From bc2852c98435d2b49309f4d23394217ed6157c80 Mon Sep 17 00:00:00 2001 From: jasquat <2487833+jasquat@users.noreply.github.com> Date: Wed, 6 Mar 2024 09:47:20 -0500 Subject: [PATCH] added swagger docs to exclusion list (#1170) * added swagger docs to exclusion list w/ burnettk * added test for swagger docs w/ burnettk * pyl w/ burnettk --------- Co-authored-by: jasquat --- .../services/authorization_service.py | 11 +++++------ .../integration/test_swagger_docs.py | 14 ++++++++++++++ 2 files changed, 19 insertions(+), 6 deletions(-) create mode 100644 spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_swagger_docs.py diff --git a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py index 20a7db00..ad92e467 100644 --- a/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py +++ b/spiffworkflow-backend/src/spiffworkflow_backend/services/authorization_service.py @@ -93,6 +93,10 @@ AUTHENTICATION_EXCLUSION_LIST = { "test_raise_error": "spiffworkflow_backend.routes.debug_controller", "url_info": "spiffworkflow_backend.routes.debug_controller", "webhook": "spiffworkflow_backend.routes.webhooks_controller", + # swagger api calls + "console_ui_home": "connexion.apis.flask_api", + "console_ui_static_files": "connexion.apis.flask_api", + "get_json_spec": "connexion.apis.flask_api", } @@ -248,7 +252,6 @@ class AuthorizationService: @classmethod def should_disable_auth_for_request(cls) -> bool: - swagger_functions = ["get_json_spec"] if request.method == "OPTIONS": return True @@ -270,11 +273,7 @@ class AuthorizationService: and controller_name and controller_name in AUTHENTICATION_EXCLUSION_LIST[api_function_name] ) - or ( - api_function_name in swagger_functions - or module == openid_blueprint - or module == scaffold # don't check permissions for static assets - ) + or (module == openid_blueprint or module == scaffold) # don't check permissions for static assets ): return True diff --git a/spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_swagger_docs.py b/spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_swagger_docs.py new file mode 100644 index 00000000..87f96268 --- /dev/null +++ b/spiffworkflow-backend/tests/spiffworkflow_backend/integration/test_swagger_docs.py @@ -0,0 +1,14 @@ +from flask.app import Flask +from flask.testing import FlaskClient + +from tests.spiffworkflow_backend.helpers.base_test import BaseTest + + +class TestSwaggerDocs(BaseTest): + def test_can_retrieve_swagger_docs_without_auth( + self, + app: Flask, + client: FlaskClient, + ) -> None: + response = client.get("/v1.0/ui/") + assert response.status_code == 200