mirror
/
tiangolo.fastapi
mirror of https://github.com/tiangolo/fastapi
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge 9b7ad41659 into 1d434dec47

João Pedro 5 days ago
committed by GitHub
parent
1d434dec47 9b7ad41659
commit
4961709a17
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
3 changed files with 59 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      fastapi/param_functions.py
  2. 5
      fastapi/params.py
  3. 53
      tests/test_security_oauth2_scopes.py

3
fastapi/param_functions.py
View File

@ -2295,7 +2295,8 @@ def Security( # noqa: N802
Doc( Doc(
""" """
OAuth2 scopes required for the *path operation* that uses this Security OAuth2 scopes required for the *path operation* that uses this Security
dependency. dependency. If a string is given, the list of scopes will have only one scope
defined by the string value.
The term "scope" comes from the OAuth2 specification, it seems to be The term "scope" comes from the OAuth2 specification, it seems to be
intentionally vague and interpretable. It normally refers to permissions, intentionally vague and interpretable. It normally refers to permissions,

5
fastapi/params.py
View File

@ -783,4 +783,7 @@ class Security(Depends):
use_cache: bool = True, use_cache: bool = True,
): ):
super().__init__(dependency=dependency, use_cache=use_cache) super().__init__(dependency=dependency, use_cache=use_cache)
self.scopes = scopes or [] if isinstance(scopes, str):
self.scopes: Sequence[str] = [scopes]
else:
self.scopes = scopes or []

53
tests/test_security_oauth2_scopes.py
View File

@ -0,0 +1,53 @@
from typing import List
from fastapi import FastAPI, Security
from fastapi.params import Depends
from fastapi.security import OAuth2PasswordBearer
from fastapi.security.oauth2 import SecurityScopes
from fastapi.testclient import TestClient
app = FastAPI()
oauth2_scheme = OAuth2PasswordBearer(
tokenUrl="token",
scopes={"me": "Read information about the current user.", "items": "Read items."},
)
def get_security_scopes(
security_scopes: SecurityScopes, token=Depends(oauth2_scheme)
) -> List[str]:
return security_scopes.scopes
@app.get("/me")
async def read_single_scope(
current_scope=Security(get_security_scopes, scopes="me"),
):
return {"scopes": current_scope}
@app.get("/me-and-items")
async def read_multiple_scopes(
current_scope=Security(get_security_scopes, scopes=["me", "items"]),
):
return {"scopes": current_scope}
client = TestClient(app)
def test_single_scope_string():
response = client.get("/me", headers={"Authorization": "Bearer sometoken"})
assert response.status_code == 200
assert response.json() == {"scopes": ["me"]}
def test_list_scopes():
response = client.get(
"/me-and-items", headers={"Authorization": "Bearer sometoken"}
)
assert response.status_code == 200
assert response.json() == {"scopes": ["me", "items"]}
Write Preview
Loading…
Cancel
Save