diff --git a/docs/security.rst b/docs/security.rst index 6d4b6c111..3d4b20cc6 100644 --- a/docs/security.rst +++ b/docs/security.rst @@ -19,8 +19,8 @@ field that is either a space-separated list or an array of scopes belonging to the supplied token. This list of scopes will be validated against the scopes required by the API security definition to determine if the user is authorized. You can supply a custom scope validation func with ``x-scopeValidateFunc`` -or set ``SCOPEVALIDATE_FUNC`` env var, otherwise -``connexion.decorators.security.validate_scope`` will be used as default. +or set ``SCOPEVALIDATE_FUNC`` env var, otherwise default scope validation function +``connexion.security.security_handler_factory.validate_scope`` will be used automatically. The recommended approach is to return a dict which complies with diff --git a/examples/openapi3/basicauth/README.rst b/examples/openapi3/basicauth/README.rst index e1c265858..8f6bb8f89 100644 --- a/examples/openapi3/basicauth/README.rst +++ b/examples/openapi3/basicauth/README.rst @@ -11,10 +11,4 @@ Running: Now open your browser and go to http://localhost:8080/ui/ to see the Swagger UI. -The hardcoded credentials are ``admin`` and ``secret``. For an example with -correct authentication but missing access rights, use ``foo`` and ``bar``. - -For a more simple example which doesn't use oauth scope for authorization see -the `Swagger2 Basic Auth example`_. - -.. _Swagger2 Basic Auth example: https://github.com/zalando/connexion/tree/master/examples/swagger2/basicauth +The hardcoded credentials are ``admin:secret`` and ``foo:bar``. diff --git a/examples/openapi3/basicauth/app.py b/examples/openapi3/basicauth/app.py index 256fdd40a..1fb45c001 100755 --- a/examples/openapi3/basicauth/app.py +++ b/examples/openapi3/basicauth/app.py @@ -4,29 +4,17 @@ ''' import connexion -from connexion.decorators.security import validate_scope -from connexion.exceptions import OAuthScopeProblem +PASSWD = { + 'admin': 'secret', + 'foo': 'bar' +} -def basic_auth(username, password, required_scopes=None): - if username == 'admin' and password == 'secret': - info = {'sub': 'admin', 'scope': 'secret'} - elif username == 'foo' and password == 'bar': - info = {'sub': 'user1', 'scope': ''} - else: - # optional: raise exception for custom error response - return None - - # optional - if required_scopes is not None and not validate_scope(required_scopes, info['scope']): - raise OAuthScopeProblem( - description='Provided user doesn\'t have the required access rights', - required_scopes=required_scopes, - token_scopes=info['scope'] - ) - - return info - +def basic_auth(username, password): + if PASSWD.get(username) == password: + return {'sub': username} + # optional: raise exception for custom error response + return None def get_secret(user) -> str: return f"You are {user} and the secret is 'wbevuec'" diff --git a/examples/swagger2/basicauth/README.rst b/examples/swagger2/basicauth/README.rst index b265e8e82..8f6bb8f89 100644 --- a/examples/swagger2/basicauth/README.rst +++ b/examples/swagger2/basicauth/README.rst @@ -11,9 +11,4 @@ Running: Now open your browser and go to http://localhost:8080/ui/ to see the Swagger UI. -The hardcoded credentials are ``admin`` and ``secret``. - -For a more advanced example which reuses oauth scope for authorization see -the `OpenAPI3 Basic Auth example`_. - -.. _OpenAPI3 Basic Auth example: https://github.com/zalando/connexion/tree/master/examples/openapi3/basicauth +The hardcoded credentials are ``admin:secret`` and ``foo:bar``. diff --git a/examples/swagger2/basicauth/app.py b/examples/swagger2/basicauth/app.py index 33b28a52f..70f1f06fc 100755 --- a/examples/swagger2/basicauth/app.py +++ b/examples/swagger2/basicauth/app.py @@ -5,15 +5,17 @@ import connexion - -def basic_auth(username, password, required_scopes=None): - if username == 'admin' and password == 'secret': - return {'sub': 'admin'} - +PASSWD = { + 'admin': 'secret', + 'foo': 'bar' +} + +def basic_auth(username, password): + if PASSWD.get(username) == password: + return {'sub': username} # optional: raise exception for custom error response return None - def get_secret(user) -> str: return f"You are {user} and the secret is 'wbevuec'"