diff --git a/tests/test_security_status_code_403_option.py b/tests/test_security_status_code_403_option.py deleted file mode 100644 index 95d385ae4..000000000 --- a/tests/test_security_status_code_403_option.py +++ /dev/null @@ -1,208 +0,0 @@ -from typing import Union - -import pytest -from fastapi import FastAPI, Security -from fastapi.security.api_key import APIKeyBase, APIKeyCookie, APIKeyHeader, APIKeyQuery -from fastapi.security.http import HTTPBase, HTTPBearer, HTTPDigest -from fastapi.security.oauth2 import OAuth2 -from fastapi.security.open_id_connect_url import OpenIdConnect -from fastapi.testclient import TestClient - - -@pytest.mark.parametrize( - "auth", - [ - APIKeyQuery(name="key", not_authenticated_status_code=403), - APIKeyHeader(name="key", not_authenticated_status_code=403), - APIKeyCookie(name="key", not_authenticated_status_code=403), - ], -) -def test_apikey_status_code_403_on_auth_error(auth: APIKeyBase): - """ - Test temporary `not_authenticated_status_code` parameter for APIKey** classes. - """ - - app = FastAPI() - - @app.get("/") - async def protected(_: str = Security(auth)): - pass # pragma: no cover - - client = TestClient(app) - - response = client.get("/") - assert response.status_code == 403 - assert response.json() == {"detail": "Not authenticated"} - - -@pytest.mark.parametrize( - "auth", - [ - APIKeyQuery(name="key", not_authenticated_status_code=403, auto_error=False), - APIKeyHeader(name="key", not_authenticated_status_code=403, auto_error=False), - APIKeyCookie(name="key", not_authenticated_status_code=403, auto_error=False), - ], -) -def test_apikey_status_code_403_on_auth_error_no_auto_error(auth: APIKeyBase): - """ - Test temporary `not_authenticated_status_code` parameter for APIKey** classes with - `auto_error=False`. - """ - - app = FastAPI() - - @app.get("/") - async def protected(_: str = Security(auth)): - pass # pragma: no cover - - client = TestClient(app) - - response = client.get("/") - assert response.status_code == 200 - - -@pytest.mark.parametrize( - "auth", - [ - HTTPBearer(not_authenticated_status_code=403), - OpenIdConnect(not_authenticated_status_code=403, openIdConnectUrl="/openid"), - OAuth2( - not_authenticated_status_code=403, - flows={"password": {"tokenUrl": "token", "scopes": {}}}, - ), - ], -) -def test_oauth2_status_code_403_on_auth_error(auth: Union[HTTPBase, OpenIdConnect]): - """ - Test temporary `not_authenticated_status_code` parameter for security classes that - follow rfc6750. - """ - - app = FastAPI() - - @app.get("/") - async def protected(_: str = Security(auth)): - pass # pragma: no cover - - client = TestClient(app) - - response = client.get("/") - assert response.status_code == 403 - assert response.json() == {"detail": "Not authenticated"} - - -@pytest.mark.parametrize( - "auth", - [ - HTTPBearer(not_authenticated_status_code=403, auto_error=False), - OpenIdConnect( - not_authenticated_status_code=403, - openIdConnectUrl="/openid", - auto_error=False, - ), - OAuth2( - not_authenticated_status_code=403, - flows={"password": {"tokenUrl": "token", "scopes": {}}}, - auto_error=False, - ), - ], -) -def test_oauth2_status_code_403_on_auth_error_no_auto_error( - auth: Union[HTTPBase, OpenIdConnect], -): - """ - Test temporary `not_authenticated_status_code` parameter for security classes that - follow rfc6750. - With `auto_error=False`. Response code should be 200 - """ - - app = FastAPI() - - @app.get("/") - async def protected(_: str = Security(auth)): - pass # pragma: no cover - - client = TestClient(app) - - response = client.get("/") - assert response.status_code == 200 - - -def test_digest_status_code_403_on_auth_error(): - """ - Test temporary `not_authenticated_status_code` parameter for `Digest` scheme. - """ - - app = FastAPI() - - auth = HTTPDigest(not_authenticated_status_code=403) - - @app.get("/") - async def protected(_: str = Security(auth)): - pass # pragma: no cover - - client = TestClient(app) - - response = client.get("/") - assert response.status_code == 403 - assert response.json() == {"detail": "Not authenticated"} - - -def test_digest_status_code_403_on_auth_error_no_auto_error(): - """ - Test temporary `not_authenticated_status_code` parameter for `Digest` scheme with - `auto_error=False`. - """ - - app = FastAPI() - - auth = HTTPDigest(not_authenticated_status_code=403, auto_error=False) - - @app.get("/") - async def protected(_: str = Security(auth)): - pass # pragma: no cover - - client = TestClient(app) - - response = client.get("/") - assert response.status_code == 200 - - -def test_httpbase_status_code_403_on_auth_error(): - """ - Test temporary `not_authenticated_status_code` parameter for `HTTPBase` class. - """ - - app = FastAPI() - - auth = HTTPBase(scheme="Other", not_authenticated_status_code=403) - - @app.get("/") - async def protected(_: str = Security(auth)): - pass # pragma: no cover - - client = TestClient(app) - - response = client.get("/") - assert response.status_code == 403 - assert response.json() == {"detail": "Not authenticated"} - - -def test_httpbase_status_code_403_on_auth_error_no_auto_error(): - """ - Test temporary `not_authenticated_status_code` parameter for `HTTPBase` class with - `auto_error=False`. - """ - - app = FastAPI() - - auth = HTTPBase(scheme="Other", not_authenticated_status_code=403, auto_error=False) - - @app.get("/") - async def protected(_: str = Security(auth)): - pass # pragma: no cover - - client = TestClient(app) - - response = client.get("/") - assert response.status_code == 200