[Python] Generated client uses basic auth when username and password are not set

[phillip-elliott]

Description

I have a spec that allows either use of basic auth or an API-Key header. The generated python client always uses basic auth when making requests even when the username and password are empty (""). The following header is added: Authorization: Basic Og==

Swagger-codegen version

I was using the version on https://editor.swagger.io/

Swagger declaration file content or url

My security definitions are:

"securityDefinitions" : {
    "APIKeyHeader" : {
      "type" : "apiKey",
      "in" : "header",
      "name" : "API-Key"
    },
    "basicAuth" : {
      "type" : "basic"
    }
  }

I am applying these schemes globally:

"security" : [ {
    "APIKeyHeader" : [ ]
  }, {
    "basicAuth" : [ ]
  } ]

[masterofpancake]

(I hope this problem is not solvable via some configuration)

I have had this same issue, and after some investigation i found that:

1. In the configuration class username, and password are set to be empty strings, and a basicAuth token is still generated
2. The method get_basic_auth_token generates a authentication token based on the empty strings = Basic Og==
3. When a http request is about to be made, the authentication headers are set via update_params_for_auth, this method checks all posible auth_settings, and sets the value in the header to the last valid settings, in this case basicAuth

def update_params_for_auth(self, headers, querys, auth_settings):
...
    for auth in auth_settings:
        auth_setting = self.configuration.auth_settings().get(auth)
        if auth_setting:
            # This is true when even when the username and password are set to ""
            if not auth_setting['value']:
                continue
...

Since i'm weary much new here: is it possible to add a flag to the configuration class so that we can turn of the use of basicAuth, or make get_basic_auth_token return false when both username and password are not set? Are the use of empty username's and passwords something that is worth supporting?

Either way i tried modifying my get_basic_auth_token to this, and it worked fine.

`    def get_basic_auth_token(self):
        """Gets HTTP basic authentication header (string).

        :return: The token for basic HTTP authentication.
        """
        # This will make it so that update_params_for_auth considers and empty username and password faulty
        if not(self.username and self.password):
            return ""

        return urllib3.util.make_headers(
            basic_auth=self.username + ':' + self.password
        ).get('authorization')