Bug Description
In this PR #1023 I first corrected the arguments for the SubRouter HTTP methods (Get, Post etc) as they were out of sync with the Robyn class - they did not have the auth_required argument.
I'm now pretty sure that there is a problem in Robyn.configure_authentication When a SubRouter is created the authentication_handler is none. However, Robyn.configure_authentication does not seem to set the authentication_handler for the SubRoutes, I'm also not sure if it is doing so for websockets or openapi endpoints (or even if it should)
That highlighted multiple testing issues
- There are no authentication tests for the subrouter (obviously because they should have been failing). I have committed some tests but they are failing with an AuthenticationNotConfiguredError()
- The only HTTP method with authentication is Get (Post, put etc are not tested in test_authentication.py) we should add tests for these as that is potentially a huge security hole.
- While looking into this I also noticed that we do have some unit tests (that should be obvious to me). However, our documentation never asks us to run these. Can we change the instructions from
pytest integration_teststopytestit still runs all the integration tests but also the unit tests. - There don't seem to be Authentication tests for either Websockets or OpenApi. Should there be?
How does funding with Polar work?
Pay now to fund the work behind this issue.
Get updates on progress being made.
Maintainer is rewarded once the issue is completed.
Backer
You're funding impactful open source efforts
Contributor
You want to contribute to this effort
Maintainer
You want to get funding like this too