def get_auth(self):
"""
Obtains authentication classes and permissions from view. If authentication
is known, resolve security requirement for endpoint and security definition for
the component section.
For custom authentication subclass ``OpenApiAuthenticationExtension``.
"""
auths = []
for authenticator in self.view.get_authenticators():
scheme = OpenApiAuthenticationExtension.get_match(authenticator)
if not scheme:
warn(
f'could not resolve authenticator {authenticator.__class__}. There '
f'was no OpenApiAuthenticationExtension registered for that class. '
f'Try creating one by subclassing it. Ignoring for now.')
continue
security_requirements = scheme.get_security_requirement(self)
if security_requirements is not None:
auths.append(security_requirements)
component = ResolvedComponent(
name=scheme.name,
type=ResolvedComponent.SECURITY_SCHEMA,
object=authenticator.__class__,
schema=scheme.get_security_definition(self))
self.registry.register_on_missing(component)
if spectacular_settings.SECURITY:
auths.extend(spectacular_settings.SECURITY)
perms = [p.__class__ for p in self.view.get_permissions()]
if permissions.AllowAny in perms:
auths.append({})
elif permissions.IsAuthenticatedOrReadOnly in perms and self.method not in (
'PUT', 'PATCH', 'POST'):
auths.append({})
return auths
