[Python] Conditionally set auth attributes #4988
Conversation
sebastien-rosset
changed the title
|
@taxpon @frol @mbohlool @cbornet @kenjones-cisco @tomplus @Jyhess @slash-arun @spacether |
|
@sebastien-rosset how is this pull request different than your old one? |
Based on feedback from @wing328, I have made the following changes to avoid any breaking change for existing users:
|
|
There seems to be an unrelated build issue: |
|
@wing328 why should we keep the api_key_prefix data in a separate dict when that data is storing info about an api_key? If we store it there it would be a breaking change with fallback and it reduces the number or dicts that we use from two to one. That way questions like:
|
My understanding is that we should split in two separate PRs: one that can go in master without breaking the backward compatibility (because master will be used as the basis for the next minor revision), and another PR that should go into the next release that can potentially break backward compatibility. |
Ah understood. Thanks for your explanation. |
|
Unrelated network error during build |
|
Build failure due to unrelated transient network issue. |
|
Did we removed a feature where |
No, I don't think so. I think the problem is happening because @martyzz1 has a configuration.mustache template based on the old version. In the new configuration.mustache template, the code makes sure to skip auth_settings items if the corresponding auth parameters are not set in the Configuration class. |
Just to make sure, are you referring to @martyzz1's issue, or something else? |
I was referring to this PR but upon closer reading of it, I don't think that we removed a feature here. We're okay. |
|
From @sebastien-rosset 's detailed response - and knowing the changes I made to my configuration.mustache - I'd agree that no features are likely to have been removed... |
Thank you for your response. I will mark the issue resolved for now, feel free to reopen if needed. |
Ref: OpenAPITools/openapi-generator#4988 Signed-off-by: Nabarun Pal <[email protected]>
Fix for #3844:
Do not add auth parameter in HTTP request if auth parameter is set None
Add attribute to control which auth schemes can be used.
Currently, the python client obtains the list of security schemes that have been specified in the OAS spec, and automatically adds the authentication attributes in the header, cookie or query. This happens even if the parameters are unset. For example, the "Authorization" header may be set with an empty Bearer token:
'Authorization': 'Bearer '
With this PR, the bearer access token is no longer set if its value is None.
Tests performed:
Use OAS spec that specifies more than one security scheme for a given operation, e.g. OAuth2 and cookie
Generate the Python SDK using the master branch
Write a Python client that sets the cookie but not the OAuth2 access token
Invoke the client and verifies both auth attributes have been set (causing auth failure)
Generate the Python SDK using code from this PR
Invoke the client again, verify the auth parameters are set conditionally.
PR checklist
./bin/(or Windows batch scripts under.\bin\windows) to update Petstore samples related to your fix. This is important, as CI jobs will verify all generator outputs of your HEAD commit, and these must match the expectations made by your contribution. You only need to run./bin/{LANG}-petstore.sh,./bin/openapi3/{LANG}-petstore.shif updating the code or mustache templates for a language ({LANG}) (e.g. php, ruby, python, etc).master,4.3.x,5.0.x. Default:master.