[BUG][C++][cpp-pistache-server] HTTP authentication (basic/bearer) missing from generated code

[svdHero]

Description

When I add an HTTP authentication scheme like ,e.g., Basic or Bearer to my specification, the genereated C++ Pistache code does neither provide username/password nor the bearer token to the called template method. In fact, nowhere in the generated code does any authentication/authorization logic appear.

openapi-generator version

Release 3.3.4

OpenAPI declaration file content or url

    openapi: 3.0.0

    info:
      title: Simple Example API
      description: Show case for missing authorization in codegen
      version: 1.0.0

    components:
      securitySchemes:
        basicAuth:
          type: http
          scheme: basic
        bearerAuth:
          type: http
          scheme: bearer
          bearerFormat: JWT

    security:
      - basicAuth: []
      - bearerAuth: []

    paths:
      /foo:
        get:
          responses:
            '200':
              description: Some foo
              content:
                application/json:
                  schema: 
                    type: string

Command line used for generation

java -jar openapi-generator-cli.jar generate -i my_showcase.yaml -g cpp-pistache-server -o MyPistacheShowCase

Steps to reproduce

Copy above YAML code in a file named "my_showcase.yaml" and execute above command line. Check C++ Pistache code.

Expected behaviour

In generated method DefaultApi::foo_get_handler username/password and bearer token are extracted from the header and passed on to the virtual template method DefaultApi::foo_get.

Even better, another central, virtual template method DefaultApi::checkAuth could be added by the generator and could be called before DefaultApi::foo_get. The user could then implement DefaultApi::checkAuth with some logic for checking the credentials or bearer token without having the burden to manually repeat that in every single ressource-method.

Actual behaviour

There is no security logic added to the generate code whatsoever. Thus, the generated server stub is useless, because the user cannot even access the authorization header in DefaultApi::foo_get anymore.

[auto-labeler]

👍 Thanks for opening this issue!
🏷 I have applied any labels matching special text in your issue.

The team will review the labels and make any necessary changes.

[etherealjoy]

but pistache is http server not https, how will you use bearer and basic with http?

[svdHero]

That's missing the point. I merely reported wrong behavior in the generator. How TLS is provided has nothing to do with this issue.

However, there are (at least) two options:

1. Use an nginx as a proxy for HTTPS.
2. Use Pistache's built-in HTTPS functionality which has just been added, see [ENDPOINT] NEW: Now can use SSL encryption on HTTP endpoint pistacheio/pistache#226

In any case, it should be the generator's job to translate the API specification correctly into source code. If bearer or basic is specified, then this should be reflected in the generated code, too.

[tyler92]

Hi guys! Any news here?