schemathesis 4.0.0a10__py3-none-any.whl → 4.0.0a12__py3-none-any.whl

schemathesis/specs/openapi/checks.py

@@ -22,9 +22,6 @@ from schemathesis.openapi.checks import (
     MalformedMediaType,
     MissingContentType,
     MissingHeaders,
-    MissingRequiredHeaderConfig,
-    NegativeDataRejectionConfig,
-    PositiveDataAcceptanceConfig,
     RejectedPositiveData,
     UndefinedContentType,
     UndefinedStatusCode,
@@ -185,7 +182,7 @@ def response_headers_conformance(ctx: CheckContext, response: Response, case: Ca
                             title="Response header does not conform to the schema",
                             operation=case.operation.label,
                             exc=exc,
-                            output_config=case.operation.schema.output_config,
+                            config=case.operation.schema.config.output,
                         )
                     )
     return _maybe_raise_one_or_more(errors)  # type: ignore[func-returns-value]
@@ -233,8 +230,8 @@ def negative_data_rejection(ctx: CheckContext, response: Response, case: Case) -
     ):
         return True
 
-    config = ctx.config.get(negative_data_rejection, NegativeDataRejectionConfig())
-    allowed_statuses = expand_status_codes(config.allowed_statuses or [])
+    config = ctx.config.negative_data_rejection
+    allowed_statuses = expand_status_codes(config.expected_statuses or [])
 
     if (
         case.meta.generation.mode.is_negative
@@ -243,9 +240,9 @@ def negative_data_rejection(ctx: CheckContext, response: Response, case: Case) -
     ):
         raise AcceptedNegativeData(
             operation=case.operation.label,
-            message=f"Allowed statuses: {', '.join(config.allowed_statuses)}",
+            message=f"Allowed statuses: {', '.join(config.expected_statuses)}",
             status_code=response.status_code,
-            allowed_statuses=config.allowed_statuses,
+            expected_statuses=config.expected_statuses,
         )
     return None
 
@@ -261,21 +258,21 @@ def positive_data_acceptance(ctx: CheckContext, response: Response, case: Case)
     ):
         return True
 
-    config = ctx.config.get(positive_data_acceptance, PositiveDataAcceptanceConfig())
-    allowed_statuses = expand_status_codes(config.allowed_statuses or [])
+    config = ctx.config.positive_data_acceptance
+    allowed_statuses = expand_status_codes(config.expected_statuses or [])
 
     if case.meta.generation.mode.is_positive and response.status_code not in allowed_statuses:
         raise RejectedPositiveData(
             operation=case.operation.label,
-            message=f"Allowed statuses: {', '.join(config.allowed_statuses)}",
+            message=f"Allowed statuses: {', '.join(config.expected_statuses)}",
             status_code=response.status_code,
-            allowed_statuses=config.allowed_statuses,
+            allowed_statuses=config.expected_statuses,
         )
     return None
 
 
+@schemathesis.check
 def missing_required_header(ctx: CheckContext, response: Response, case: Case) -> bool | None:
-    # NOTE: This check is intentionally not registered with `@schemathesis.check` because it is experimental
     meta = case.meta
     if meta is None or not isinstance(meta.phase.data, CoveragePhaseData) or is_unexpected_http_status_case(case):
         return None
@@ -287,16 +284,17 @@ def missing_required_header(ctx: CheckContext, response: Response, case: Case) -
         and data.description.startswith("Missing ")
     ):
         if data.parameter.lower() == "authorization":
-            allowed_statuses = {401}
+            expected_statuses = {401}
         else:
-            config = ctx.config.get(missing_required_header, MissingRequiredHeaderConfig())
-            allowed_statuses = expand_status_codes(config.allowed_statuses or [])
-        if response.status_code not in allowed_statuses:
-            allowed = f"Allowed statuses: {', '.join(map(str, allowed_statuses))}"
+            config = ctx.config.missing_required_header
+            expected_statuses = expand_status_codes(config.expected_statuses or [])
+        if response.status_code not in expected_statuses:
+            allowed = f"Allowed statuses: {', '.join(map(str, expected_statuses))}"
             raise AssertionError(f"Unexpected response status for a missing header: {response.status_code}\n{allowed}")
     return None
 
