You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When I add an HTTP authentication scheme like ,e.g., Basic or Bearer to my specification, the genereated C++ Pistache code does neither provide username/password nor the bearer token to the called template method. In fact, nowhere in the generated code does any authentication/authorization logic appear.
openapi-generator version
Release 3.3.4
OpenAPI declaration file content or url
openapi: 3.0.0info:
title: Simple Example APIdescription: Show case for missing authorization in codegenversion: 1.0.0components:
securitySchemes:
basicAuth:
type: httpscheme: basicbearerAuth:
type: httpscheme: bearerbearerFormat: JWTsecurity:
- basicAuth: []
- bearerAuth: []paths:
/foo:
get:
responses:
'200':
description: Some foocontent:
application/json:
schema:
type: string
Copy above YAML code in a file named "my_showcase.yaml" and execute above command line. Check C++ Pistache code.
Expected behaviour
In generated method DefaultApi::foo_get_handler username/password and bearer token are extracted from the header and passed on to the virtual template method DefaultApi::foo_get.
Even better, another central, virtual template method DefaultApi::checkAuth could be added by the generator and could be called before DefaultApi::foo_get. The user could then implement DefaultApi::checkAuth with some logic for checking the credentials or bearer token without having the burden to manually repeat that in every single ressource-method.
Actual behaviour
There is no security logic added to the generate code whatsoever. Thus, the generated server stub is useless, because the user cannot even access the authorization header in DefaultApi::foo_get anymore.
The text was updated successfully, but these errors were encountered:
In any case, it should be the generator's job to translate the API specification correctly into source code. If bearer or basic is specified, then this should be reflected in the generated code, too.
Description
When I add an HTTP authentication scheme like ,e.g., Basic or Bearer to my specification, the genereated C++ Pistache code does neither provide username/password nor the bearer token to the called template method. In fact, nowhere in the generated code does any authentication/authorization logic appear.
openapi-generator version
Release 3.3.4
OpenAPI declaration file content or url
Command line used for generation
java -jar openapi-generator-cli.jar generate -i my_showcase.yaml -g cpp-pistache-server -o MyPistacheShowCase
Steps to reproduce
Copy above YAML code in a file named "my_showcase.yaml" and execute above command line. Check C++ Pistache code.
Expected behaviour
In generated method
DefaultApi::foo_get_handler
username/password and bearer token are extracted from the header and passed on to the virtual template methodDefaultApi::foo_get
.Even better, another central, virtual template method
DefaultApi::checkAuth
could be added by the generator and could be called beforeDefaultApi::foo_get
. The user could then implementDefaultApi::checkAuth
with some logic for checking the credentials or bearer token without having the burden to manually repeat that in every single ressource-method.Actual behaviour
There is no security logic added to the generate code whatsoever. Thus, the generated server stub is useless, because the user cannot even access the authorization header in
DefaultApi::foo_get
anymore.The text was updated successfully, but these errors were encountered: