AttributeError: 'foo' object has no attribute 'required_scopes'

[jayvdb]

I am seeing a lot of occurrences of this

  File "/usr/local/lib/python3.6/site-packages/drf_spectacular/openapi.py", line 265, in get_auth
    auths.append(scheme.get_security_requirement(self.view))
  File "/usr/local/lib/python3.6/site-packages/drf_spectacular/contrib/authentication.py", line 32, in get_security_requirement
    return {self.name: view.required_scopes}
AttributeError: 'api_root' object has no attribute 'required_scopes'

That is the django-oscar-api, but it is so many others also.

Would it be possible for this to trigger a warning, and affected parts of the API to be discarded from the schema?

[tfranzel]

Hi @jayvdb, good catch. the scope parsing was just a very rudimentary first shot with a todo for later, which apparently was now 😄. i tried simulating what oauth toolkit is actually doing. i think that fix should cover most cases.

can you confirm that the bug is resolved?

[jayvdb]

fwiw, unrelated, the most common warnings I see are

WARNING #376: could not resolve authenticator <class 'rest_framework_jwt.authentication.JSONWebTokenAuthentication'>. There was no OpenApiAuthenticationExtension registered for that class. Try creating one by subclassing it. Ignoring for now.
WARNING #377: could not resolve authenticator <class 'rest_framework_social_oauth2.authentication.SocialAuthentication'>. There was no OpenApiAuthenticationExtension registered for that class. Try creating one by subclassing it. Ignoring for now.

(Yet another reason for me to switch to simplejwt..)

I guess I can fix it by following the hint there. I guess they need to be added to https://github.com/tfranzel/drf-spectacular/blob/7578ca5209cf69c78143b393fab790b40032241e/drf_spectacular/contrib/authentication.py

Is there a way to silence them other than implementing those?

Doing a build using master...

[jayvdb]

The exception has gone, however I have more warnings, and a lot of them are like:

WARNING #1155: Exception raised while getting serializer from wrapped_target. Hint: Is get_serializer_class() returning None or is get_queryset() not working without a request? Ignoring the view for now. (Exception: type object 'wrapped_target' has no attribute 'get_serializer')

Also lots of

WARNING #1146: could not process OAuth2 permissions for <class 'drf_spectacular.views.SpectacularAPIView'>. ignoring for now
...
WARNING #1153: could not process OAuth2 permissions for <class 'silk.profiling.profiler.WrappedAPIView'>. ignoring for now

And lots of identical repeats of that for oscarapi.views.admin.user.UserDetail

WARNING #1064: could not process OAuth2 permissions for <class 'oscarapi.views.admin.user.UserDetail'>. ignoring for now

And lots of identical repeats for oscarapi.views.login.LoginView

WARNING #830: could not process OAuth2 permissions for <class 'oscarapi.views.login.LoginView'>. ignoring for now

But I am happy; I no longer need my hacky workaround, so you can close this issue if the above are expected side-effects of your change.

[tfranzel]

regarding first post:

• i would appreciate PRs for popular libraries. that is why i designed the plugin system like that.
• No, you don't need to change the source for adding a plugin. put the class YourPlugin(OpenApiAuthenticationExtension) anywhere in your source. the plugin is picked up automagically. just make sure the interpreter comes by at least once. (think celery tasks auto-discovery)
• in your case i would suggest using simple_jwt because https://github.com/jpadilla/django-rest-framework-jwt in unmaintained.

[tfranzel]

regarding second post:

i suppose you have something like this DEFAULT_PERMISSION_CLASSES:[TokenHasResourceScope] in your settings.py. required_scopes is only optional for TokenHasReadWriteScope. fix it by subclassing SpectacularAPIView and settings your required_scopes and using that view instead for serving.

for that "wrapped" stuff i need more context. looks like your view is somehow decorated and the introspection cannot access get_serializer which is on every subclass of APIView. is that in your code or default behaviour for oscar?

[jayvdb]

fwiw, we use the living & maintained fork at https://github.com/Styria-Digital/django-rest-framework-jwt

[tfranzel]

let be back paddle on the ones similar to:

WARNING #830: could not process OAuth2 permissions for <class 'oscarapi.views.login.LoginView'>. ignoring for now

no that is a bug.... sry... the warning is just too broad. let me fix that

[tfranzel]

@jayvdb incorrect warning should be gone. the warning did not reflect what was going on. better now?

[jayvdb]

Nice. Back down to 899 warnings ;-)

[jayvdb]

I created dummy plugins for socialauth and drf-jwt, and now I am down to 290 warnings. The list is getting manageable.

[jayvdb]

for that "wrapped" stuff i need more context.

I would like more context to. Perhaps try to get the __module__ or __file__ for them?
It isnt in my own codebase. I'm trying to find it in my imported apps.

(Found one use of wrapped_target in site-packages : #30)

[jayvdb]

I think we've finished this issue now.