Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication in subroutes #1026

Open
dave42w opened this issue Nov 11, 2024 · 4 comments
Open

Authentication in subroutes #1026

dave42w opened this issue Nov 11, 2024 · 4 comments
Labels
bug Something isn't working

Comments

@dave42w
Copy link
Contributor

dave42w commented Nov 11, 2024

Bug Description

In this PR #1023 I first corrected the arguments for the SubRouter HTTP methods (Get, Post etc) as they were out of sync with the Robyn class - they did not have the auth_required argument.

I'm now pretty sure that there is a problem in Robyn.configure_authentication When a SubRouter is created the authentication_handler is none. However, Robyn.configure_authentication does not seem to set the authentication_handler for the SubRoutes, I'm also not sure if it is doing so for websockets or openapi endpoints (or even if it should)

That highlighted multiple testing issues

  1. There are no authentication tests for the subrouter (obviously because they should have been failing). I have committed some tests but they are failing with an AuthenticationNotConfiguredError()
  2. The only HTTP method with authentication is Get (Post, put etc are not tested in test_authentication.py) we should add tests for these as that is potentially a huge security hole.
  3. While looking into this I also noticed that we do have some unit tests (that should be obvious to me). However, our documentation never asks us to run these. Can we change the instructions from pytest integration_tests to pytest it still runs all the integration tests but also the unit tests.
  4. There don't seem to be Authentication tests for either Websockets or OpenApi. Should there be?
@dave42w dave42w added the bug Something isn't working label Nov 11, 2024
@sansyrox
Copy link
Member

Hey @dave42w 👋

I agree with all of them!

Yes

While looking into this I also noticed that we do have some unit tests (that should be obvious to me). However, our documentation never asks us to run these. Can we change the instructions from pytest integration_tests to pytest it still runs all the integration tests but also the unit tests.

Yes!

@dave42w
Copy link
Contributor Author

dave42w commented Nov 13, 2024

See this #889 and the links it contains.

@IA-PieroCV
Copy link

Hello everyone!
I noticed there’s an existing approach for subroute authentication. I’m proposing a new method to handle it. In this implementation, I’ve assumed certain precedence levels based on how closely a developer is involved with that specific part of the code. It has some differences on the current logic, but it's working pretty well on testings.
I’d love to hear your initial thoughts or any feedback you might have. Let me know what you think!

@sansyrox
Copy link
Member

Thanks @dave42w and @IA-PieroCV 👋

I've started a review. Hopefully it will be merged soon 😄

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants