New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Suggestion for a REST Debug mode? (integration with flask-restplus) #142
Comments
Right now I don't think there is an easy way to do this, it would probably involve monkey patching part of the library or importing a mocked version of This suggestion seems reasonable to me. I don't have much time to work on implementing that right now though. Would you be interested in putting together a pull request with that functionality? I could help point you in the right direction and what not. Cheers 👍 |
Hi and thanks for your reply… But I can probably take a stab at a PR nonetheless… From what I can see, adding a check for an env variable in |
I would make it a flask_jwt_extended option instead so that it is easier to test and more consistent with the rest of the extension. We could provide an example in the docs about how you could check for an env variable at the The biggest thing that users would have to keep in mind here is that they probably couldn’t use most of their endpoints by default. Anything that relies on a logged in user (looking current user info from a db for example) would fail hard because there was no current user present. Maybe we could provide a way for them to mock the current user instead? A callback function that allows them to say what data the dummy user should have (so that can make sure that their custom claims are available to them in debug mode). Doesn’t do anything for mocking their underlying data store, but that fallls outside of the scope of this extension. Cheers. |
Indeed, it would be much more useful to have a callback that sends back a fake identifier (I wouldn't load the user itself, as it would make more sense to go through the existing callback for that, no?). In that case, how about adding a check in |
Seems totally reasonable to me 👍 |
For a bit of extra protection from shooting ones self in the foot, maybe there should also be an extra protection where it needs a fake token callback defined and the app needs to be running in debug mode for this to work. |
Probably a good idea. Should we just ignore the callback if |
Ignore or issue a |
OK. Let's go with ignoring with a warning… 😁 I'll try and put together a PR later today. |
@vimalloc OK, I finished an update that seems to work as expected. You can check the code first for comments and let me know if you want a PR: https://github.com/zedrdave/flask-jwt-extended
|
|
Another option is available for this issue with the new 3.9.1 release. You could build your own decorator instead of using the built in jwt_required decorator which checks if an environmental variable (or setting or whatever) is set, and if so don't do any token verification and store some dummy data in the context stack (ex: Messing with the context stack internals obviously isn't the most ideal solution, as if there are ever any changes to this library there is no guarantee that those will still work as expected. But this does provide a way to start using this functionality right now. Maybe I could expose a Some docs on getting started with building your own decorators can been seen here: http://flask-jwt-extended.readthedocs.io/en/latest/custom_decorators.html |
Or heck, perhaps even simpler would be to not use a custom decorator, but add a flask before_request to inject a jwt into the headers of each request. |
Apologies if this is only tangentially a jwt issue:
I am trying to figure out a simple way to enable a "debug mode" (conditional to FLASK_DEBUG) where
@jwt_required
requests succeed, regardless of the presence of an authorization header. That would be especially useful to be able to test using flask-restplus' automatically generated API docs and request forms.Ideally, I would simply add a custom
jwt.claims_verification_loader
when in debug mode, but that callback does not seem to be called at all, if the header is not set altogether.Is there a (clean) way to intercept the verification process higher up? Any other suggestions on the best way to implement a debug mode that will play nice with flask-restplus?
The text was updated successfully, but these errors were encountered: