Bugfix/missing infofuncs (#1375)

* Add test for verify_security with missing auth funcs

This situation occurs when a x-infoFunc is missing in the openapi
document. Then this security scheme is skipped and the auth_funcs
is an empty list if there are no other security schemes.

* Fix verify_security bug for empty list of auth_funcs

When the auth_funcs argument is the empty list, an AttributeError
is raised because the token_info is None and does not have a
'get' attribute. This leads to a 500 error.

connexion/security/async_security_handler_factory.py

@@ -60,7 +60,7 @@ async def wrapper(request, token, required_scopes):
     def verify_security(cls, auth_funcs, required_scopes, function):
         @functools.wraps(function)
         async def wrapper(request):
-            token_info = None
+            token_info = cls.no_value
             for func in auth_funcs:
                 token_info = func(request, required_scopes)
                 while asyncio.iscoroutine(token_info):

connexion/security/security_handler_factory.py

@@ -338,7 +338,7 @@ def wrapper(request, token, required_scopes):
     def verify_security(cls, auth_funcs, required_scopes, function):
         @functools.wraps(function)
         def wrapper(request):
-            token_info = None
+            token_info = cls.no_value
             for func in auth_funcs:
                 token_info = func(request, required_scopes)
                 if token_info is not cls.no_value:

tests/decorators/test_security.py

@@ -3,7 +3,7 @@
 import json
 import pytest
 import requests
-from connexion.exceptions import OAuthResponseProblem, OAuthScopeProblem
+from connexion.exceptions import OAuthProblem, OAuthResponseProblem, OAuthScopeProblem
 
 
 def test_get_tokeninfo_url(monkeypatch, security_handler_factory):
@@ -164,3 +164,15 @@ def apikey_info(apikey, required_scopes=None):
     request.headers = {"X-Auth": 'foobar'}
 
     assert wrapped_func(request, ['admin']) is not None
+
+
+def test_verify_security_oauthproblem(security_handler_factory):
+    """Tests whether verify_security raises an OAuthProblem if there are no auth_funcs."""
+    func_to_secure = MagicMock(return_value='func')
+    secured_func = security_handler_factory.verify_security([], [], func_to_secure)
+
+    request = MagicMock()
+    with pytest.raises(OAuthProblem) as exc_info:
+        secured_func(request)
+
+    assert str(exc_info.value) == '401 Unauthorized: No authorization token provided'