This PR adds an `add_middleware` method to the apps and
`ConnexionMiddleware` to easily add middleware to the stack. Before, the
only way to do this was to pass in a complete middleware stack.
The default position to add the new middleware is right before the
`ContextMiddleware`, which is the final middleware in the stack. Another
position can be selected by passing in a `MiddlewarePosition` enum,
which defines some positions which make sense.
Since we can no longer assume that the whole middleware stack is defined
when initializing the `ConnexionMiddleware`, we need to delay building
the middleware stack until the `ConnexionMiddleware` is actually called.
This also means we need to delay registering the APIs and error
handlers. This is now all done in the `_build_middleware_stack` method.
Fixes#254Fixes#967
This PR fixes the very long-standing issue of being able to handle
relative references, which allows users to split their specification
into multiple files.
This PR refactors our tests to prepare the activation of our tests for
our AsyncApp.
The separate commits are atomic, which can be useful for reviewing.
---------
Co-authored-by: Ruwann <ruwanlambrichts@gmail.com>
This PR adds an interface for the ConnexionMiddleware, similar to the
interface of the Connexion Apps.
The Connexion Apps are now a simple wrapper around the
ConnexionMiddleware and framework app, delegating the work to the
middleware. This enables a similar interface and behavior for users when
using either the middleware or apps.
The arguments are repeated everywhere there is a user interface, but are
parsed in a central place. Repeating the arguments is not DRY, but
needed to provide users with IDE autocomplete, typing, etc. They are
parsed in a single `_Options` class, which also provides a mechanism to
set default options on an App level, and override them on the more
granular API level.
This makes the long list of provided parameters a lot more manageable,
so I would like to use it for the `Jsonifier` as well, and re-add the
`debug` and `extra_files` arguments which I have dropped in previous
PRs. I'll submit a separate PR for this.
I renamed the `options` parameter to `swagger_ui_options` since it only
contains swagger UI options. This is a breaking change though, and we'll
need to highlight this upon release.
We still have quite a lot of `App`, `MiddlewareApp`, and abstract
classes. It would be great if we could find a way to reduce those
further, or at least find better naming to make it more clear what each
one does 🙂 .
Finally, I added examples on how the middleware can be used with third
party frameworks under `examples/frameworks`. Currently there's an
example for Starlette and Quart, but this should be easy to extend. They
also show how the `ASGIDecorator` and `StarletteDecorator` from my
previous PR can be used.
This PR updates the examples for Connexion 3.0 and merges them for
OpenAPI and Swagger.
2 examples required some changes to make them work:
- The reverse proxy example required some fixes to the
SwaggerUIMiddleware to leverage the `root_path` correctly. This is
included in the PR.
- The enforced defaults example requires the json validator to adapt the
body and pass it on. We currently pass on the original body after
validation, and I'm not sure if we should change this. I'll submit a
separate PR to discuss this.
* Removed internal variable pass_context_arg_name
* fixed issue with personalized context name in tests
* restored code from pr suggestion
* restore decorator functionality
now the function accept a pass_context_arg boolean parameter,
instead of the pass_context_arg_name value
* Fixed security test checks, now passes tests
* Removed pass_context_arg, fixed security handler
fixed security handler as suggested
removed pass_context_arg as before
* Fix context injection test
Co-authored-by: Niels Dewulf <87133686+nielsbox@users.noreply.github.com>
Co-authored-by: Robbe Sneyders <robbe.sneyders@ml6.eu>
* Set up code skeleton for validation middleware
* Add more boilerplate code
* WIP
* Add ASGI JSONBodyValidator
* Revert example changes
* Remove incorrect content type test
Co-authored-by: Ruwan <ruwanlambrichts@gmail.com>
* Add test for MethodViewResolver
* Warn about ignoring of collection_endpoint_name in MethodViewResolver
* Add docstring on class_arguments in MethodViewResolver
Co-authored-by: Jacob Floyd <cognifloyd@gmail.com>
Fixes#868
Allow to use coroutines with Aiohttp in security handlers.
- Move all function from connexion.operations.security to a class in connexion.security.SecurityHandlerFactory
- Specialize this class for AioHttp and Flask, and instantiate them in dedicated APIs
- AioHttp specialization now support coroutines
- pass_context_arg_name option is supported for security handlers
* Support aiohttp handlers to return tuples
* Minor update from #828 review
* Factorize more code between Flask and AioHttp response
* Fix CI
* Drop six string types
* Standardize response logging
* Handle one-tuples that only contain data
* clean up a couple of type hint comments
* Add a few more get_response tests
* Adjust _prepare_body interface to simplify improving _serialize_data
Rename _jsonify_data to _serialize_data to make its purpose easier to
understand (this was also known as _cast_body in aiohttp_api).
In exploring how to harmonize json serialization between aiothttp and
flask, we needed to be able to adjust the mimetype from within
_serialize_data. Harmonizing the actual serialization has to wait until
backwards incompatible changes can be made, but we can keep the new
interface, as these functions were introduced in this PR (#849).
* Add deprecation warnings about implicit serialization
* Remove the unused "query_sanitazion" fixture
* Test whether no sanitization is performed in the request body
* Do not perform sanitization on request body keys in OpenAPI v3
The deserialized JSON form of the request body
needs to be passed to the client applications
* without further modification *
so that they can work directly with objects
that have been received over the network.
