Briq
/
drf-yasg
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Improve OAuth2 behaviour and documentation (#90) 

* Set OAUTH2_REDIRECT_URL to oauth2-redirect.html by default
* Add example SWAGGER_SETTINGS for OAuth
* Add note about redirect URL
openapi3 1.6.0
Cristi Vîjdea 2018-03-24 13:05:37 +02:00 committed by GitHub
parent a9cdf6d561
commit 51ec07261d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 58 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
docs/changelog.rst
View File

@ -3,6 +3,14 @@ Changelog
######### #########
*********
**1.6.0**
*********
*Release date: Mar 24, 2018*
- **IMPROVED:** ``OAUTH2_REDIRECT_URL`` will now default to the built in ``oauth2-redirect.html`` file
********* *********
**1.5.1** **1.5.1**
********* *********

2
docs/conf.py
View File

@ -273,7 +273,7 @@ def role_github_user(name, rawtext, text, lineno, inliner, options=None, content
options = options or {} options = options or {}
content = content or [] content = content or []
if not re.match(r"^[a-z\d](?:[a-z\d]|-(?=[a-z\d])){0,38}$", text): if not re.match(r"^[a-z\d](?:[a-z\d]|-(?=[a-z\d])){0,38}$", text, re.IGNORECASE):
return sphinx_err(inliner, lineno, rawtext, '"%s" is not a valid GitHub username.' % text) return sphinx_err(inliner, lineno, rawtext, '"%s" is not a valid GitHub username.' % text)
ref = gh_user_uri.format(text) ref = gh_user_uri.format(text)

34
docs/security.rst
View File

@ -63,3 +63,37 @@ settings described below were added as a result of discussion in issue :issue:`5
The settings of interest can be found on the :ref:`settings page <oauth2-settings>`. Configuration options are similar The settings of interest can be found on the :ref:`settings page <oauth2-settings>`. Configuration options are similar
to most OAuth client setups like web or mobile applications. Reading the relevant ``swagger-ui`` docmentation linked to most OAuth client setups like web or mobile applications. Reading the relevant ``swagger-ui`` docmentation linked
will also probably help. will also probably help.
Example
^^^^^^^
A very simple working configuration was provided by :ghuser:`Vigrond`, originally at
`https://github.com/Vigrond/django_oauth2_example <https://github.com/Vigrond/django_oauth2_example>`_.
.. code-block:: python
SWAGGER_SETTINGS = {
'USE_SESSION_AUTH': False,
'SECURITY_DEFINITIONS': {
'Your App API - Swagger': {
'type': 'oauth2',
'authorizationUrl': '/yourapp/o/authorize',
'tokenUrl': '/yourapp/o/token/',
'flow": "accessCode',
'scopes': {
'read:groups': 'read groups',
}
}
},
'OAUTH2_CONFIG': {
'clientId': 'yourAppClientId',
'clientSecret': 'yourAppClientSecret',
'appName': 'your application name'
},
}
If the OAuth2 provider requires you to provide the full absolute redirect URL, the default value for most
``staticfiles`` configurations will be ``<origin>/static/drf-yasg/swagger-ui-dist/oauth2-redirect.html``. If this is
not suitable for some reason, you can override the ``OAUTH2_REDIRECT_URL`` setting as appropriate.

5
docs/settings.rst
View File

@ -259,7 +259,10 @@ Controls how many levels are expaned by default when showing nested models.
OAUTH2_REDIRECT_URL OAUTH2_REDIRECT_URL
------------------- -------------------
Used when OAuth2 authenitcation of API requests via swagger-ui is desired. Used when OAuth2 authenitcation of API requests via swagger-ui is desired. If ``None`` is passed, the
``oauth2RedirectUrl`` parameter will be set to ``{% static 'drf-yasg/swagger-ui-dist/oauth2-redirect.html' %}``. This
is the default `https://github.com/swagger-api/swagger-ui/blob/master/dist/oauth2-redirect.html <oauth2-redirect>`_
file provided by ``swagger-ui``.
**Default**: :python:`None` |br| **Default**: :python:`None` |br|
*Maps to parameter*: ``oauth2RedirectUrl`` *Maps to parameter*: ``oauth2RedirectUrl``

11
src/drf_yasg/static/drf-yasg/swagger-ui-init.js
View File

@ -38,7 +38,7 @@ function initSwaggerUi() {
], ],
layout: "StandaloneLayout", layout: "StandaloneLayout",
filter: true, filter: true,
requestInterceptor: function(request) { requestInterceptor: function (request) {
var headers = request.headers || {}; var headers = request.headers || {};
var csrftoken = document.querySelector("[name=csrfmiddlewaretoken]"); var csrftoken = document.querySelector("[name=csrfmiddlewaretoken]");
if (csrftoken) { if (csrftoken) {
@ -49,8 +49,15 @@ function initSwaggerUi() {
}; };
var swaggerSettings = JSON.parse(document.getElementById('swagger-settings').innerHTML); var swaggerSettings = JSON.parse(document.getElementById('swagger-settings').innerHTML);
console.log(swaggerSettings); if (!('oauth2RedirectUrl' in swaggerSettings)) {
var oauth2RedirectUrl = document.getElementById('oauth2-redirect-url');
if (oauth2RedirectUrl) {
swaggerSettings['oauth2RedirectUrl'] = oauth2RedirectUrl.href;
oauth2RedirectUrl.parentNode.removeChild(oauth2RedirectUrl);
}
}
console.log(swaggerSettings);
for (var p in swaggerSettings) { for (var p in swaggerSettings) {
if (swaggerSettings.hasOwnProperty(p)) { if (swaggerSettings.hasOwnProperty(p)) {
swaggerConfig[p] = swaggerSettings[p]; swaggerConfig[p] = swaggerSettings[p];

2
src/drf_yasg/templates/drf-yasg/swagger-ui.html
View File

@ -67,6 +67,8 @@
<script src="{% static 'drf-yasg/insQ.min.js' %}"></script> <script src="{% static 'drf-yasg/insQ.min.js' %}"></script>
<script src="{% static 'drf-yasg/swagger-ui-init.js' %}"></script> <script src="{% static 'drf-yasg/swagger-ui-init.js' %}"></script>
<a id="oauth2-redirect-url" href="{% static 'drf-yasg/swagger-ui-dist/oauth2-redirect.html' %}" class="hidden"></a>
<div id="django-session-auth" class="hidden"> <div id="django-session-auth" class="hidden">
{% if USE_SESSION_AUTH %} {% if USE_SESSION_AUTH %}
{% csrf_token %} {% csrf_token %}