This allows to use optional authentication and provide different
responses to authenticated users via the same API-Endpoint.
Co-Authored-By: Jacob Floyd <cognifloyd@gmail.com>
* [#935] adding support to automatically decode json when a multipart/form-data contains a field with an application/json content-type
* Update connexion/decorators/uri_parsing.py
Co-Authored-By: Tomasz Trębski <kornicameister@gmail.com>
* Update connexion/decorators/uri_parsing.py
accepting other non-standard json content types too
Co-Authored-By: Tomasz Trębski <kornicameister@gmail.com>
* Update uri_parsing.py
syntax fix
* syntax fix
* fixes
* Adding unit test to verify that multipart/form-data values which are json objects are decoded and validated as such
* Remove the unused "query_sanitazion" fixture
* Test whether no sanitization is performed in the request body
* Do not perform sanitization on request body keys in OpenAPI v3
The deserialized JSON form of the request body
needs to be passed to the client applications
* without further modification *
so that they can work directly with objects
that have been received over the network.
The only names for which sanitization makes sense
are the ones which are used as Python identifiers.
Keys of the top-level JSON object within the request payload
are never used by Connexion as Python identifiers.
Also, no such sanitization of keys within request body
is performed in OpenAPI v2.
Closes issue #835.
* Converting response to raise a ProblemException
* Centralizing around ProblemException for errors in the app.
* Adding the ability to skip error handlers, allow for defining exception payload.
* Fixing flake8
* Fixed some bugs found through unit testing.
* Unit tests are now passing.
* Added problem back to __init__
* Updating based on the feedback from the PR.
* first implementation draft
* gitignore virtualenv
* use isinstance instead of type function
* fix tests
* remove unused function
* move object parsing to uri_parsing.py
* remove not needed import
* only test for OpenAPI
* remove not needed import
* make it work for other cases again
* flake8 fixes
* python2.7 fixes
* isort fix
* address code review comments
* remove for loop and address other comments
* remove not needed abstract function
* move array unnesting into uri_parsing
* make nested arrays possible
* style fixes
* style fixes
* test other data types
* comment and simplify function
* WIP: start additionalProperties test
* test additionalProperties
* remove uneccessary exception
* set default values
* set default values also in response
* flake8 fixes
* fix test
* use suggestions from dtkav's branch
* fix tests partially
* fix tests partially
* fix tests
* fix tests
* add comments for clarity
- App and Api options must be provided through the "options" argument (``old_style_options`` have been removed).
- You must specify a form content-type in 'consumes' in order to consume form data.
- The `Operation` interface has been formalized in the `AbstractOperation` class.
- The `Operation` class has been renamed to `Swagger2Operation`.
- Array parameter deserialization now follows the Swagger 2.0 spec more closely.
In situations when a query parameter is passed multiple times, and the collectionFormat is either csv or pipes, the right-most value will be used.
For example, `?q=1,2,3&q=4,5,6` will result in `q = [4, 5, 6]`.
The old behavior is available by setting the collectionFormat to `multi`, or by importing `decorators.uri_parsing.AlwaysMultiURIParser` and passing `parser_class=AlwaysMultiURIParser` to your Api.
- The spec validator library has changed from `swagger-spec-validator` to `openapi-spec-validator`.
- Errors that previously raised `SwaggerValidationError` now raise the `InvalidSpecification` exception.
All spec validation errors should be wrapped with `InvalidSpecification`.
- Support for nullable/x-nullable, readOnly and writeOnly/x-writeOnly has been added to the standard json schema validator.
- Custom validators can now be specified on api level (instead of app level).
- Added support for basic authentication and apikey authentication
- If unsupported security requirements are defined or ``x-tokenInfoFunc``/``x-tokenInfoUrl`` is missing, connexion now denies requests instead of allowing access without security-check.
- Accessing ``connexion.request.user`` / ``flask.request.user`` is no longer supported, use ``connexion.context['user']`` instead
* Allow http.HTTPStatus enums as response status codes.
Python 3.5 introduced a new enumeration "http.HTTPStatus" for
representing HTTP response status codes. The default response validation
introduced in connexion 1.1.12 highlighted the fact that connexion does
not natively support this type and was previously silently ignoring
non-integer status code representations.
This modifies the response validation code to extract the value when
given an enum instead of an int. Somewhat hacky test code is added to
check for enum support on python versions that include
"http.HTTPStatus".
* [master]: Restructure tests from PR comments.
* [master]: Revert to exception based version checking.
This reverts to exception based python version checking for both tests,
due to the suggested unittest skipping alternative not being supported
in all python versions.
"unittest.case.SkipTest: Not supported in this version" is the error
reported.
* [master]: Move enum handling deeper into the stack.
* [master]: Respond to yet more PR comments.
* Example with Flask support
* Only show import error when trying to use Flask
* Re-organize imports
* Move flask_utils next to related module
* Code style
* Change back to incentivizes
* Includes Flask by default
* Project clean up
* Update Rafael Caricio's e-mail address
* Fix conflicts
* Fix returning Response objects in tuple with status code and/or headers
* Use flasks code for dealing with tuples instead of my own
* Unit tests for returning flask reponse in tuple
* fix test, should be a dict, not a set
* Properly sort imports
removed test_decorators and test_parameter (this test is useless now);
removed the request/response containers and add new request response classes;
created a abstract api class and a api flask class;
derived classes will implements the get_response/get_request methods that will convert framework req/resp types to connexion req/resp types;
moved the jsonifier from produces to flask api;
created a abstract app class and a app flask class;
changed all validators to use the ConnexionRequest instead flask request;
changed the problem function to generate a ConnexionRequest;
created a new user variables container called context (this is a property of ConnexionRequest). this will be passed as kwargs to all operations functions;
this context is used on authentication;
fixed all tests to new API;
some changes that I did may not be documented in this commit.
Without sanitization e.g. OData query parameters, such as $skip, $top,
$filter cannot be passed to the controller (except by use of **kwargs).
Fixes: zalando/connexion#334
