Improve OAuth2 behaviour and documentation (#90)

* Set OAUTH2_REDIRECT_URL to oauth2-redirect.html by default * Add example SWAGGER_SETTINGS for OAuth * Add note about redirect URL
2018-03-24 13:05:37 +02:00 · 2018-03-24 13:05:37 +02:00 · 51ec07261d
parent a9cdf6d561
commit 51ec07261d
6 changed files with 58 additions and 4 deletions
--- a/docs/changelog.rst
+++ b/docs/changelog.rst
@ -3,6 +3,14 @@ Changelog
 #########


+*********
+**1.6.0**
+*********
+
+*Release date: Mar 24, 2018*
+
+- **IMPROVED:** ``OAUTH2_REDIRECT_URL`` will now default to the built in ``oauth2-redirect.html`` file
+
 *********
 **1.5.1**
 *********
--- a/docs/conf.py
+++ b/docs/conf.py
@ -273,7 +273,7 @@ def role_github_user(name, rawtext, text, lineno, inliner, options=None, content
    options = options or {}
    content = content or []

-    if not re.match(r"^[a-z\d](?:[a-z\d]|-(?=[a-z\d])){0,38}$", text):
+    if not re.match(r"^[a-z\d](?:[a-z\d]|-(?=[a-z\d])){0,38}$", text, re.IGNORECASE):
        return sphinx_err(inliner, lineno, rawtext, '"%s" is not a valid GitHub username.' % text)

    ref = gh_user_uri.format(text)
--- a/docs/security.rst
+++ b/docs/security.rst
@ -63,3 +63,37 @@ settings described below were added as a result of discussion in issue :issue:`5
 The settings of interest can be found on the :ref:`settings page <oauth2-settings>`. Configuration options are similar
 to most OAuth client setups like web or mobile applications. Reading the relevant ``swagger-ui`` docmentation linked
 will also probably help.
+
+
+Example
+^^^^^^^
+
+A very simple working configuration was provided by :ghuser:`Vigrond`, originally at
+`https://github.com/Vigrond/django_oauth2_example <https://github.com/Vigrond/django_oauth2_example>`_.
+
+
+.. code-block:: python
+
+   SWAGGER_SETTINGS = {
+      'USE_SESSION_AUTH': False,
+      'SECURITY_DEFINITIONS': {
+         'Your App API - Swagger': {
+            'type': 'oauth2',
+            'authorizationUrl': '/yourapp/o/authorize',
+            'tokenUrl': '/yourapp/o/token/',
+            'flow": "accessCode',
+            'scopes': {
+             'read:groups': 'read groups',
+            }
+         }
+      },
+      'OAUTH2_CONFIG': {
+         'clientId': 'yourAppClientId',
+         'clientSecret': 'yourAppClientSecret',
+         'appName': 'your application name'
+      },
+   }
+
+If the OAuth2 provider requires you to provide the full absolute redirect URL, the default value for most
+``staticfiles`` configurations will be ``<origin>/static/drf-yasg/swagger-ui-dist/oauth2-redirect.html``. If this is
+not suitable for some reason, you can override the ``OAUTH2_REDIRECT_URL`` setting as appropriate.
--- a/docs/settings.rst
+++ b/docs/settings.rst
@ -259,7 +259,10 @@ Controls how many levels are expaned by default when showing nested models.
 OAUTH2_REDIRECT_URL
 -------------------

-Used when OAuth2 authenitcation of API requests via swagger-ui is desired.
+Used when OAuth2 authenitcation of API requests via swagger-ui is desired. If ``None`` is passed, the
+``oauth2RedirectUrl`` parameter will be set to ``{% static 'drf-yasg/swagger-ui-dist/oauth2-redirect.html' %}``. This
+is the default `https://github.com/swagger-api/swagger-ui/blob/master/dist/oauth2-redirect.html <oauth2-redirect>`_
+file provided by ``swagger-ui``.

 **Default**: :python:`None` |br|
 *Maps to parameter*: ``oauth2RedirectUrl``
--- a/src/drf_yasg/static/drf-yasg/swagger-ui-init.js
+++ b/src/drf_yasg/static/drf-yasg/swagger-ui-init.js
@ -38,7 +38,7 @@ function initSwaggerUi() {
        ],
        layout: "StandaloneLayout",
        filter: true,
-        requestInterceptor: function(request) {
+        requestInterceptor: function (request) {
            var headers = request.headers || {};
            var csrftoken = document.querySelector("[name=csrfmiddlewaretoken]");
            if (csrftoken) {
@ -49,8 +49,15 @@ function initSwaggerUi() {
    };

    var swaggerSettings = JSON.parse(document.getElementById('swagger-settings').innerHTML);
-    console.log(swaggerSettings);
+    if (!('oauth2RedirectUrl' in swaggerSettings)) {
+        var oauth2RedirectUrl = document.getElementById('oauth2-redirect-url');
+        if (oauth2RedirectUrl) {
+            swaggerSettings['oauth2RedirectUrl'] = oauth2RedirectUrl.href;
+            oauth2RedirectUrl.parentNode.removeChild(oauth2RedirectUrl);
+        }
+    }

+    console.log(swaggerSettings);
    for (var p in swaggerSettings) {
        if (swaggerSettings.hasOwnProperty(p)) {
            swaggerConfig[p] = swaggerSettings[p];
--- a/src/drf_yasg/templates/drf-yasg/swagger-ui.html
+++ b/src/drf_yasg/templates/drf-yasg/swagger-ui.html
@ -67,6 +67,8 @@
 <script src="{% static 'drf-yasg/insQ.min.js' %}"></script>
 <script src="{% static 'drf-yasg/swagger-ui-init.js' %}"></script>

+<a id="oauth2-redirect-url" href="{% static 'drf-yasg/swagger-ui-dist/oauth2-redirect.html' %}" class="hidden"></a>
+
 <div id="django-session-auth" class="hidden">
    {% if USE_SESSION_AUTH %}
        {% csrf_token %}