Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Authentication and Authorization logic. #127

Merged
merged 19 commits into from
May 27, 2021
Merged

Add Authentication and Authorization logic. #127

merged 19 commits into from
May 27, 2021

Conversation

AndreiDrang
Copy link
Contributor

No description provided.

@AndreiDrang AndreiDrang mentioned this pull request May 4, 2021
Closed
kemingy
kemingy reviewed May 4, 2021
View reviewed changes
Copy link
Member

@kemingy kemingy left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome! Really appreciate your contribution.

Another thing I want to talk about is, for Authentication Error, should we return ValidationError(422) or AuthenticationError(401 or 403)?

spectree/spec.py Outdated Show resolved Hide resolved
spectree/models.py Outdated Show resolved Hide resolved
spectree/config.py Outdated Show resolved Hide resolved
This was linked to issues May 4, 2021
How to deal with authentication #118
Closed
[BUG] Authorization header not usable in Swagger UI #56
Closed
[New Feature] Support securitySchemes #121
Closed
@AndreiDrang
Copy link
Contributor Author

Another thing I want to talk about is, for Authentication Error, should we return ValidationError(422) or AuthenticationError(401 or 403)?

I'm not sure that hardcoded Errors are good, maybe some flexibility is better.

Cause, for example in my case I not use 422 error from swagger config, I always return 200 code and put error info in payload under specific key, and frontend developers ask me questions about "422 error from swagger" and when it rises 😃

But I think, that 401 error will be better. Or we can just print some WARNING message(like SQLAlchemy) if user sets security key for route, but not set 401 or 403 error in resp.
image

kemingy
kemingy reviewed May 5, 2021
View reviewed changes
spectree/models.py Outdated Show resolved Hide resolved
spectree/models.py Show resolved Hide resolved
spectree/models.py Outdated Show resolved Hide resolved
@kemingy
Copy link
Member

kemingy commented May 5, 2021

I'm not sure that hardcoded Errors are good, maybe some flexibility is better.

Cause, for example in my case I not use 422 error from swagger config, I always return 200 code and put error info in payload under specific key, and frontend developers ask me questions about "422 error from swagger" and when it rises 😃

But I think, that 401 error will be better. Or we can just print some WARNING message(like SQLAlchemy) if user sets security key for route, but not set 401 or 403 error in resp.

We can use 401 as the default one. I also provide before_hook for the user to change the request validation error response body.

@kemingy
Copy link
Member

kemingy commented May 6, 2021

Please run make lint and make test before the push.

@kemingy kemingy changed the base branch from master to dev May 27, 2021 13:05
@kemingy kemingy merged commit 5950b43 into 0b01001001:dev May 27, 2021
@Qparrot
Copy link

Qparrot commented Jun 4, 2021

Hello,
Do you know if it is now possible to add Authorization logic ?
When I search for "security_scheme", "authorization" I found no related page on the SpecTree documentation.

thank you for all the work :), Spectree is great!

@kemingy
Copy link
Member

kemingy commented Jun 4, 2021

Do you know if it is now possible to add Authorization logic ?

@Qparrot I haven't added docs for this part. But you can refer to the test file

spectree/tests/test_plugin_flask.py

Line 38 in f5e56e5

api_secure = SpecTree("flask", security_schemes=SECURITY_SCHEMAS)
and the examples on the bottom of that file.

@kemingy
Copy link
Member

kemingy commented Jun 16, 2021

Hello,
Do you know if it is now possible to add Authorization logic ?
When I search for "security_scheme", "authorization" I found no related page on the SpecTree documentation.

The new PR #151 added the related document in the README. @Qparrot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kemingy kemingy kemingy left review comments

@kurkl kurkl kurkl approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
4 participants
@AndreiDrang @kemingy @Qparrot @kurkl