 
+@schemathesis.check
 def unsupported_method(ctx: CheckContext, response: Response, case: Case) -> bool | None:
     meta = case.meta
     if meta is None or not isinstance(meta.phase.data, CoveragePhaseData) or response.request.method == "OPTIONS":
@@ -354,12 +352,12 @@ def use_after_free(ctx: CheckContext, response: Response, case: Case) -> bool |
     if response.status_code == 404 or response.status_code >= 500:
         return None
 
-    for related_case in ctx.find_related(case_id=case.id):
-        parent = ctx.find_parent(case_id=related_case.id)
+    for related_case in ctx._find_related(case_id=case.id):
+        parent = ctx._find_parent(case_id=related_case.id)
         if not parent:
             continue
 
-        parent_response = ctx.find_response(case_id=parent.id)
+        parent_response = ctx._find_response(case_id=parent.id)
 
         if (
             related_case.operation.method.lower() == "delete"
@@ -397,10 +395,10 @@ def ensure_resource_availability(ctx: CheckContext, response: Response, case: Ca
     if not (400 <= response.status_code < 500):
         return None
 
-    parent = ctx.find_parent(case_id=case.id)
+    parent = ctx._find_parent(case_id=case.id)
     if parent is None:
         return None
-    parent_response = ctx.find_response(case_id=parent.id)
+    parent_response = ctx._find_response(case_id=parent.id)
     if parent_response is None:
         return None
 
@@ -426,8 +424,8 @@ def ensure_resource_availability(ctx: CheckContext, response: Response, case: Ca
         return None
 
     # Look for any successful DELETE operations on this resource
-    for related_case in ctx.find_related(case_id=case.id):
-        related_response = ctx.find_response(case_id=related_case.id)
+    for related_case in ctx._find_related(case_id=case.id):
+        related_response = ctx._find_response(case_id=related_case.id)
         if (
             related_case.operation.method.upper() == "DELETE"
             and related_response is not None
@@ -480,25 +478,25 @@ def ignored_auth(ctx: CheckContext, response: Response, case: Case) -> bool | No
             # Auth is explicitly set, it is expected to be valid
             # Check if invalid auth will give an error
             no_auth_case = remove_auth(case, security_parameters)
-            kwargs = ctx.transport_kwargs or {}
+            kwargs = ctx._transport_kwargs or {}
             kwargs.copy()
             if "headers" in kwargs:
                 headers = kwargs["headers"].copy()
                 _remove_auth_from_explicit_headers(headers, security_parameters)
                 kwargs["headers"] = headers
             kwargs.pop("session", None)
-            ctx.record_case(parent_id=case.id, case=no_auth_case)
+            ctx._record_case(parent_id=case.id, case=no_auth_case)
             no_auth_response = case.operation.schema.transport.send(no_auth_case, **kwargs)
-            ctx.record_response(case_id=no_auth_case.id, response=no_auth_response)
+            ctx._record_response(case_id=no_auth_case.id, response=no_auth_response)
             if no_auth_response.status_code != 401:
                 _raise_no_auth_error(no_auth_response, no_auth_case, "that requires authentication")
             # Try to set invalid auth and check if it succeeds
             for parameter in security_parameters:
                 invalid_auth_case = remove_auth(case, security_parameters)
                 _set_auth_for_case(invalid_auth_case, parameter)
-                ctx.record_case(parent_id=case.id, case=invalid_auth_case)
+                ctx._record_case(parent_id=case.id, case=invalid_auth_case)
                 invalid_auth_response = case.operation.schema.transport.send(invalid_auth_case, **kwargs)
-                ctx.record_response(case_id=invalid_auth_case.id, response=invalid_auth_response)
+                ctx._record_response(case_id=invalid_auth_case.id, response=invalid_auth_response)
                 if invalid_auth_response.status_code != 401:
                     _raise_no_auth_error(invalid_auth_response, invalid_auth_case, "with any auth")
         elif auth == AuthKind.GENERATED:
@@ -542,7 +540,7 @@ def _contains_auth(
     from requests.cookies import RequestsCookieJar
 
