Security validation with Api Key support

Author: p1c2u

openapi_core/schema/components/factories.py

@@ -1,6 +1,9 @@
 from openapi_core.compat import lru_cache
 from openapi_core.schema.components.models import Components
 from openapi_core.schema.schemas.generators import SchemasGenerator
+from openapi_core.schema.security_schemes.generators import (
+    SecuritySchemesGenerator,
+)
 
 
 class ComponentsFactory(object):
@@ -15,15 +18,18 @@ def create(self, components_spec):
         schemas_spec = components_deref.get('schemas', {})
         responses_spec = components_deref.get('responses', {})
         parameters_spec = components_deref.get('parameters', {})
-        request_bodies_spec = components_deref.get('request_bodies', {})
+        request_bodies_spec = components_deref.get('requestBodies', {})
+        security_schemes_spec = components_deref.get('securitySchemes', {})
 
         schemas = self.schemas_generator.generate(schemas_spec)
         responses = self._generate_response(responses_spec)
         parameters = self._generate_parameters(parameters_spec)
         request_bodies = self._generate_request_bodies(request_bodies_spec)
+        security_schemes = self._generate_security_schemes(
+            security_schemes_spec)
         return Components(
             schemas=list(schemas), responses=responses, parameters=parameters,
-            request_bodies=request_bodies,
+            request_bodies=request_bodies, security_schemes=security_schemes,
         )
 
     @property
@@ -39,3 +45,7 @@ def _generate_parameters(self, parameters_spec):
 
     def _generate_request_bodies(self, request_bodies_spec):
         return request_bodies_spec
+
+    def _generate_security_schemes(self, security_schemes_spec):
+        return SecuritySchemesGenerator(self.dereferencer).generate(
+            security_schemes_spec)

openapi_core/schema/components/models.py

@@ -3,8 +3,11 @@ class Components(object):
 
     def __init__(
             self, schemas=None, responses=None, parameters=None,
-            request_bodies=None):
+            request_bodies=None, security_schemes=None):
         self.schemas = schemas and dict(schemas) or {}
         self.responses = responses and dict(responses) or {}
         self.parameters = parameters and dict(parameters) or {}
         self.request_bodies = request_bodies and dict(request_bodies) or {}
+        self.security_schemes = (
+            security_schemes and dict(security_schemes) or {}
+        )

openapi_core/schema/operations/generators.py

@@ -11,7 +11,9 @@
 from openapi_core.schema.parameters.generators import ParametersGenerator
 from openapi_core.schema.request_bodies.factories import RequestBodyFactory
 from openapi_core.schema.responses.generators import ResponsesGenerator
-from openapi_core.schema.security.factories import SecurityRequirementFactory
+from openapi_core.schema.security_requirements.generators import (
+    SecurityRequirementsGenerator,
+)
 from openapi_core.schema.servers.generators import ServersGenerator
 
 
@@ -39,16 +41,12 @@ def generate(self, path_name, path):
             tags_list = operation_deref.get('tags', [])
             summary = operation_deref.get('summary')
             description = operation_deref.get('description')
-            security_requirements_list = operation_deref.get('security', [])
+            security_spec = operation_deref.get('security', [])
             servers_spec = operation_deref.get('servers', [])
 
             servers = self.servers_generator.generate(servers_spec)
-
-            security = None
-            if security_requirements_list:
-                security = list(map(
-                    self.security_requirement_factory.create,
-                    security_requirements_list))
+            security = self.security_requirements_generator.generate(
+                security_spec)
 
             external_docs = None
             if 'externalDocs' in operation_deref:
@@ -67,10 +65,10 @@ def generate(self, path_name, path):
                 Operation(
                     http_method, path_name, responses, list(parameters),
                     summary=summary, description=description,
-                    external_docs=external_docs, security=security,
+                    external_docs=external_docs, security=list(security),
                     request_body=request_body, deprecated=deprecated,
                     operation_id=operation_id, tags=list(tags_list),
-                    servers=servers,
+                    servers=list(servers),
                 ),
             )
 
@@ -96,8 +94,8 @@ def request_body_factory(self):
 
     @property
     @lru_cache()
-    def security_requirement_factory(self):
-        return SecurityRequirementFactory(self.dereferencer)
+    def security_requirements_generator(self):
+        return SecurityRequirementsGenerator(self.dereferencer)
 
     @property
     @lru_cache()

openapi_core/schema/security/factories.py

@@ -0,0 +1,18 @@
+"""OpenAPI core security requirements generators module"""
+from openapi_core.schema.security_requirements.models import (
+    SecurityRequirement,
+)
+
+
+class SecurityRequirementsGenerator(object):
+
+    def __init__(self, dereferencer):
+        self.dereferencer = dereferencer
+
+    def generate(self, security_spec):
+        security_deref = self.dereferencer.dereference(security_spec)
+        for security_requirement_spec in security_deref:
+            name = next(iter(security_requirement_spec))
+            scope_names = security_requirement_spec[name]
+
+            yield SecurityRequirement(name, scope_names=scope_names)

openapi_core/schema/security/__init__.py renamed to openapi_core/schema/security_requirements/__init__.py

@@ -1,4 +1,4 @@
-"""OpenAPI core security models module"""
+"""OpenAPI core security requirements models module"""
 
 
 class SecurityRequirement(object):

openapi_core/schema/security_requirements/generators.py

@@ -0,0 +1,21 @@
+"""OpenAPI core security schemes enums module"""
+from enum import Enum
+
+
+class SecuritySchemeType(Enum):
+
+    API_KEY = 'apiKey'
+    HTTP = 'http'
+    OAUTH2 = 'oauth2'
+    OPEN_ID_CONNECT = 'openIdConnect'
+
+
+class ApiKeyLocation(Enum):
+
+    QUERY = 'query'
+    HEADER = 'header'
+    COOKIE = 'cookie'
+
+    @classmethod
+    def has_value(cls, value):
+        return (any(value == item.value for item in cls))

openapi_core/schema/security/models.py renamed to openapi_core/schema/security_requirements/models.py

@@ -0,0 +1,37 @@
+"""OpenAPI core security schemes generators module"""
+import logging
+
+from six import iteritems
+
+from openapi_core.schema.security_schemes.models import SecurityScheme
+
+log = logging.getLogger(__name__)
+
+
+class SecuritySchemesGenerator(object):
+
+    def __init__(self, dereferencer):
+        self.dereferencer = dereferencer
+
+    def generate(self, security_schemes_spec):
+        security_schemes_deref = self.dereferencer.dereference(
+            security_schemes_spec)
+
+        for scheme_name, scheme_spec in iteritems(security_schemes_deref):
+            scheme_deref = self.dereferencer.dereference(scheme_spec)
+            scheme_type = scheme_deref['type']
+            description = scheme_deref.get('description')
+            name = scheme_deref.get('name')
+            apikey_in = scheme_deref.get('in')
+            scheme = scheme_deref.get('scheme')
+            bearer_format = scheme_deref.get('bearerFormat')
+            flows = scheme_deref.get('flows')
+            open_id_connect_url = scheme_deref.get('openIdConnectUrl')
+
+            scheme = SecurityScheme(
+                scheme_type, description=description, name=name,
+                apikey_in=apikey_in, scheme=scheme,
+                bearer_format=bearer_format, flows=flows,
+                open_id_connect_url=open_id_connect_url,
+            )
+            yield scheme_name, scheme