Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat: Minimal infrastructure for http, httpApiKey, and oauth2 security schemes #120

Merged
merged 27 commits into from
Nov 30, 2021
Merged
Show file tree
Hide file tree
Changes from 8 commits
Commits
Show all changes
27 commits
Select commit Hold shift + click to select a range
5e44d44
Adds minimal infrastructure for http, httpApiKey, and oauth2 security…
alex-zywicki Nov 10, 2021
d02b1a7
Adding basic integration tests
alex-zywicki Nov 10, 2021
7fef7a7
Handling more test issues
alex-zywicki Nov 11, 2021
70cd039
Apply suggestions from code review
alex-zywicki Nov 13, 2021
7f31070
Resolve review items.
alex-zywicki Nov 15, 2021
434ad27
Add some security unit tests
alex-zywicki Nov 15, 2021
9f7bc36
Add scope validate func loading and usage
alex-zywicki Nov 15, 2021
0d8f327
Rename scope_verify -> scope_validate. Actually load x-scopeValidateFunc
alex-zywicki Nov 15, 2021
eca58da
Adress review items
alex-zywicki Nov 18, 2021
4ce814f
Add validation for oauth2 flows
alex-zywicki Nov 18, 2021
34974e6
Add validataion for HTTP API Key security scheme
alex-zywicki Nov 18, 2021
acc2b78
Fix line length lint issue for line that can't really be shortened
alex-zywicki Nov 22, 2021
256cfff
Address review items
alex-zywicki Nov 23, 2021
a8e4e58
Add unit tests for types validation
alex-zywicki Nov 23, 2021
24ac1ac
Add lots more security unit tests
alex-zywicki Nov 23, 2021
7b29e59
Resolve most of the outstanding review items
alex-zywicki Nov 24, 2021
7e460ff
Refactor security check error handling scheme
alex-zywicki Nov 24, 2021
811f628
Remove scope validation from security checks for schemes that do not …
alex-zywicki Nov 24, 2021
becef94
Consolidate auth header format validation logic.
alex-zywicki Nov 24, 2021
5f67ace
Add a few more tests and refactor loading logic
alex-zywicki Nov 24, 2021
6a11f0f
Resolve more review items
alex-zywicki Nov 29, 2021
6ade4e2
Fix mock server test. Pass correct args to connect handler to match c…
alex-zywicki Nov 29, 2021
4b3b132
Add more secutiy tests to raise coverage level
alex-zywicki Nov 29, 2021
fece4c6
Add SecurityInfo type
alex-zywicki Nov 29, 2021
c72c818
Move Security info to security.py. Add to __init__.py. Add typing_ext…
alex-zywicki Nov 29, 2021
512cef3
Apply suggestions from code review
alex-zywicki Nov 30, 2021
edf7647
Use SecurityInfo in test handlers
alex-zywicki Nov 30, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -145,3 +145,6 @@ cython_debug/

# Logs
*.log

# IntelliJ Idea based IDE
.idea
25 changes: 25 additions & 0 deletions asynction/exceptions.py
Original file line number Diff line number Diff line change
Expand Up @@ -38,3 +38,28 @@ class MessageAckValidationException(ValidationException):
"""

pass


class SecurityException(AsynctionException):
alex-zywicki marked this conversation as resolved.
Show resolved Hide resolved
"""
Base Security Exception type.
alex-zywicki marked this conversation as resolved.
Show resolved Hide resolved
"""

pass


class UnregisteredSecurityScheme(SecurityException):
"""
Raised when a security scheme not listed in the securitySchemes section of the
spec is used in a ``security`` or ``x-security`` specification
"""

pass


class UnsupportedSecurityScheme(SecurityException):
"""
Raised when a specified security scheme is not supported by asynction
"""

pass
alex-zywicki marked this conversation as resolved.
Show resolved Hide resolved
18 changes: 17 additions & 1 deletion asynction/mock_server.py
Original file line number Diff line number Diff line change
Expand Up @@ -31,12 +31,15 @@
from hypothesis_jsonschema import from_schema
from hypothesis_jsonschema._from_schema import STRING_FORMATS

from asynction import UnregisteredSecurityScheme
from asynction.security import security_handler_factory
from asynction.server import AsynctionSocketIO
from asynction.types import AsyncApiSpec
from asynction.types import ErrorHandler
from asynction.types import JSONMapping
from asynction.types import JSONSchema
from asynction.types import Message
from asynction.types import SecurityRequirement
from asynction.validation import bindings_validator_factory
from asynction.validation import publish_message_validator_factory

Expand Down Expand Up @@ -210,7 +213,9 @@ def from_spec(
)

def _register_handlers(
self, default_error_handler: Optional[ErrorHandler] = None
self,
default_error_handler: Optional[ErrorHandler] = None,
server_security: Optional[Sequence[SecurityRequirement]] = None,
Copy link
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
server_security: Optional[Sequence[SecurityRequirement]] = None,
server_security: Sequence[SecurityRequirement],

Based on the comment in types.py

) -> None:
for namespace, channel in self.spec.channels.items():
if channel.publish is not None:
Expand Down Expand Up @@ -240,6 +245,17 @@ def _register_handlers(
with_bindings_validation = bindings_validator_factory(channel.bindings)
connect_handler = with_bindings_validation(connect_handler)

if server_security:
if not self.spec.components.security_schemes:
raise UnregisteredSecurityScheme
Copy link
Owner

@dedoussis dedoussis Nov 17, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Based on the comments I made under types.py this validation here is redundant. Essentially, it can be moved under the AsyncAPISpec class.


# create a security handler wrapper
with_security = security_handler_factory(
server_security, self.spec.components.security_schemes
)
# apply security
connect_handler = with_security(connect_handler)

self.on_event("connect", connect_handler, namespace)

if default_error_handler is not None:
Expand Down
Loading