     # If auth comes from explicit `auth` option or a custom auth, it is always explicit
-    if ctx.auth is not None or case._has_explicit_auth:
+    if ctx._auth is not None or case._has_explicit_auth:
         return AuthKind.EXPLICIT
     parsed = urlparse(request.url)
     query = parse_qs(parsed.query)  # type: ignore
@@ -565,19 +563,19 @@ def _contains_auth(
     for parameter in security_parameters:
         name = parameter["name"]
         if has_header(parameter):
-            if (ctx.headers is not None and name in ctx.headers) or (ctx.override and name in ctx.override.headers):
+            if (ctx._headers is not None and name in ctx._headers) or (ctx._override and name in ctx._override.headers):
                 return AuthKind.EXPLICIT
             return AuthKind.GENERATED
         if has_cookie(parameter):
-            if ctx.headers is not None and "Cookie" in ctx.headers:
-                cookies = cast(RequestsCookieJar, ctx.headers["Cookie"])  # type: ignore
+            if ctx._headers is not None and "Cookie" in ctx._headers:
+                cookies = cast(RequestsCookieJar, ctx._headers["Cookie"])  # type: ignore
                 if name in cookies:
                     return AuthKind.EXPLICIT
-            if ctx.override and name in ctx.override.cookies:
+            if ctx._override and name in ctx._override.cookies:
                 return AuthKind.EXPLICIT
             return AuthKind.GENERATED
         if has_query(parameter):
-            if ctx.override and name in ctx.override.query:
+            if ctx._override and name in ctx._override.query:
                 return AuthKind.EXPLICIT
             return AuthKind.GENERATED
 
@@ -630,6 +628,9 @@ def _set_auth_for_case(case: Case, parameter: SecurityParameter) -> None:
     ):
         if parameter["in"] == location:
             container = getattr(case, attr_name, {})
+            # Could happen in the negative testing mode
+            if not isinstance(container, dict):
+                container = {}
             container[name] = "SCHEMATHESIS-INVALID-VALUE"
             setattr(case, attr_name, container)
 

schemathesis/specs/openapi/examples.py

@@ -9,9 +9,9 @@ from typing import TYPE_CHECKING, Any, Generator, Iterator, Union, cast
 import requests
 from hypothesis_jsonschema import from_schema
 
+from schemathesis.config import GenerationConfig
 from schemathesis.core.transforms import deepclone
 from schemathesis.core.transport import DEFAULT_RESPONSE_TIMEOUT
-from schemathesis.generation import GenerationConfig
 from schemathesis.generation.case import Case
 from schemathesis.generation.hypothesis import examples
 from schemathesis.generation.meta import TestPhase
@@ -68,7 +68,7 @@ def get_strategies_from_examples(
     # Add examples from parameter's schemas
     examples.extend(extract_from_schemas(operation))
     return [
-        openapi_cases(operation=operation, **{**parameters, **kwargs, "phase": TestPhase.EXPLICIT}).map(
+        openapi_cases(operation=operation, **{**parameters, **kwargs, "phase": TestPhase.EXAMPLES}).map(
             serialize_components
         )
         for parameters in produce_combinations(examples)
@@ -274,12 +274,13 @@ def extract_from_schema(
                     continue
                 variants[name] = values
         if variants:
+            config = operation.schema.config.generation_for(operation=operation, phase="examples")
             for name, subschema in to_generate.items():
                 if name in variants:
                     # Generated by one of `anyOf` or similar sub-schemas
                     continue
                 subschema = operation.schema.prepare_schema(subschema)
-                generated = _generate_single_example(subschema, operation.schema.generation_config)
+                generated = _generate_single_example(subschema, config)
                 variants[name] = [generated]
             # Calculate the maximum number of examples any property has
             total_combos = max(len(examples) for examples in variants.values())

