Merge pull request #108 from DanielGrams/issue/107-auth-https

Make Swagger Auth URLs https #107

project/api/__init__.py

@@ -9,6 +9,8 @@ from flask_marshmallow import Marshmallow
 from apispec import APISpec
 from apispec.ext.marshmallow import MarshmallowPlugin
 from flask_apispec.extension import FlaskApiSpec
+from flask import url_for
+from apispec.exceptions import DuplicateComponentNameError
 
 
 class RestApi(Api):
@@ -139,6 +141,28 @@ def add_api_resource(resource, url, endpoint):
     api_docs.register(resource, endpoint=endpoint)
 
 
+def add_oauth2_scheme_with_transport(insecure: bool):
+    if insecure:
+        authorizationUrl = url_for("authorize", _external=True)
+        tokenUrl = url_for("issue_token", _external=True)
+    else:
+        authorizationUrl = url_for("authorize", _external=True, _scheme="https")
+        tokenUrl = url_for("issue_token", _external=True, _scheme="https")
+
+    oauth2_scheme = {
+        "type": "oauth2",
+        "authorizationUrl": authorizationUrl,
+        "tokenUrl": tokenUrl,
+        "flow": "accessCode",
+        "scopes": scopes,
+    }
+
+    try:
+        api_docs.spec.components.security_scheme("oauth2", oauth2_scheme)
+    except DuplicateComponentNameError:  # pragma: no cover
+        pass
+
+
 marshmallow_plugin.converter.add_attribute_function(enum_to_properties)
 
 import project.api.event.resources

project/init_data.py

@@ -1,27 +1,17 @@
 from project import app, db
-from project.api import api_docs, scopes
+from project.api import add_oauth2_scheme_with_transport
 from project.services.user import upsert_user_role
 from project.services.admin_unit import upsert_admin_unit_member_role
 from project.services.event import upsert_event_category
 from project.models import Location
-from flask import url_for
+import os
-from apispec.exceptions import DuplicateComponentNameError
 
 
 @app.before_first_request
 def add_oauth2_scheme():
-    oauth2_scheme = {
+    # At some sites the https scheme is not set yet
-        "type": "oauth2",
+    insecure = os.getenv("AUTHLIB_INSECURE_TRANSPORT", "False").lower() in ["true", "1"]
-        "authorizationUrl": url_for("authorize", _external=True),
+    add_oauth2_scheme_with_transport(insecure)
-        "tokenUrl": url_for("issue_token", _external=True),
-        "flow": "accessCode",
-        "scopes": scopes,
-    }
-
-    try:
-        api_docs.spec.components.security_scheme("oauth2", oauth2_scheme)
-    except DuplicateComponentNameError:  # pragma: no cover
-        pass
 
 
 @app.before_first_request

tests/api/test___init__.py

@@ -81,3 +81,11 @@ def test_handle_error_unspecificRaises(app):
 
     with pytest.raises(Exception):
         api.handle_error(error)
+
+
+def test_add_oauth2_scheme(app, utils):
+    from project.api import add_oauth2_scheme_with_transport
+
+    app.config["SERVER_NAME"] = "127.0.0.1"
+    with app.app_context():
+        add_oauth2_scheme_with_transport(False)

tests/conftest.py

@@ -15,6 +15,7 @@ def pytest_generate_tests(metafunc):
 def app():
     from project import app
 
+    app.config["SERVER_NAME"] = None
     app.config["TESTING"] = True
     app.testing = True