OpenAPITools / openapi-generator

OpenAPI Generator allows generation of API client libraries (SDK generation), server stubs, documentation and configuration automatically given an OpenAPI Spec (v2, v3)
https://openapi-generator.tech
Apache License 2.0
21.91k stars 6.58k forks source link

[BUG][Python-Flask] securitySchemes: Endpoint module/function is not generated #1667

Open tomghyselinck opened 5 years ago

tomghyselinck commented 5 years ago
Description

When we start the server, it shows a warning: ... x-apikeyInfoFunc missing. This definition is required by connexion to identify the module/function which performs the apiKey authorization/authentication. See also what changed in #546 - Rework security flow.

It looks like openapi-generator(-cli) does not generate this key in the scheme. Is this intended?

The result is that authentication always fails and the server returns 401 - Unauthorized (No authorization token provided). See also release notes for Connexion 2.0:

If unsupported security requirements are defined or x-tokenInfoFunc/x-tokenInfoUrl is missing, connexion now denies requests instead of allowing access without security-check.

When we add the x-apikeyInfoFunc ourselves, and implement the endpoint, it works fine.

The same issue may probably occur with x-basicInfoFunc, x-bearerInfoFunc, etc. See also Security - Connexion 2.0 documentation

openapi-generator version

I used OpenAPI generator CLI version 4.0.0-SNAPSHOT: https://oss.sonatype.org/content/repositories/snapshots/org/openapitools/openapi-generator-cli/4.0.0-SNAPSHOT/openapi-generator-cli-4.0.0-20181210.103357-85.jar

OpenAPI declaration file content or url

See python-flask-security-endpoint.yaml in the attached zip-file: python-flask-security-endpoint.zip

Command line used for generation
java -jar openapi-generator-cli-4.x.jar generate -i ./python-flask-security-endpoint.yaml -g python-flask -o ./python-flask-security-endpoint/
Steps to reproduce
  1. Generate the server code

    ./python-flask-security-endpoint.sh

  2. Start the server

    (cd ./python-flask-security-endpoint && python3 -m openapi_server)

  3. Perform a client request

    curl -X GET "http://localhost:8080/data" -H "accept: application/json" -H "X-Full-Access-Token: 123"

    Returns:

    {
     "detail": "No authorization token provided",
     "status": 401,
     "title": "Unauthorized",
     "type": "about:blank"
    }
Related issues/PRs

I have not found any.

Suggest a fix
  1. If the x-apikeyInfoFunc (or any of the others mentioned) is not defined by the user, the openapi-generator-cli should generate the endpoint. I expect similar behavior like is done for the path operation endpoints.
  2. The endpoint module/function itself should also be generated.

Note: there may also be need for backward-compatibility with the deprecated x-tokenInfoUrl. See also Security - Connexion 2.0 documentation

cbornet commented 5 years ago

I see you opened a whole bunch of issues. Would you do PRs to fix them ?

tomghyselinck commented 5 years ago

I would love to! But unfortunately I don't get the time at work to implement them. If I find some time at home I can try to create some PRs.

I try to make the issues reports as clear as possible.

If you need any further things to verify, please let me know!

BenjaminSchiller commented 5 years ago

any updates on this issue yet?