schemathesis/specs/openapi/formats.py

@@ -15,10 +15,37 @@ STRING_FORMATS: dict[str, st.SearchStrategy] = {}
 
 
 def register_string_format(name: str, strategy: st.SearchStrategy) -> None:
-    """Register a new strategy for generating data for specific string "format".
+    r"""Register a custom Hypothesis strategy for generating string format data.
+
+    Args:
+        name: String format name that matches the "format" keyword in your API schema
+        strategy: Hypothesis strategy to generate values for this format
+
+    Example:
+        ```python
+        import schemathesis
+        from hypothesis import strategies as st
+
+        # Register phone number format
+        phone_strategy = st.from_regex(r"\+1-\d{3}-\d{3}-\d{4}")
+        schemathesis.openapi.format("phone", phone_strategy)
+
+        # Register email with specific domain
+        email_strategy = st.from_regex(r"[a-z]+@company\.com")
+        schemathesis.openapi.format("company-email", email_strategy)
+        ```
+
+    Schema usage:
+        ```yaml
+        properties:
+          phone:
+            type: string
+            format: phone          # Uses your phone_strategy
+          contact_email:
+            type: string
+            format: company-email  # Uses your email_strategy
+        ```
 
-    :param str name: Format name. It should correspond the one used in the API schema as the "format" keyword value.
-    :param strategy: Hypothesis strategy you'd like to use to generate values for this format.
     """
     from hypothesis.strategies import SearchStrategy
 
@@ -38,11 +65,11 @@ def unregister_string_format(name: str) -> None:
         raise ValueError(f"Unknown Open API format: {name}") from exc
 
 
-def header_values(blacklist_characters: str = "\n\r") -> st.SearchStrategy[str]:
+def header_values(exclude_characters: str = "\n\r") -> st.SearchStrategy[str]:
     from hypothesis import strategies as st
 
     return st.text(
-        alphabet=st.characters(min_codepoint=0, max_codepoint=255, blacklist_characters=blacklist_characters)
+        alphabet=st.characters(min_codepoint=0, max_codepoint=255, exclude_characters=exclude_characters)
         # Header values with leading non-visible chars can't be sent with `requests`
     ).map(str.lstrip)
 

schemathesis/specs/openapi/media_types.py

@@ -15,7 +15,50 @@ MEDIA_TYPES: dict[str, st.SearchStrategy[bytes]] = {}
 
 
 def register_media_type(name: str, strategy: st.SearchStrategy[bytes], *, aliases: Collection[str] = ()) -> None:
-    """Register a strategy for the given media type."""
+    r"""Register a custom Hypothesis strategy for generating media type content.
+
+    Args:
+        name: Media type name that matches your OpenAPI requestBody content type
+        strategy: Hypothesis strategy that generates bytes for this media type
+        aliases: Additional media type names that use the same strategy
+
+    Example:
+        ```python
+        import schemathesis
+        from hypothesis import strategies as st
+
+        # Register PDF file strategy
+        pdf_strategy = st.sampled_from([
+            b"%PDF-1.4\n1 0 obj\n<<\n/Type /Catalog\n>>\nendobj\n%%EOF",
+            b"%PDF-1.5\n%\xe2\xe3\xcf\xd3\n1 0 obj\n<<\n/Type /Catalog\n>>\nendobj\n%%EOF"
+        ])
+        schemathesis.openapi.media_type("application/pdf", pdf_strategy)
+
+        # Dynamic content generation
+        @st.composite
+        def xml_content(draw):
+            tag = draw(st.text(min_size=3, max_size=10))
+            content = draw(st.text(min_size=1, max_size=50))
+            return f"<?xml version='1.0'?><{tag}>{content}</{tag}>".encode()
+
+        schemathesis.openapi.media_type("application/xml", xml_content())
+        ```
+
+    Schema usage:
+        ```yaml
+        requestBody:
+          content:
+            application/pdf:        # Uses your PDF strategy
+              schema:
+                type: string
+                format: binary
+            application/xml:        # Uses your XML strategy
+              schema:
+                type: string
+                format: binary
+        ```
+
+    """
 
     @REQUESTS_TRANSPORT.serializer(name, *aliases)
     @ASGI_TRANSPORT.serializer(name, *aliases)

schemathesis/specs/openapi/negative/__init__.py

@@ -9,12 +9,12 @@ import jsonschema
 from hypothesis import strategies as st
 from hypothesis_jsonschema import from_schema
 
