:tada: I am excited to announce the latest release of Schemathesis! :tada:
You can now use custom authentication mechanisms from the `requests` library, apply authentication conditionally to specific API operations, and even throttle requests via the CLI. As always, we've also squashed a few bugs to improve the overall stability of Schemathesis! Happy testing! 🙌
:rocket: Added
- Schemathesis now supports custom authentication mechanisms from the `requests` library.
You can use `schemathesis.auth.set_from_requests` to set up Schemathesis CLI with any third-party authentication implementation that works with `requests`. 1700
python
import schemathesis
from requests_ntlm import HttpNtlmAuth
schemathesis.auth.set_from_requests(
HttpNtlmAuth("domain\\username", "password")
)
- Ability to apply authentication conditionally to specific API operations using a combination of `schemathesis.auth.apply_to()` and `schemathesis.auth.skip_for()` decorators.
python
import schemathesis
Apply auth only for operations that path starts with `/users/` but not the `POST` method
schemathesis.auth().apply_to(path_regex="^/users/").skip_for(method="POST")
class MyAuth:
...
- Add a convenience mapping-like interface to `OperationDefinition` including indexing access, the `get` method, and "in" support.
- Request throttling via the `--rate-limit` CLI option. 910
:wrench: Changed
- Unified Schemathesis custom authentication usage via the `schema.auth` decorator, replacing the previous `schema.auth.register` and `schema.auth.apply` methods:
python
import schemathesis
schema = schemathesis.from_uri("https://example.schemathesis.io/openapi.json")
Schema-level auth
Before: schema.auth.register()
schema.auth()
class MyAuth:
...
Test-level auth
Before: schema.auth.apply(MyAuth)
schema.auth(MyAuth)
schema.parametrize()
def test_api(case):
...
:bug: Fixed
- Handling of query parameters and cookies passed to `case.call` and query parameters passed to `case.call_wsgi`.
The user-provided values are now merged with the data generated by Schemathesis, instead of overriding it completely. 1705
- Parameter definition takes precedence over security schemes with the same name.
- `Unsatisfiable` error when explicit header name passed via CLI clashes with the header parameter name. 1699
- Not using the `port` keyword argument in schema loaders during API schema loading. 1721