Fixes#942
No longer return 400 if a read-only property is provided, as discussed
in the issue. We still raise an error if write-only properties are
included in the response and response validation is enabled.
I also changed how read-/write-only works in combination with
`required`. Previously, `required` would not be overwritten by
read-/write-only. Now we just follow the spec to the letter:
- required and read-only: must be included but must be ignored by the
server
- required and write-only: impossible to achieve, but I also don't see
how this combination could make sense
- read-only: may be included but must be ignored by server
- write-only: must not be included by server
This PR refactors our tests to prepare the activation of our tests for
our AsyncApp.
The separate commits are atomic, which can be useful for reviewing.
---------
Co-authored-by: Ruwann <ruwanlambrichts@gmail.com>
This PR adds an interface for the ConnexionMiddleware, similar to the
interface of the Connexion Apps.
The Connexion Apps are now a simple wrapper around the
ConnexionMiddleware and framework app, delegating the work to the
middleware. This enables a similar interface and behavior for users when
using either the middleware or apps.
The arguments are repeated everywhere there is a user interface, but are
parsed in a central place. Repeating the arguments is not DRY, but
needed to provide users with IDE autocomplete, typing, etc. They are
parsed in a single `_Options` class, which also provides a mechanism to
set default options on an App level, and override them on the more
granular API level.
This makes the long list of provided parameters a lot more manageable,
so I would like to use it for the `Jsonifier` as well, and re-add the
`debug` and `extra_files` arguments which I have dropped in previous
PRs. I'll submit a separate PR for this.
I renamed the `options` parameter to `swagger_ui_options` since it only
contains swagger UI options. This is a breaking change though, and we'll
need to highlight this upon release.
We still have quite a lot of `App`, `MiddlewareApp`, and abstract
classes. It would be great if we could find a way to reduce those
further, or at least find better naming to make it more clear what each
one does 🙂 .
Finally, I added examples on how the middleware can be used with third
party frameworks under `examples/frameworks`. Currently there's an
example for Starlette and Quart, but this should be easy to extend. They
also show how the `ASGIDecorator` and `StarletteDecorator` from my
previous PR can be used.
* Extract boilerplate code into Routed base classes
* Use typing_extensions for Python 3.7 Protocol support
* Use Mock instead of AsyncMock
* Extract response validation to middleware
* Refactor Request validation to match Response validation
* Factor out shared functionality
* Fix typo in TextResponseBodyValidator class name
* Fix string formatting
* Use correct schema to check nullability in response validation
* Set up code skeleton for validation middleware
* Add more boilerplate code
* WIP
* Add ASGI JSONBodyValidator
* Revert example changes
* Remove incorrect content type test
Co-authored-by: Ruwan <ruwanlambrichts@gmail.com>
* [#935] adding support to automatically decode json when a multipart/form-data contains a field with an application/json content-type
* Update connexion/decorators/uri_parsing.py
Co-Authored-By: Tomasz Trębski <kornicameister@gmail.com>
* Update connexion/decorators/uri_parsing.py
accepting other non-standard json content types too
Co-Authored-By: Tomasz Trębski <kornicameister@gmail.com>
* Update uri_parsing.py
syntax fix
* syntax fix
* fixes
* Adding unit test to verify that multipart/form-data values which are json objects are decoded and validated as such
Fixes the build.
Changes proposed in this pull request:
- apply all of the isort changes that resulted from the latest version
- pin to the latest version (4.3.15) so this doesn't happen again, unless we bump the version on purpose
- App and Api options must be provided through the "options" argument (``old_style_options`` have been removed).
- You must specify a form content-type in 'consumes' in order to consume form data.
- The `Operation` interface has been formalized in the `AbstractOperation` class.
- The `Operation` class has been renamed to `Swagger2Operation`.
- Array parameter deserialization now follows the Swagger 2.0 spec more closely.
In situations when a query parameter is passed multiple times, and the collectionFormat is either csv or pipes, the right-most value will be used.
For example, `?q=1,2,3&q=4,5,6` will result in `q = [4, 5, 6]`.
The old behavior is available by setting the collectionFormat to `multi`, or by importing `decorators.uri_parsing.AlwaysMultiURIParser` and passing `parser_class=AlwaysMultiURIParser` to your Api.
- The spec validator library has changed from `swagger-spec-validator` to `openapi-spec-validator`.
- Errors that previously raised `SwaggerValidationError` now raise the `InvalidSpecification` exception.
All spec validation errors should be wrapped with `InvalidSpecification`.
- Support for nullable/x-nullable, readOnly and writeOnly/x-writeOnly has been added to the standard json schema validator.
- Custom validators can now be specified on api level (instead of app level).
- Added support for basic authentication and apikey authentication
- If unsupported security requirements are defined or ``x-tokenInfoFunc``/``x-tokenInfoUrl`` is missing, connexion now denies requests instead of allowing access without security-check.
- Accessing ``connexion.request.user`` / ``flask.request.user`` is no longer supported, use ``connexion.context['user']`` instead