+from schemathesis.config import GenerationConfig
+
 from ..constants import ALL_KEYWORDS
 from .mutations import MutationContext
 
 if TYPE_CHECKING:
-    from schemathesis.generation import GenerationConfig
-
     from .types import Draw, Schema
 
 

schemathesis/specs/openapi/patterns.py

@@ -19,6 +19,7 @@ if hasattr(sre, "POSSESSIVE_REPEAT"):
 else:
     REPEATS = (sre.MIN_REPEAT, sre.MAX_REPEAT)
 LITERAL = sre.LITERAL
+NOT_LITERAL = sre.NOT_LITERAL
 IN = sre.IN
 MAXREPEAT = sre_parse.MAXREPEAT
 
@@ -114,8 +115,20 @@ def _handle_anchored_pattern(parsed: list, pattern: str, min_length: int | None,
 
     pattern_parts = parsed[1:-1]
 
+    # Calculate total fixed length and per-repetition lengths
+    fixed_length = 0
+    quantifier_bounds = []
+    repetition_lengths = []
+
+    for op, value in pattern_parts:
+        if op in (LITERAL, NOT_LITERAL):
+            fixed_length += 1
+        elif op in REPEATS:
+            min_repeat, max_repeat, subpattern = value
+            quantifier_bounds.append((min_repeat, max_repeat))
+            repetition_lengths.append(_calculate_min_repetition_length(subpattern))
+
     # Adjust length constraints by subtracting fixed literals length
-    fixed_length = sum(1 for op, _ in pattern_parts if op == LITERAL)
     if min_length is not None:
         min_length -= fixed_length
         if min_length < 0:
@@ -125,13 +138,10 @@ def _handle_anchored_pattern(parsed: list, pattern: str, min_length: int | None,
         if max_length < 0:
             return pattern
 
-    # Extract only min/max bounds from quantified parts
-    quantifier_bounds = [value[:2] for op, value in pattern_parts if op in REPEATS]
-
     if not quantifier_bounds:
         return pattern
 
-    length_distribution = _distribute_length_constraints(quantifier_bounds, min_length, max_length)
+    length_distribution = _distribute_length_constraints(quantifier_bounds, repetition_lengths, min_length, max_length)
     if not length_distribution:
         return pattern
 
@@ -212,7 +222,7 @@ def _find_quantified_end(pattern: str, start: int) -> int:
 
 
 def _distribute_length_constraints(
-    bounds: list[tuple[int, int]], min_length: int | None, max_length: int | None
+    bounds: list[tuple[int, int]], repetition_lengths: list[int], min_length: int | None, max_length: int | None
 ) -> list[tuple[int, int]] | None:
     """Distribute length constraints among quantified pattern parts."""
     # Handle exact length case with dynamic programming
@@ -228,18 +238,22 @@ def _distribute_length_constraints(
             if pos == len(bounds):
                 return [()] if remaining == 0 else None
 
-            max_len: int
-            min_len, max_len = bounds[pos]
-            if max_len == MAXREPEAT:
-                max_len = remaining + 1
-            else:
-                max_len += 1
+            max_repeat: int
+            min_repeat, max_repeat = bounds[pos]
+            repeat_length = repetition_lengths[pos]
+
+            if max_repeat == MAXREPEAT:
+                max_repeat = remaining // repeat_length + 1 if repeat_length > 0 else remaining + 1
 
             # Try each possible length for current quantifier
-            for length in range(min_len, max_len):
-                rest = find_valid_combination(pos + 1, remaining - length)
+            for repeat_count in range(min_repeat, max_repeat + 1):
+                used_length = repeat_count * repeat_length
+                if used_length > remaining:
+                    break
+
+                rest = find_valid_combination(pos + 1, remaining - used_length)
                 if rest is not None:
-                    dp[(pos, remaining)] = [(length,) + r for r in rest]
+                    dp[(pos, remaining)] = [(repeat_count,) + r for r in rest]
                     return dp[(pos, remaining)]
 
             dp[(pos, remaining)] = None
@@ -280,6 +294,22 @@ def _distribute_length_constraints(
     return result
 
