mirror
/
tiangolo.fastapi
mirror of https://github.com/tiangolo/fastapi
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Updated http.py: Fixed response status code in case of missing auth creds 

Replaced 403 status code with 401 ; as 403 represents correct authentication but incorrect authorization. 

And the cases here are about missing creds in auth headers so 401 makes more sense. 

The response body is displaying the correct message but the response status code was 403.
pull/13729/head
Adit Soni 2 months ago
committed by GitHub
parent
e31f35ec65
commit
1a3936b377
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
1 changed files with 6 additions and 6 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 12
      fastapi/security/http.py

12
fastapi/security/http.py
View File

@ -9,7 +9,7 @@ from fastapi.security.base import SecurityBase
from fastapi.security.utils import get_authorization_scheme_param
from pydantic import BaseModel
from starlette.requests import Request
from starlette.status import HTTP_401_UNAUTHORIZED, HTTP_403_FORBIDDEN
from starlette.status import HTTP_401_UNAUTHORIZED
from typing_extensions import Annotated, Doc
@ -87,7 +87,7 @@ class HTTPBase(SecurityBase):
if not (authorization and scheme and credentials):
if self.auto_error:
raise HTTPException(
status_code=HTTP_403_FORBIDDEN, detail="Not authenticated"
status_code=HTTP_401_UNAUTHORIZED, detail="Not authenticated"
)
else:
return None
@ -306,14 +306,14 @@ class HTTPBearer(HTTPBase):
if not (authorization and scheme and credentials):
if self.auto_error:
raise HTTPException(
status_code=HTTP_403_FORBIDDEN, detail="Not authenticated"
status_code=HTTP_401_UNAUTHORIZED, detail="Not authenticated"
)
else:
return None
if scheme.lower() != "bearer":
if self.auto_error:
raise HTTPException(
status_code=HTTP_403_FORBIDDEN,
status_code=HTTP_401_UNAUTHORIZED,
detail="Invalid authentication credentials",
)
else:
@ -408,14 +408,14 @@ class HTTPDigest(HTTPBase):
if not (authorization and scheme and credentials):
if self.auto_error:
raise HTTPException(
status_code=HTTP_403_FORBIDDEN, detail="Not authenticated"
status_code=HTTP_401_UNAUTHORIZED, detail="Not authenticated"
)
else:
return None
if scheme.lower() != "digest":
if self.auto_error:
raise HTTPException(
status_code=HTTP_403_FORBIDDEN,
status_code=HTTP_401_UNAUTHORIZED,
detail="Invalid authentication credentials",
)
else:

Write Preview
Loading…
Cancel
Save