Skip to content

Commit

Permalink
Remove obsolete code from basicauth example (#1486)
Browse files Browse the repository at this point in the history
* Remove obsolete code

* Remove scopes completely

* Add hinting

* Remove outdated function from docs/security

* Revert "Add hinting"

This reverts commit faeea24.

* Change README for examples and other review fixes
  • Loading branch information
a-a-abramov authored Mar 16, 2022
1 parent 3703a46 commit 87a0fed
Show file tree
Hide file tree
Showing 5 changed files with 21 additions and 42 deletions.
4 changes: 2 additions & 2 deletions docs/security.rst
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,8 @@ field that is either a space-separated list or an array of scopes belonging to
the supplied token. This list of scopes will be validated against the scopes
required by the API security definition to determine if the user is authorized.
You can supply a custom scope validation func with ``x-scopeValidateFunc``
or set ``SCOPEVALIDATE_FUNC`` env var, otherwise
``connexion.decorators.security.validate_scope`` will be used as default.
or set ``SCOPEVALIDATE_FUNC`` env var, otherwise default scope validation function
``connexion.security.security_handler_factory.validate_scope`` will be used automatically.


The recommended approach is to return a dict which complies with
Expand Down
8 changes: 1 addition & 7 deletions examples/openapi3/basicauth/README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,4 @@ Running:
Now open your browser and go to http://localhost:8080/ui/ to see the Swagger UI.

The hardcoded credentials are ``admin`` and ``secret``. For an example with
correct authentication but missing access rights, use ``foo`` and ``bar``.

For a more simple example which doesn't use oauth scope for authorization see
the `Swagger2 Basic Auth example`_.

.. _Swagger2 Basic Auth example: https://github.com/zalando/connexion/tree/master/examples/swagger2/basicauth
The hardcoded credentials are ``admin:secret`` and ``foo:bar``.
30 changes: 9 additions & 21 deletions examples/openapi3/basicauth/app.py
Original file line number Diff line number Diff line change
Expand Up @@ -4,29 +4,17 @@
'''

import connexion
from connexion.decorators.security import validate_scope
from connexion.exceptions import OAuthScopeProblem

PASSWD = {
'admin': 'secret',
'foo': 'bar'
}

def basic_auth(username, password, required_scopes=None):
if username == 'admin' and password == 'secret':
info = {'sub': 'admin', 'scope': 'secret'}
elif username == 'foo' and password == 'bar':
info = {'sub': 'user1', 'scope': ''}
else:
# optional: raise exception for custom error response
return None

# optional
if required_scopes is not None and not validate_scope(required_scopes, info['scope']):
raise OAuthScopeProblem(
description='Provided user doesn\'t have the required access rights',
required_scopes=required_scopes,
token_scopes=info['scope']
)

return info

def basic_auth(username, password):
if PASSWD.get(username) == password:
return {'sub': username}
# optional: raise exception for custom error response
return None

def get_secret(user) -> str:
return f"You are {user} and the secret is 'wbevuec'"
Expand Down
7 changes: 1 addition & 6 deletions examples/swagger2/basicauth/README.rst
Original file line number Diff line number Diff line change
Expand Up @@ -11,9 +11,4 @@ Running:
Now open your browser and go to http://localhost:8080/ui/ to see the Swagger UI.

The hardcoded credentials are ``admin`` and ``secret``.

For a more advanced example which reuses oauth scope for authorization see
the `OpenAPI3 Basic Auth example`_.

.. _OpenAPI3 Basic Auth example: https://github.com/zalando/connexion/tree/master/examples/openapi3/basicauth
The hardcoded credentials are ``admin:secret`` and ``foo:bar``.
14 changes: 8 additions & 6 deletions examples/swagger2/basicauth/app.py
Original file line number Diff line number Diff line change
Expand Up @@ -5,15 +5,17 @@

import connexion


def basic_auth(username, password, required_scopes=None):
if username == 'admin' and password == 'secret':
return {'sub': 'admin'}

PASSWD = {
'admin': 'secret',
'foo': 'bar'
}

def basic_auth(username, password):
if PASSWD.get(username) == password:
return {'sub': username}
# optional: raise exception for custom error response
return None


def get_secret(user) -> str:
return f"You are {user} and the secret is 'wbevuec'"

Expand Down

0 comments on commit 87a0fed

Please sign in to comment.