added swagger docs to exclusion list (#1170)
* added swagger docs to exclusion list w/ burnettk * added test for swagger docs w/ burnettk * pyl w/ burnettk --------- Co-authored-by: jasquat <jasquat@users.noreply.github.com>
This commit is contained in:
jasquat
GitHub
parent
afc4de4939
commit
bc2852c984
|
|
@ -93,6 +93,10 @@ AUTHENTICATION_EXCLUSION_LIST = {
|
|||
"test_raise_error": "spiffworkflow_backend.routes.debug_controller",
|
||||
"url_info": "spiffworkflow_backend.routes.debug_controller",
|
||||
"webhook": "spiffworkflow_backend.routes.webhooks_controller",
|
||||
# swagger api calls
|
||||
"console_ui_home": "connexion.apis.flask_api",
|
||||
"console_ui_static_files": "connexion.apis.flask_api",
|
||||
"get_json_spec": "connexion.apis.flask_api",
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -248,7 +252,6 @@ class AuthorizationService:
|
|||
|
||||
@classmethod
|
||||
def should_disable_auth_for_request(cls) -> bool:
|
||||
swagger_functions = ["get_json_spec"]
|
||||
if request.method == "OPTIONS":
|
||||
return True
|
||||
|
||||
|
|
@ -270,11 +273,7 @@ class AuthorizationService:
|
|||
and controller_name
|
||||
and controller_name in AUTHENTICATION_EXCLUSION_LIST[api_function_name]
|
||||
)
|
||||
or (
|
||||
api_function_name in swagger_functions
|
||||
or module == openid_blueprint
|
||||
or module == scaffold # don't check permissions for static assets
|
||||
)
|
||||
or (module == openid_blueprint or module == scaffold) # don't check permissions for static assets
|
||||
):
|
||||
return True
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,14 @@
|
|||
from flask.app import Flask
|
||||
from flask.testing import FlaskClient
|
||||
|
||||
from tests.spiffworkflow_backend.helpers.base_test import BaseTest
|
||||
|
||||
|
||||
class TestSwaggerDocs(BaseTest):
|
||||
def test_can_retrieve_swagger_docs_without_auth(
|
||||
self,
|
||||
app: Flask,
|
||||
client: FlaskClient,
|
||||
) -> None:
|
||||
response = client.get("/v1.0/ui/")
|
||||
assert response.status_code == 200
|
||||
Loading…
Reference in New Issue