead
