* Fix uri parsing for query parameter with empty brackets (#1501)
* Update tests for changed werkzeug behavior in 2.1 (#1506)
https://github.com/pallets/werkzeug/issues/2352
* Bugfix/async security check (#1512)
* Add failing tests
* Use for else construct
* openapi: remove JSON body second validation and type casting (#1170)
* openapi: remove body preprocessing
Body is already validated using jsonschema. There was also some type
casting but it was wrong: e.g. not recurring deeply into dicts and lists,
relying on existence of "type" in schema (which is not there e.g. if
oneOf is used). Anyway, the only reason why types should be casted is
converting integer values to float if the type is number. But this is in
most cases irrelevant.
Added an example, which did not work before this commit (echoed `{}`)
e.g. for
```
curl localhost:8080/api/foo -H 'content-type: application/json' -d
'{"foo": 1}'
```
but now the example works (echoes `{"foo": 1}`).
* test with oneOf in the requestBody
* remove oneof examples: superseded by tests
Co-authored-by: Pavol Vargovcik <pavol.vargovcik@kiwi.com>
Co-authored-by: Ruwann <ruwanlambrichts@gmail.com>
Co-authored-by: Pavol Vargovčík <pavol.vargovcik@gmail.com>
Co-authored-by: Pavol Vargovcik <pavol.vargovcik@kiwi.com>
* WIP: rework required_scopes checking
* Update tests for security scopes
* Add test for oauth security scheme with multiple possible scopes
* Update security tests
* Change optional auth test to correct behaviour
* Update security documentation
* Remove TODOs
* Catch possible exceptions from failed checks in async security factory
* Add .venv/ to gitignore
* Try to raise most specific exception
* Add test for raising most specific error
* Update async security handler factory
* Fix security handler error catching
* Fix imports order
Co-authored-by: Jacob Floyd <cognifloyd@gmail.com>
Fixes#868
Allow to use coroutines with Aiohttp in security handlers.
- Move all function from connexion.operations.security to a class in connexion.security.SecurityHandlerFactory
- Specialize this class for AioHttp and Flask, and instantiate them in dedicated APIs
- AioHttp specialization now support coroutines
- pass_context_arg_name option is supported for security handlers
This allows to use optional authentication and provide different
responses to authenticated users via the same API-Endpoint.
Co-Authored-By: Jacob Floyd <cognifloyd@gmail.com>
- App and Api options must be provided through the "options" argument (``old_style_options`` have been removed).
- You must specify a form content-type in 'consumes' in order to consume form data.
- The `Operation` interface has been formalized in the `AbstractOperation` class.
- The `Operation` class has been renamed to `Swagger2Operation`.
- Array parameter deserialization now follows the Swagger 2.0 spec more closely.
In situations when a query parameter is passed multiple times, and the collectionFormat is either csv or pipes, the right-most value will be used.
For example, `?q=1,2,3&q=4,5,6` will result in `q = [4, 5, 6]`.
The old behavior is available by setting the collectionFormat to `multi`, or by importing `decorators.uri_parsing.AlwaysMultiURIParser` and passing `parser_class=AlwaysMultiURIParser` to your Api.
- The spec validator library has changed from `swagger-spec-validator` to `openapi-spec-validator`.
- Errors that previously raised `SwaggerValidationError` now raise the `InvalidSpecification` exception.
All spec validation errors should be wrapped with `InvalidSpecification`.
- Support for nullable/x-nullable, readOnly and writeOnly/x-writeOnly has been added to the standard json schema validator.
- Custom validators can now be specified on api level (instead of app level).
- Added support for basic authentication and apikey authentication
- If unsupported security requirements are defined or ``x-tokenInfoFunc``/``x-tokenInfoUrl`` is missing, connexion now denies requests instead of allowing access without security-check.
- Accessing ``connexion.request.user`` / ``flask.request.user`` is no longer supported, use ``connexion.context['user']`` instead
* Order classes by relevance in module
* Order definitions by relevance within module
* Swagger UI options extracted
* New style options
* Use new-style options
* Reuse code
* Sort imports
* Ignore typing imports
* Warn users about parameter name change
* Add back isort check
* Fix isort check
* Example with Flask support
* Only show import error when trying to use Flask
* Re-organize imports
* Move flask_utils next to related module
* Code style
* Change back to incentivizes
* Includes Flask by default
* Project clean up
* Update Rafael Caricio's e-mail address
* Fix conflicts
removed test_decorators and test_parameter (this test is useless now);
removed the request/response containers and add new request response classes;
created a abstract api class and a api flask class;
derived classes will implements the get_response/get_request methods that will convert framework req/resp types to connexion req/resp types;
moved the jsonifier from produces to flask api;
created a abstract app class and a app flask class;
changed all validators to use the ConnexionRequest instead flask request;
changed the problem function to generate a ConnexionRequest;
created a new user variables container called context (this is a property of ConnexionRequest). this will be passed as kwargs to all operations functions;
this context is used on authentication;
fixed all tests to new API;
some changes that I did may not be documented in this commit.
