added swagger docs to exclusion list (#1170)

* added swagger docs to exclusion list w/ burnettk

* added test for swagger docs w/ burnettk

* pyl w/ burnettk

---------

Co-authored-by: jasquat <jasquat@users.noreply.github.com>
This commit is contained in:
jasquat 2024-03-06 09:47:20 -05:00 committed by GitHub
parent afc4de4939
commit bc2852c984
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 19 additions and 6 deletions

View File

@ -93,6 +93,10 @@ AUTHENTICATION_EXCLUSION_LIST = {
"test_raise_error": "spiffworkflow_backend.routes.debug_controller",
"url_info": "spiffworkflow_backend.routes.debug_controller",
"webhook": "spiffworkflow_backend.routes.webhooks_controller",
# swagger api calls
"console_ui_home": "connexion.apis.flask_api",
"console_ui_static_files": "connexion.apis.flask_api",
"get_json_spec": "connexion.apis.flask_api",
}
@ -248,7 +252,6 @@ class AuthorizationService:
@classmethod
def should_disable_auth_for_request(cls) -> bool:
swagger_functions = ["get_json_spec"]
if request.method == "OPTIONS":
return True
@ -270,11 +273,7 @@ class AuthorizationService:
and controller_name
and controller_name in AUTHENTICATION_EXCLUSION_LIST[api_function_name]
)
or (
api_function_name in swagger_functions
or module == openid_blueprint
or module == scaffold # don't check permissions for static assets
)
or (module == openid_blueprint or module == scaffold) # don't check permissions for static assets
):
return True

View File

@ -0,0 +1,14 @@
from flask.app import Flask
from flask.testing import FlaskClient
from tests.spiffworkflow_backend.helpers.base_test import BaseTest
class TestSwaggerDocs(BaseTest):
def test_can_retrieve_swagger_docs_without_auth(
self,
app: Flask,
client: FlaskClient,
) -> None:
response = client.get("/v1.0/ui/")
assert response.status_code == 200