Fixes#1881Fixes#1880Fixes#1876
Alternative to #1750
This PR makes the current request available to the security handlers by
injecting it as a keyword. I think this is a proper alternative to
#1750, since this is the only place in the default middleware stack
where I expect this to be needed.
Contributes to #1531
The links in security doc were pointing at an old repo and folders.
These links could be changed down the road to use relative paths since
they point to the repo internally.
* WIP: rework required_scopes checking
* Update tests for security scopes
* Add test for oauth security scheme with multiple possible scopes
* Update security tests
* Change optional auth test to correct behaviour
* Update security documentation
* Remove TODOs
* Catch possible exceptions from failed checks in async security factory
* Add .venv/ to gitignore
* Try to raise most specific exception
* Add test for raising most specific error
* Update async security handler factory
* Fix security handler error catching
* Fix imports order
* Add support for multiple security schemes in AND fashion
* Add test for operation with multiple security schemes combined using logical AND
* Add test for multiple oauth combined using logical AND
* Fix typo in security.rst from of to an or
Changed `of` to an `or`, I guessed a Dutch person wrote this and noticed it's one of the biggest gotchas to see if a Dutchie is the author.
* Changed 'of' to 'with a value of'
- App and Api options must be provided through the "options" argument (``old_style_options`` have been removed).
- You must specify a form content-type in 'consumes' in order to consume form data.
- The `Operation` interface has been formalized in the `AbstractOperation` class.
- The `Operation` class has been renamed to `Swagger2Operation`.
- Array parameter deserialization now follows the Swagger 2.0 spec more closely.
In situations when a query parameter is passed multiple times, and the collectionFormat is either csv or pipes, the right-most value will be used.
For example, `?q=1,2,3&q=4,5,6` will result in `q = [4, 5, 6]`.
The old behavior is available by setting the collectionFormat to `multi`, or by importing `decorators.uri_parsing.AlwaysMultiURIParser` and passing `parser_class=AlwaysMultiURIParser` to your Api.
- The spec validator library has changed from `swagger-spec-validator` to `openapi-spec-validator`.
- Errors that previously raised `SwaggerValidationError` now raise the `InvalidSpecification` exception.
All spec validation errors should be wrapped with `InvalidSpecification`.
- Support for nullable/x-nullable, readOnly and writeOnly/x-writeOnly has been added to the standard json schema validator.
- Custom validators can now be specified on api level (instead of app level).
- Added support for basic authentication and apikey authentication
- If unsupported security requirements are defined or ``x-tokenInfoFunc``/``x-tokenInfoUrl`` is missing, connexion now denies requests instead of allowing access without security-check.
- Accessing ``connexion.request.user`` / ``flask.request.user`` is no longer supported, use ``connexion.context['user']`` instead
