Briq
/
drf-yasg
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix default security requirements

openapi3
Cristi Vîjdea 2018-05-12 13:31:06 +03:00
parent bfd88cbdb4
commit a993cba7aa
5 changed files with 30 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
docs/changelog.rst
View File

@ -3,6 +3,15 @@ Changelog
######### #########
*********
**1.7.2**
*********
*Release date: May 12, 2018*
- **FIXED:** fixed generation of default ``SECURITY_REQUIREMENTS`` to match documented behaviour
********* *********
**1.7.1** **1.7.1**
********* *********

2
docs/security.rst
View File

@ -39,7 +39,7 @@ Security requirements
The second step is specifying, for each endpoint, which authentication mechanism can be used for interacting with it. The second step is specifying, for each endpoint, which authentication mechanism can be used for interacting with it.
See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object for details. See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object for details.
By default, a top-level `security` that accepts all the declared security definitions is generated. By default, a top-level `security` that accepts any one of the declared security definitions is generated.
For the example above, that would be :code:`[{'Basic': []}, {'Bearer': []}]`. This can be overriden using the For the example above, that would be :code:`[{'Basic': []}, {'Bearer': []}]`. This can be overriden using the
:ref:`SECURITY_REQUIREMENTS <security-definitions-settings>` setting. :ref:`SECURITY_REQUIREMENTS <security-definitions-settings>` setting.

2
src/drf_yasg/generators.py
View File

@ -206,7 +206,7 @@ class OpenAPISchemaGenerator(object):
security_definitions = swagger_settings.SECURITY_DEFINITIONS security_definitions = swagger_settings.SECURITY_DEFINITIONS
security_requirements = swagger_settings.SECURITY_REQUIREMENTS security_requirements = swagger_settings.SECURITY_REQUIREMENTS
if security_requirements is None: if security_requirements is None:
security_requirements = [{security_scheme: [] for security_scheme in swagger_settings.SECURITY_DEFINITIONS}] security_requirements = [{security_scheme: []} for security_scheme in swagger_settings.SECURITY_DEFINITIONS]
url = self.url url = self.url
if url is None and request is not None: if url is None and request is not None:

13
testproj/testproj/settings/base.py
View File

@ -94,7 +94,18 @@ SWAGGER_SETTINGS = {
'LOGIN_URL': '/admin/login', 'LOGIN_URL': '/admin/login',
'LOGOUT_URL': '/admin/logout', 'LOGOUT_URL': '/admin/logout',
'DEFAULT_INFO': 'testproj.urls.swagger_info' 'DEFAULT_INFO': 'testproj.urls.swagger_info',
'SECURITY_DEFINITIONS': {
'Basic': {
'type': 'basic'
},
'Bearer': {
'type': 'apiKey',
'name': 'Authorization',
'in': 'header'
}
}
} }
# Internationalization # Internationalization

9
tests/reference.yaml
View File

@ -21,10 +21,15 @@ consumes:
produces: produces:
- application/json - application/json
securityDefinitions: securityDefinitions:
basic: Basic:
type: basic type: basic
Bearer:
type: apiKey
name: Authorization
in: header
security: security:
- basic: [] - Basic: []
- Bearer: []
paths: paths:
/articles/: /articles/:
get: get: