openapi-core/tests/integration/validation/test_security_override.py

from base64 import b64encode

import pytest
from six import text_type

from openapi_core.shortcuts import create_spec
from openapi_core.validation.exceptions import InvalidSecurity
from openapi_core.validation.request.validators import RequestValidator
from openapi_core.testing import MockRequest


@pytest.fixture
def request_validator(spec):
    return RequestValidator(spec)


@pytest.fixture('class')
def spec(factory):
    spec_dict = factory.spec_from_file("data/v3.0/security_override.yaml")
    return create_spec(spec_dict)


class TestSecurityOverride(object):

    host_url = 'http://petstore.swagger.io'

    api_key = '12345'

    @property
    def api_key_encoded(self):
        api_key_bytes = self.api_key.encode('utf8')
        api_key_bytes_enc = b64encode(api_key_bytes)
        return text_type(api_key_bytes_enc, 'utf8')

    def test_default(self, request_validator):
        args = {'api_key': self.api_key}
        request = MockRequest(
            self.host_url, 'get', '/resource/one', args=args)

        result = request_validator.validate(request)

        assert not result.errors
        assert result.security == {
            'api_key': self.api_key,
        }

    def test_default_invalid(self, request_validator):
        request = MockRequest(self.host_url, 'get', '/resource/one')

        result = request_validator.validate(request)

        assert type(result.errors[0]) == InvalidSecurity
        assert result.security is None

    def test_override(self, request_validator):
        authorization = 'Basic ' + self.api_key_encoded
        headers = {
            'Authorization': authorization,
        }
        request = MockRequest(
            self.host_url, 'post', '/resource/one', headers=headers)

        result = request_validator.validate(request)

        assert not result.errors
        assert result.security == {
            'petstore_auth': self.api_key_encoded,
        }

    def test_override_invalid(self, request_validator):
        request = MockRequest(
            self.host_url, 'post', '/resource/one')

        result = request_validator.validate(request)

        assert type(result.errors[0]) == InvalidSecurity
        assert result.security is None

    def test_remove(self, request_validator):
        request = MockRequest(
            self.host_url, 'put', '/resource/one')

        result = request_validator.validate(request)

        assert not result.errors
        assert result.security == {}
Remove security on operation level fix 2021-02-02 12:39:53 +00:00			`from base64 import b64encode`

			`import pytest`
			`from six import text_type`

			`from openapi_core.shortcuts import create_spec`
			`from openapi_core.validation.exceptions import InvalidSecurity`
			`from openapi_core.validation.request.validators import RequestValidator`
			`from openapi_core.testing import MockRequest`


			`@pytest.fixture`
			`def request_validator(spec):`
			`return RequestValidator(spec)`


			`@pytest.fixture('class')`
			`def spec(factory):`
			`spec_dict = factory.spec_from_file("data/v3.0/security_override.yaml")`
			`return create_spec(spec_dict)`


			`class TestSecurityOverride(object):`

			`host_url = 'http://petstore.swagger.io'`

			`api_key = '12345'`

			`@property`
			`def api_key_encoded(self):`
			`api_key_bytes = self.api_key.encode('utf8')`
			`api_key_bytes_enc = b64encode(api_key_bytes)`
			`return text_type(api_key_bytes_enc, 'utf8')`

			`def test_default(self, request_validator):`
			`args = {'api_key': self.api_key}`
			`request = MockRequest(`
			`self.host_url, 'get', '/resource/one', args=args)`

			`result = request_validator.validate(request)`

			`assert not result.errors`
			`assert result.security == {`
			`'api_key': self.api_key,`
			`}`

			`def test_default_invalid(self, request_validator):`
			`request = MockRequest(self.host_url, 'get', '/resource/one')`

			`result = request_validator.validate(request)`

			`assert type(result.errors[0]) == InvalidSecurity`
			`assert result.security is None`

			`def test_override(self, request_validator):`
			`authorization = 'Basic ' + self.api_key_encoded`
			`headers = {`
			`'Authorization': authorization,`
			`}`
			`request = MockRequest(`
			`self.host_url, 'post', '/resource/one', headers=headers)`

			`result = request_validator.validate(request)`

			`assert not result.errors`
			`assert result.security == {`
			`'petstore_auth': self.api_key_encoded,`
			`}`

			`def test_override_invalid(self, request_validator):`
			`request = MockRequest(`
			`self.host_url, 'post', '/resource/one')`

			`result = request_validator.validate(request)`

			`assert type(result.errors[0]) == InvalidSecurity`
			`assert result.security is None`

			`def test_remove(self, request_validator):`
			`request = MockRequest(`
			`self.host_url, 'put', '/resource/one')`

			`result = request_validator.validate(request)`

			`assert not result.errors`
			`assert result.security == {}`