 
+def _calculate_min_repetition_length(subpattern: list) -> int:
+    """Calculate minimum length contribution per repetition of a quantified group."""
+    total = 0
+    for op, value in subpattern:
+        if op in [LITERAL, NOT_LITERAL, IN, sre.ANY]:
+            total += 1
+        elif op == sre.SUBPATTERN:
+            _, _, _, inner_pattern = value
+            total += _calculate_min_repetition_length(inner_pattern)
+        elif op in REPEATS:
+            min_repeat, _, inner_pattern = value
+            inner_min = _calculate_min_repetition_length(inner_pattern)
+            total += min_repeat * inner_min
+    return total
+
+
 def _get_anchor_length(node_type: int) -> int:
     """Determine the length of the anchor based on its type."""
     if node_type in {sre.AT_BEGINNING_STRING, sre.AT_END_STRING, sre.AT_BOUNDARY, sre.AT_NON_BOUNDARY}:
@@ -293,7 +323,7 @@ def _update_quantifier(
     """Update the quantifier based on the operation type and given constraints."""
     if op in REPEATS and value is not None:
         return _handle_repeat_quantifier(value, pattern, min_length, max_length)
-    if op in (LITERAL, IN) and max_length != 0:
+    if op in (LITERAL, NOT_LITERAL, IN) and max_length != 0:
         return _handle_literal_or_in_quantifier(pattern, min_length, max_length)
     if op == sre.ANY and value is None:
         # Equivalent to `.` which is in turn is the same as `.{1}`

schemathesis/specs/openapi/references.py

@@ -5,10 +5,9 @@ from functools import lru_cache
 from typing import Any, Callable, Dict, Union, overload
 from urllib.request import urlopen
 
-import jsonschema
 import requests
 
-from schemathesis.core.compat import RefResolutionError
+from schemathesis.core.compat import RefResolutionError, RefResolver
 from schemathesis.core.deserialization import deserialize_yaml
 from schemathesis.core.transforms import deepclone
 from schemathesis.core.transport import DEFAULT_RESPONSE_TIMEOUT
@@ -48,7 +47,7 @@ def load_remote_uri(uri: str) -> Any:
 JSONType = Union[None, bool, float, str, list, Dict[str, Any]]
 
 
-class InliningResolver(jsonschema.RefResolver):
+class InliningResolver(RefResolver):
     """Inlines resolved schemas."""
 
     def __init__(self, *args: Any, **kwargs: Any) -> None:

schemathesis/specs/openapi/schemas.py

@@ -43,7 +43,7 @@ from schemathesis.generation.overrides import Override, OverrideMark, check_no_o
 from schemathesis.openapi.checks import JsonSchemaError, MissingContentType
 from schemathesis.specs.openapi.stateful import links
 
-from ...generation import GenerationConfig, GenerationMode
+from ...generation import GenerationMode
 from ...hooks import HookContext, HookDispatcher
 from ...schemas import APIOperation, APIOperationMap, ApiStatistic, BaseSchema, OperationDefinition
 from . import serialization
@@ -120,13 +120,18 @@ class BaseOpenAPISchema(BaseSchema):
         if map is not None:
             return map
         path_item = self.raw_schema.get("paths", {})[path]
-        scope, path_item = self._resolve_path_item(path_item)
+        with in_scope(self.resolver, self.location or ""):
+            scope, path_item = self._resolve_path_item(path_item)
         self.dispatch_hook("before_process_path", HookContext(), path, path_item)
         map = APIOperationMap(self, {})
         map._data = MethodMap(map, scope, path, CaseInsensitiveDict(path_item))
         cache.insert_map(path, map)
         return map
 
+    def find_operation_by_label(self, label: str) -> APIOperation | None:
+        method, path = label.split(" ", maxsplit=1)
+        return self[path][method]
+
     def on_missing_operation(self, item: str, exc: KeyError) -> NoReturn:
         matches = get_close_matches(item, list(self))
         self._on_missing_operation(item, exc, matches)
@@ -292,9 +297,7 @@ class BaseOpenAPISchema(BaseSchema):
         parameters = operation.get("parameters", ())
         return self.collect_parameters(itertools.chain(parameters, shared_parameters), operation)
 
-    def get_all_operations(
-        self, generation_config: GenerationConfig | None = None
-    ) -> Generator[Result[APIOperation, InvalidSchema], None, None]:
+    def get_all_operations(self) -> Generator[Result[APIOperation, InvalidSchema], None, None]:
         """Iterate over all operations defined in the API.
 
