Top-level security requirements aren't inherited by operations

[pwfff]

I have one API key security definition that's listed as a requirement for all the operations in my API, but it's not being applied when I make the request:

In [10]: c.app.raw.security
Out[10]: [{'api_token': []}]

In [11]: c.app.raw.securityDefinitions
Out[11]: {'api_token': <pyswagger.spec.v2_0.objects.SecurityScheme at 0x10d6729d0>}

In [12]: print c.app.op['post_import'].security
None

[mission-liao]

Hi,

The Security Definition Object describes the details of security definition. And then in each Operation object, the API designer need to specify which security should be applied in the Security Requirement Object.

As far as I know, there is still no place to describe an Service-wide security requirement, you need to specify them for each Operation Object.

[pwfff]

See the 'security' field, right under 'securityDefinitions': https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md

A declaration of which security schemes are applied for the API as a whole. The list of values describes alternative security schemes that can be used (that is, there is a logical OR between the security requirements). Individual operations can override this definition.

[mission-liao]

You are right, that part is totally missed. Thanks for reporting this issue, I'll fix it tomorrow.

[mission-liao]

@pwfff I just submitted a fix for this issue, you can rebase your repo to apply it. A new build would be provided after I fix all issues found by you.

[pwfff]

Works great, thank you!

[mission-liao]

This fix is included in 0.8.17, reopen it if you find anything broken.