mirror
/
tiangolo.fastapi
mirror of https://github.com/tiangolo/fastapi
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Updated http.py: Fixed response status code in case of missing auth creds 

Replaced 403 status code with 401 ; as 403 represents correct authentication but incorrect authorization. 

And the cases here are about missing creds in auth headers so 401 makes more sense. 

The response body is displaying the correct message but the response status code was 403.
pull/13729/head
Adit Soni 2 months ago
committed by GitHub
parent
e31f35ec65
commit
1a3936b377
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      fastapi/security/http.py

12
fastapi/security/http.py
View File

@ -9,7 +9,7 @@ from fastapi.security.base import SecurityBase
from fastapi.security.utils import get_authorization_scheme_param from fastapi.security.utils import get_authorization_scheme_param
from pydantic import BaseModel from pydantic import BaseModel
from starlette.requests import Request from starlette.requests import Request
from starlette.status import HTTP_401_UNAUTHORIZED, HTTP_403_FORBIDDEN from starlette.status import HTTP_401_UNAUTHORIZED
from typing_extensions import Annotated, Doc from typing_extensions import Annotated, Doc
@ -87,7 +87,7 @@ class HTTPBase(SecurityBase):
if not (authorization and scheme and credentials): if not (authorization and scheme and credentials):
if self.auto_error: if self.auto_error:
raise HTTPException( raise HTTPException(
status_code=HTTP_403_FORBIDDEN, detail="Not authenticated" status_code=HTTP_401_UNAUTHORIZED, detail="Not authenticated"
) )
else: else:
return None return None
@ -306,14 +306,14 @@ class HTTPBearer(HTTPBase):
if not (authorization and scheme and credentials): if not (authorization and scheme and credentials):
if self.auto_error: if self.auto_error:
raise HTTPException( raise HTTPException(
status_code=HTTP_403_FORBIDDEN, detail="Not authenticated" status_code=HTTP_401_UNAUTHORIZED, detail="Not authenticated"
) )
else: else:
return None return None
if scheme.lower() != "bearer": if scheme.lower() != "bearer":
if self.auto_error: if self.auto_error:
raise HTTPException( raise HTTPException(
status_code=HTTP_403_FORBIDDEN, status_code=HTTP_401_UNAUTHORIZED,
detail="Invalid authentication credentials", detail="Invalid authentication credentials",
) )
else: else:
@ -408,14 +408,14 @@ class HTTPDigest(HTTPBase):
if not (authorization and scheme and credentials): if not (authorization and scheme and credentials):
if self.auto_error: if self.auto_error:
raise HTTPException( raise HTTPException(
status_code=HTTP_403_FORBIDDEN, detail="Not authenticated" status_code=HTTP_401_UNAUTHORIZED, detail="Not authenticated"
) )
else: else:
return None return None
if scheme.lower() != "digest": if scheme.lower() != "digest":
if self.auto_error: if self.auto_error:
raise HTTPException( raise HTTPException(
status_code=HTTP_403_FORBIDDEN, status_code=HTTP_401_UNAUTHORIZED,
detail="Invalid authentication credentials", detail="Invalid authentication credentials",
) )
else: else:

Write Preview
Loading…
Cancel
Save