         Each yielded item is either `Ok` or `Err`, depending on the presence of errors during schema processing.
@@ -352,9 +355,6 @@ class BaseOpenAPISchema(BaseSchema):
                                 entry,
                                 resolved,
                                 scope,
-                                with_security_parameters=generation_config.with_security_parameters
-                                if generation_config
-                                else None,
                             )
                             yield Ok(operation)
                         except SCHEMA_PARSING_ERRORS as exc:
@@ -381,7 +381,9 @@ class BaseOpenAPISchema(BaseSchema):
         try:
             self.validate()
         except jsonschema.ValidationError as exc:
-            raise InvalidSchema.from_jsonschema_error(exc, path=path, method=method) from None
+            raise InvalidSchema.from_jsonschema_error(
+                exc, path=path, method=method, config=self.config.output
+            ) from None
         raise InvalidSchema(SCHEMA_ERROR_MESSAGE, path=path, method=method) from error
 
     def validate(self) -> None:
@@ -417,7 +419,6 @@ class BaseOpenAPISchema(BaseSchema):
         raw: dict[str, Any],
         resolved: dict[str, Any],
         scope: str,
-        with_security_parameters: bool | None = None,
     ) -> APIOperation:
         """Create JSON schemas for the query, body, etc from Swagger parameters definitions."""
         __tracebackhide__ = True
@@ -432,12 +433,8 @@ class BaseOpenAPISchema(BaseSchema):
         )
         for parameter in parameters:
             operation.add_parameter(parameter)
-        with_security_parameters = (
-            with_security_parameters
-            if with_security_parameters is not None
-            else self.generation_config.with_security_parameters
-        )
-        if with_security_parameters:
+        config = self.config.generation_for(operation=operation)
+        if config.with_security_parameters:
             self.security.process_definitions(self.raw_schema, operation, self.resolver)
         self.dispatch_hook("before_init_operation", HookContext(operation=operation), operation)
         return operation
@@ -544,22 +541,21 @@ class BaseOpenAPISchema(BaseSchema):
         operation: APIOperation,
         hooks: HookDispatcher | None = None,
         auth_storage: AuthStorage | None = None,
-        generation_mode: GenerationMode = GenerationMode.default(),
-        generation_config: GenerationConfig | None = None,
+        generation_mode: GenerationMode = GenerationMode.POSITIVE,
         **kwargs: Any,
     ) -> SearchStrategy:
         return openapi_cases(
             operation=operation,
-            auth_storage=auth_storage,
             hooks=hooks,
+            auth_storage=auth_storage,
             generation_mode=generation_mode,
-            generation_config=generation_config or self.generation_config,
             **kwargs,
         )
 
     def get_parameter_serializer(self, operation: APIOperation, location: str) -> Callable | None:
         definitions = [item.definition for item in operation.iter_parameters() if item.location == location]
-        if self.generation_config.with_security_parameters:
+        config = self.config.generation_for(operation=operation)
+        if config.with_security_parameters:
             security_parameters = self.security.get_security_definitions_as_parameters(
                 self.raw_schema, operation, self.resolver, location
             )
@@ -667,6 +663,7 @@ class BaseOpenAPISchema(BaseSchema):
         return jsonschema.Draft4Validator
 
     def validate_response(self, operation: APIOperation, response: Response) -> bool | None:
+        __tracebackhide__ = True
         responses = {str(key): value for key, value in operation.definition.raw.get("responses", {}).items()}
         status_code = str(response.status_code)
         if status_code in responses:
@@ -713,7 +710,7 @@ class BaseOpenAPISchema(BaseSchema):
                     JsonSchemaError.from_exception(
                         operation=operation.label,
                         exc=exc,
-                        output_config=operation.schema.output_config,
+                        config=operation.schema.config.output,
                     )
                 )
         _maybe_raise_one_or_more(failures)