* Extract boilerplate code into Routed base classes
* Use typing_extensions for Python 3.7 Protocol support
* Use Mock instead of AsyncMock
* Turn properties into class attributes
* WIP: rework required_scopes checking
* Update tests for security scopes
* Add test for oauth security scheme with multiple possible scopes
* Update security tests
* Change optional auth test to correct behaviour
* Update security documentation
* Remove TODOs
* Catch possible exceptions from failed checks in async security factory
* Add .venv/ to gitignore
* Try to raise most specific exception
* Add test for raising most specific error
* Update async security handler factory
* Fix security handler error catching
* Fix imports order
* Add support for multiple security schemes in AND fashion
* Add test for operation with multiple security schemes combined using logical AND
* Add test for multiple oauth combined using logical AND
Co-authored-by: Jacob Floyd <cognifloyd@gmail.com>
Fixes#868
Allow to use coroutines with Aiohttp in security handlers.
- Move all function from connexion.operations.security to a class in connexion.security.SecurityHandlerFactory
- Specialize this class for AioHttp and Flask, and instantiate them in dedicated APIs
- AioHttp specialization now support coroutines
- pass_context_arg_name option is supported for security handlers
Fixes the build.
Changes proposed in this pull request:
- apply all of the isort changes that resulted from the latest version
- pin to the latest version (4.3.15) so this doesn't happen again, unless we bump the version on purpose
- App and Api options must be provided through the "options" argument (``old_style_options`` have been removed).
- You must specify a form content-type in 'consumes' in order to consume form data.
- The `Operation` interface has been formalized in the `AbstractOperation` class.
- The `Operation` class has been renamed to `Swagger2Operation`.
- Array parameter deserialization now follows the Swagger 2.0 spec more closely.
In situations when a query parameter is passed multiple times, and the collectionFormat is either csv or pipes, the right-most value will be used.
For example, `?q=1,2,3&q=4,5,6` will result in `q = [4, 5, 6]`.
The old behavior is available by setting the collectionFormat to `multi`, or by importing `decorators.uri_parsing.AlwaysMultiURIParser` and passing `parser_class=AlwaysMultiURIParser` to your Api.
- The spec validator library has changed from `swagger-spec-validator` to `openapi-spec-validator`.
- Errors that previously raised `SwaggerValidationError` now raise the `InvalidSpecification` exception.
All spec validation errors should be wrapped with `InvalidSpecification`.
- Support for nullable/x-nullable, readOnly and writeOnly/x-writeOnly has been added to the standard json schema validator.
- Custom validators can now be specified on api level (instead of app level).
- Added support for basic authentication and apikey authentication
- If unsupported security requirements are defined or ``x-tokenInfoFunc``/``x-tokenInfoUrl`` is missing, connexion now denies requests instead of allowing access without security-check.
- Accessing ``connexion.request.user`` / ``flask.request.user`` is no longer supported, use ``connexion.context['user']`` instead