The only names for which sanitization makes sense
are the ones which are used as Python identifiers.
Keys of the top-level JSON object within the request payload
are never used by Connexion as Python identifiers.
Also, no such sanitization of keys within request body
is performed in OpenAPI v2.
Closes issue #835.
* first implementation draft
* gitignore virtualenv
* use isinstance instead of type function
* fix tests
* remove unused function
* move object parsing to uri_parsing.py
* remove not needed import
* only test for OpenAPI
* remove not needed import
* make it work for other cases again
* flake8 fixes
* python2.7 fixes
* isort fix
* address code review comments
* remove for loop and address other comments
* remove not needed abstract function
* move array unnesting into uri_parsing
* make nested arrays possible
* style fixes
* style fixes
* test other data types
* comment and simplify function
* WIP: start additionalProperties test
* test additionalProperties
* remove uneccessary exception
* set default values
* set default values also in response
* flake8 fixes
* fix test
* use suggestions from dtkav's branch
* fix tests partially
* fix tests partially
* fix tests
* fix tests
* add comments for clarity
Fixes the build.
Changes proposed in this pull request:
- apply all of the isort changes that resulted from the latest version
- pin to the latest version (4.3.15) so this doesn't happen again, unless we bump the version on purpose
- App and Api options must be provided through the "options" argument (``old_style_options`` have been removed).
- You must specify a form content-type in 'consumes' in order to consume form data.
- The `Operation` interface has been formalized in the `AbstractOperation` class.
- The `Operation` class has been renamed to `Swagger2Operation`.
- Array parameter deserialization now follows the Swagger 2.0 spec more closely.
In situations when a query parameter is passed multiple times, and the collectionFormat is either csv or pipes, the right-most value will be used.
For example, `?q=1,2,3&q=4,5,6` will result in `q = [4, 5, 6]`.
The old behavior is available by setting the collectionFormat to `multi`, or by importing `decorators.uri_parsing.AlwaysMultiURIParser` and passing `parser_class=AlwaysMultiURIParser` to your Api.
- The spec validator library has changed from `swagger-spec-validator` to `openapi-spec-validator`.
- Errors that previously raised `SwaggerValidationError` now raise the `InvalidSpecification` exception.
All spec validation errors should be wrapped with `InvalidSpecification`.
- Support for nullable/x-nullable, readOnly and writeOnly/x-writeOnly has been added to the standard json schema validator.
- Custom validators can now be specified on api level (instead of app level).
- Added support for basic authentication and apikey authentication
- If unsupported security requirements are defined or ``x-tokenInfoFunc``/``x-tokenInfoUrl`` is missing, connexion now denies requests instead of allowing access without security-check.
- Accessing ``connexion.request.user`` / ``flask.request.user`` is no longer supported, use ``connexion.context['user']`` instead
- Added the AioHttpApi and AioHttpApp on connexion __init__;
- Created an abstract method on AbstractApi to cast the framework response to connexion response;
- Implemented the get_connexion_response on FlaskApi;
- Changed the CLI to use any kind of App class;
- Changed the ResponseValidator to always convert the response to a connexion response;
- Changed the ResponseValidator to support coroutine responses;
- Added the aiohttp as optional dependency;
- Added ujson as optional dependency;
- Skipped the aiohttp tests run on python 2.7;
- Changed the tests configs to run aiohttp tests properly on python 3.4+.
* FIX a typo causing an ERROR log
A small bug was introduced in #500 when sanitizing the request query
parameters. Instead of fetching the arguments from `request.query`,
the parameters were sanitized from the `request.form`. This causes an
error log to be printed, as the parameters are not expected for the
query (for example in the case of a POST request).
Fixes#504
* adds a fixture for testing query param sanitazion
Adds a simple fixture to test form and query parameter sanitazion. This
is mostly related to #522, in which the `formData` parameters were
treated as query parameters.
* add a test to validate form data params
* introduce testfixtures library
* Order classes by relevance in module
* Order definitions by relevance within module
* Swagger UI options extracted
* New style options
* Use new-style options
* Reuse code
* Sort imports
* Ignore typing imports
* Warn users about parameter name change
* Add back isort check
* Fix isort check
* Example with Flask support
* Only show import error when trying to use Flask
* Re-organize imports
* Move flask_utils next to related module
* Code style
* Change back to incentivizes
* Includes Flask by default
* Project clean up
* Update Rafael Caricio's e-mail address
* Fix conflicts
removed test_decorators and test_parameter (this test is useless now);
removed the request/response containers and add new request response classes;
created a abstract api class and a api flask class;
derived classes will implements the get_response/get_request methods that will convert framework req/resp types to connexion req/resp types;
moved the jsonifier from produces to flask api;
created a abstract app class and a app flask class;
changed all validators to use the ConnexionRequest instead flask request;
changed the problem function to generate a ConnexionRequest;
created a new user variables container called context (this is a property of ConnexionRequest). this will be passed as kwargs to all operations functions;
this context is used on authentication;
fixed all tests to new API;
some changes that I did may not be documented in this commit.
