sartography
/
spiff-arena
mirror of https://github.com/sartography/spiff-arena.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

added swagger docs to exclusion list (#1170) 

* added swagger docs to exclusion list w/ burnettk

* added test for swagger docs w/ burnettk

* pyl w/ burnettk

---------

Co-authored-by: jasquat <jasquat@users.noreply.github.com>
This commit is contained in:
jasquat 2024-03-06 09:47:20 -05:00 committed by GitHub
parent afc4de4939
commit bc2852c984
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py
View File

@ -93,6 +93,10 @@ AUTHENTICATION_EXCLUSION_LIST = {
"test_raise_error": "spiffworkflow_backend.routes.debug_controller", "test_raise_error": "spiffworkflow_backend.routes.debug_controller",
"url_info": "spiffworkflow_backend.routes.debug_controller", "url_info": "spiffworkflow_backend.routes.debug_controller",
"webhook": "spiffworkflow_backend.routes.webhooks_controller", "webhook": "spiffworkflow_backend.routes.webhooks_controller",
# swagger api calls
"console_ui_home": "connexion.apis.flask_api",
"console_ui_static_files": "connexion.apis.flask_api",
"get_json_spec": "connexion.apis.flask_api",
} }
@ -248,7 +252,6 @@ class AuthorizationService:
@classmethod @classmethod
def should_disable_auth_for_request(cls) -> bool: def should_disable_auth_for_request(cls) -> bool:
swagger_functions = ["get_json_spec"]
if request.method == "OPTIONS": if request.method == "OPTIONS":
return True return True
@ -270,11 +273,7 @@ class AuthorizationService:
and controller_name and controller_name
and controller_name in AUTHENTICATION_EXCLUSION_LIST[api_function_name] and controller_name in AUTHENTICATION_EXCLUSION_LIST[api_function_name]
) )
or ( or (module == openid_blueprint or module == scaffold) # don't check permissions for static assets
api_function_name in swagger_functions
or module == openid_blueprint
or module == scaffold # don't check permissions for static assets
)
): ):
return True return True

14
spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_swagger_docs.py Normal file
View File

@ -0,0 +1,14 @@
from flask.app import Flask
from flask.testing import FlaskClient
from tests.spiffworkflow_backend.helpers.base_test import BaseTest
class TestSwaggerDocs(BaseTest):
def test_can_retrieve_swagger_docs_without_auth(
self,
app: Flask,
client: FlaskClient,
) -> None:
response = client.get("/v1.0/ui/")
assert response.status_code == 200