1 changed files with 89 additions and 0 deletions
@ -0,0 +1,89 @@ |
|||||
|
import importlib |
||||
|
from base64 import b64encode |
||||
|
|
||||
|
import pytest |
||||
|
from fastapi.testclient import TestClient |
||||
|
|
||||
|
|
||||
|
@pytest.fixture( |
||||
|
name="client", |
||||
|
params=[ |
||||
|
pytest.param("tutorial007_py39"), |
||||
|
pytest.param("tutorial007_an_py39"), |
||||
|
], |
||||
|
) |
||||
|
def get_client(request: pytest.FixtureRequest): |
||||
|
mod = importlib.import_module(f"docs_src.security.{request.param}") |
||||
|
return TestClient(mod.app) |
||||
|
|
||||
|
|
||||
|
def test_security_http_basic(client: TestClient): |
||||
|
response = client.get("/users/me", auth=("stanleyjobson", "swordfish")) |
||||
|
assert response.status_code == 200, response.text |
||||
|
assert response.json() == {"username": "stanleyjobson"} |
||||
|
|
||||
|
|
||||
|
def test_security_http_basic_no_credentials(client: TestClient): |
||||
|
response = client.get("/users/me") |
||||
|
assert response.json() == {"detail": "Not authenticated"} |
||||
|
assert response.status_code == 401, response.text |
||||
|
assert response.headers["WWW-Authenticate"] == "Basic" |
||||
|
|
||||
|
|
||||
|
def test_security_http_basic_invalid_credentials(client: TestClient): |
||||
|
response = client.get( |
||||
|
"/users/me", headers={"Authorization": "Basic notabase64token"} |
||||
|
) |
||||
|
assert response.status_code == 401, response.text |
||||
|
assert response.headers["WWW-Authenticate"] == "Basic" |
||||
|
assert response.json() == {"detail": "Not authenticated"} |
||||
|
|
||||
|
|
||||
|
def test_security_http_basic_non_basic_credentials(client: TestClient): |
||||
|
payload = b64encode(b"johnsecret").decode("ascii") |
||||
|
auth_header = f"Basic {payload}" |
||||
|
response = client.get("/users/me", headers={"Authorization": auth_header}) |
||||
|
assert response.status_code == 401, response.text |
||||
|
assert response.headers["WWW-Authenticate"] == "Basic" |
||||
|
assert response.json() == {"detail": "Not authenticated"} |
||||
|
|
||||
|
|
||||
|
def test_security_http_basic_invalid_username(client: TestClient): |
||||
|
response = client.get("/users/me", auth=("alice", "swordfish")) |
||||
|
assert response.status_code == 401, response.text |
||||
|
assert response.json() == {"detail": "Incorrect username or password"} |
||||
|
assert response.headers["WWW-Authenticate"] == "Basic" |
||||
|
|
||||
|
|
||||
|
def test_security_http_basic_invalid_password(client: TestClient): |
||||
|
response = client.get("/users/me", auth=("stanleyjobson", "wrongpassword")) |
||||
|
assert response.status_code == 401, response.text |
||||
|
assert response.json() == {"detail": "Incorrect username or password"} |
||||
|
assert response.headers["WWW-Authenticate"] == "Basic" |
||||
|
|
||||
|
|
||||
|
def test_openapi_schema(client: TestClient): |
||||
|
response = client.get("/openapi.json") |
||||
|
assert response.status_code == 200, response.text |
||||
|
assert response.json() == { |
||||
|
"openapi": "3.1.0", |
||||
|
"info": {"title": "FastAPI", "version": "0.1.0"}, |
||||
|
"paths": { |
||||
|
"/users/me": { |
||||
|
"get": { |
||||
|
"responses": { |
||||
|
"200": { |
||||
|
"description": "Successful Response", |
||||
|
"content": {"application/json": {"schema": {}}}, |
||||
|
} |
||||
|
}, |
||||
|
"summary": "Read Current User", |
||||
|
"operationId": "read_current_user_users_me_get", |
||||
|
"security": [{"HTTPBasic": []}], |
||||
|
} |
||||
|
} |
||||
|
}, |
||||
|
"components": { |
||||
|
"securitySchemes": {"HTTPBasic": {"type": "http", "scheme": "basic"}} |
||||
|
}, |
||||
|
} |
||||
Loading…
Reference in new issue