From 61b4f13b62bfe0abbe50fc97f61e5200f63e3abf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebasti=C3=A1n=20Ram=C3=ADrez?= Date: Mon, 24 Nov 2025 19:09:07 +0100 Subject: [PATCH] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20Refactor=20HTTP=20security?= =?UTF-8?q?=20utility=20classes=20to=20simplify=20them,=20use=20the=20same?= =?UTF-8?q?=20type=20of=20error=20for=20invalid=20authentication?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- fastapi/security/http.py | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) diff --git a/fastapi/security/http.py b/fastapi/security/http.py index d04048e86..299f694dc 100644 --- a/fastapi/security/http.py +++ b/fastapi/security/http.py @@ -92,13 +92,6 @@ class HTTPBase(SecurityBase): headers=self.make_authenticate_headers(), ) - def make_invalid_user_credentials_error(self) -> HTTPException: - return HTTPException( - status_code=HTTP_401_UNAUTHORIZED, - detail="Invalid authentication credentials", - headers=self.make_authenticate_headers(), - ) - async def __call__( self, request: Request ) -> Optional[HTTPAuthorizationCredentials]: @@ -222,10 +215,10 @@ class HTTPBasic(HTTPBase): try: data = b64decode(param).decode("ascii") except (ValueError, UnicodeDecodeError, binascii.Error) as e: - raise self.make_invalid_user_credentials_error() from e + raise self.make_not_authenticated_error() from e username, separator, password = data.partition(":") if not separator: - raise self.make_invalid_user_credentials_error() + raise self.make_not_authenticated_error() return HTTPBasicCredentials(username=username, password=password) @@ -322,7 +315,7 @@ class HTTPBearer(HTTPBase): return None if scheme.lower() != "bearer": if self.auto_error: - raise self.make_invalid_user_credentials_error() + raise self.make_not_authenticated_error() else: return None return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials) @@ -425,7 +418,7 @@ class HTTPDigest(HTTPBase): return None if scheme.lower() != "digest": if self.auto_error: - raise self.make_invalid_user_credentials_error() + raise self.make_not_authenticated_error() else: return None return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials)