From c77fcd244a99cd437bc28bd937c284ce88b565db Mon Sep 17 00:00:00 2001 From: Manish <88748362+manraut@users.noreply.github.com> Date: Thu, 6 Feb 2025 13:08:33 +0530 Subject: [PATCH 1/7] feat(security): change authentication failure status from 403 to 401 --- fastapi/security/api_key.py | 29 +++++++++++++++---- fastapi/security/http.py | 22 ++++++++++---- fastapi/security/oauth2.py | 6 ++-- fastapi/security/open_id_connect_url.py | 8 +++-- tests/test_security_api_key_cookie.py | 3 +- ...est_security_api_key_cookie_description.py | 3 +- tests/test_security_api_key_header.py | 3 +- ...est_security_api_key_header_description.py | 3 +- tests/test_security_api_key_query.py | 3 +- ...test_security_api_key_query_description.py | 3 +- tests/test_security_http_base.py | 3 +- tests/test_security_http_base_description.py | 3 +- tests/test_security_http_bearer.py | 6 ++-- .../test_security_http_bearer_description.py | 6 ++-- tests/test_security_http_digest.py | 6 ++-- .../test_security_http_digest_description.py | 6 ++-- tests/test_security_http_digest_optional.py | 3 +- tests/test_security_oauth2.py | 3 +- ...curity_oauth2_authorization_code_bearer.py | 2 ++ ...2_authorization_code_bearer_description.py | 2 ++ tests/test_security_openid_connect.py | 3 +- ...est_security_openid_connect_description.py | 3 +- 22 files changed, 93 insertions(+), 36 deletions(-) diff --git a/fastapi/security/api_key.py b/fastapi/security/api_key.py index 70c2dca8a..a0c34caed 100644 --- a/fastapi/security/api_key.py +++ b/fastapi/security/api_key.py @@ -4,17 +4,28 @@ from fastapi.openapi.models import APIKey, APIKeyIn from fastapi.security.base import SecurityBase from starlette.exceptions import HTTPException from starlette.requests import Request -from starlette.status import HTTP_403_FORBIDDEN +from starlette.status import HTTP_401_UNAUTHORIZED from typing_extensions import Annotated, Doc class APIKeyBase(SecurityBase): @staticmethod - def check_api_key(api_key: Optional[str], auto_error: bool) -> Optional[str]: + def check_api_key( + api_key: Optional[str], auto_error: bool, key_name: str, key_in: APIKeyIn + ) -> Optional[str]: if not api_key: if auto_error: + # Customize header based on where the API key should be + auth_header = { + APIKeyIn.query: f'ApiKey name="{key_name}", in="query"', + APIKeyIn.header: f'ApiKey name="{key_name}", in="header"', + APIKeyIn.cookie: f'ApiKey name="{key_name}", in="cookie"', + }.get(key_in, "ApiKey") + raise HTTPException( - status_code=HTTP_403_FORBIDDEN, detail="Not authenticated" + status_code=HTTP_401_UNAUTHORIZED, + detail="Not authenticated", + headers={"WWW-Authenticate": auth_header}, ) return None return api_key @@ -109,7 +120,9 @@ class APIKeyQuery(APIKeyBase): async def __call__(self, request: Request) -> Optional[str]: api_key = request.query_params.get(self.model.name) - return self.check_api_key(api_key, self.auto_error) + return self.check_api_key( + api_key, self.auto_error, self.model.name, APIKeyIn.query + ) class APIKeyHeader(APIKeyBase): @@ -197,7 +210,9 @@ class APIKeyHeader(APIKeyBase): async def __call__(self, request: Request) -> Optional[str]: api_key = request.headers.get(self.model.name) - return self.check_api_key(api_key, self.auto_error) + return self.check_api_key( + api_key, self.auto_error, self.model.name, APIKeyIn.header + ) class APIKeyCookie(APIKeyBase): @@ -285,4 +300,6 @@ class APIKeyCookie(APIKeyBase): async def __call__(self, request: Request) -> Optional[str]: api_key = request.cookies.get(self.model.name) - return self.check_api_key(api_key, self.auto_error) + return self.check_api_key( + api_key, self.auto_error, self.model.name, APIKeyIn.cookie + ) diff --git a/fastapi/security/http.py b/fastapi/security/http.py index e06f3d66d..d61d07887 100644 --- a/fastapi/security/http.py +++ b/fastapi/security/http.py @@ -9,7 +9,7 @@ from fastapi.security.base import SecurityBase from fastapi.security.utils import get_authorization_scheme_param from pydantic import BaseModel from starlette.requests import Request -from starlette.status import HTTP_401_UNAUTHORIZED, HTTP_403_FORBIDDEN +from starlette.status import HTTP_401_UNAUTHORIZED from typing_extensions import Annotated, Doc @@ -86,9 +86,13 @@ class HTTPBase(SecurityBase): scheme, credentials = get_authorization_scheme_param(authorization) if not (authorization and scheme and credentials): if self.auto_error: + print(scheme) raise HTTPException( - status_code=HTTP_403_FORBIDDEN, detail="Not authenticated" + status_code=HTTP_401_UNAUTHORIZED, + detail="Not authenticated", + headers={"WWW-Authenticate": self.model.scheme}, ) + else: return None return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials) @@ -306,15 +310,18 @@ class HTTPBearer(HTTPBase): if not (authorization and scheme and credentials): if self.auto_error: raise HTTPException( - status_code=HTTP_403_FORBIDDEN, detail="Not authenticated" + status_code=HTTP_401_UNAUTHORIZED, + detail="Not authenticated", + headers={"WWW-Authenticate": "Bearer"}, ) else: return None if scheme.lower() != "bearer": if self.auto_error: raise HTTPException( - status_code=HTTP_403_FORBIDDEN, + status_code=HTTP_401_UNAUTHORIZED, detail="Invalid authentication credentials", + headers={"WWW-Authenticate": "Bearer"}, ) else: return None @@ -408,13 +415,16 @@ class HTTPDigest(HTTPBase): if not (authorization and scheme and credentials): if self.auto_error: raise HTTPException( - status_code=HTTP_403_FORBIDDEN, detail="Not authenticated" + status_code=HTTP_401_UNAUTHORIZED, + detail="Not authenticated", + headers={"WWW-Authenticate": "Digest"}, ) else: return None if scheme.lower() != "digest": raise HTTPException( - status_code=HTTP_403_FORBIDDEN, + status_code=HTTP_401_UNAUTHORIZED, detail="Invalid authentication credentials", + headers={"WWW-Authenticate": "Digest"}, ) return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials) diff --git a/fastapi/security/oauth2.py b/fastapi/security/oauth2.py index 5ffad5986..9efa65a4c 100644 --- a/fastapi/security/oauth2.py +++ b/fastapi/security/oauth2.py @@ -7,7 +7,7 @@ from fastapi.param_functions import Form from fastapi.security.base import SecurityBase from fastapi.security.utils import get_authorization_scheme_param from starlette.requests import Request -from starlette.status import HTTP_401_UNAUTHORIZED, HTTP_403_FORBIDDEN +from starlette.status import HTTP_401_UNAUTHORIZED # TODO: import from typing when deprecating Python 3.9 from typing_extensions import Annotated, Doc @@ -381,7 +381,9 @@ class OAuth2(SecurityBase): if not authorization: if self.auto_error: raise HTTPException( - status_code=HTTP_403_FORBIDDEN, detail="Not authenticated" + status_code=HTTP_401_UNAUTHORIZED, + detail="Not authenticated", + headers={"WWW-Authenticate": "Bearer"}, ) else: return None diff --git a/fastapi/security/open_id_connect_url.py b/fastapi/security/open_id_connect_url.py index c8cceb911..925a3f738 100644 --- a/fastapi/security/open_id_connect_url.py +++ b/fastapi/security/open_id_connect_url.py @@ -4,7 +4,7 @@ from fastapi.openapi.models import OpenIdConnect as OpenIdConnectModel from fastapi.security.base import SecurityBase from starlette.exceptions import HTTPException from starlette.requests import Request -from starlette.status import HTTP_403_FORBIDDEN +from starlette.status import HTTP_401_UNAUTHORIZED from typing_extensions import Annotated, Doc @@ -77,7 +77,11 @@ class OpenIdConnect(SecurityBase): if not authorization: if self.auto_error: raise HTTPException( - status_code=HTTP_403_FORBIDDEN, detail="Not authenticated" + status_code=HTTP_401_UNAUTHORIZED, + detail="Not authenticated", + headers={ + "WWW-Authenticate": "Bearer", + }, ) else: return None diff --git a/tests/test_security_api_key_cookie.py b/tests/test_security_api_key_cookie.py index 4ddb8e2ee..81a8b19c0 100644 --- a/tests/test_security_api_key_cookie.py +++ b/tests/test_security_api_key_cookie.py @@ -32,8 +32,9 @@ def test_security_api_key(): def test_security_api_key_no_key(): client = TestClient(app) response = client.get("/users/me") - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == 'ApiKey name="key", in="cookie"' def test_openapi_schema(): diff --git a/tests/test_security_api_key_cookie_description.py b/tests/test_security_api_key_cookie_description.py index d99d616e0..43f318700 100644 --- a/tests/test_security_api_key_cookie_description.py +++ b/tests/test_security_api_key_cookie_description.py @@ -32,8 +32,9 @@ def test_security_api_key(): def test_security_api_key_no_key(): client = TestClient(app) response = client.get("/users/me") - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == 'ApiKey name="key", in="cookie"' def test_openapi_schema(): diff --git a/tests/test_security_api_key_header.py b/tests/test_security_api_key_header.py index 1ff883703..2d488e59e 100644 --- a/tests/test_security_api_key_header.py +++ b/tests/test_security_api_key_header.py @@ -33,8 +33,9 @@ def test_security_api_key(): def test_security_api_key_no_key(): response = client.get("/users/me") - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == 'ApiKey name="key", in="header"' def test_openapi_schema(): diff --git a/tests/test_security_api_key_header_description.py b/tests/test_security_api_key_header_description.py index 27f9d0f29..6b8d9e56b 100644 --- a/tests/test_security_api_key_header_description.py +++ b/tests/test_security_api_key_header_description.py @@ -33,8 +33,9 @@ def test_security_api_key(): def test_security_api_key_no_key(): response = client.get("/users/me") - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == 'ApiKey name="key", in="header"' def test_openapi_schema(): diff --git a/tests/test_security_api_key_query.py b/tests/test_security_api_key_query.py index dc7a0a621..c214ffb83 100644 --- a/tests/test_security_api_key_query.py +++ b/tests/test_security_api_key_query.py @@ -33,8 +33,9 @@ def test_security_api_key(): def test_security_api_key_no_key(): response = client.get("/users/me") - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == 'ApiKey name="key", in="query"' def test_openapi_schema(): diff --git a/tests/test_security_api_key_query_description.py b/tests/test_security_api_key_query_description.py index 35dc7743a..d1c5c73c7 100644 --- a/tests/test_security_api_key_query_description.py +++ b/tests/test_security_api_key_query_description.py @@ -33,8 +33,9 @@ def test_security_api_key(): def test_security_api_key_no_key(): response = client.get("/users/me") - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == 'ApiKey name="key", in="query"' def test_openapi_schema(): diff --git a/tests/test_security_http_base.py b/tests/test_security_http_base.py index 51928bafd..8cf259a75 100644 --- a/tests/test_security_http_base.py +++ b/tests/test_security_http_base.py @@ -23,8 +23,9 @@ def test_security_http_base(): def test_security_http_base_no_credentials(): response = client.get("/users/me") - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == "Other" def test_openapi_schema(): diff --git a/tests/test_security_http_base_description.py b/tests/test_security_http_base_description.py index bc79f3242..20583c615 100644 --- a/tests/test_security_http_base_description.py +++ b/tests/test_security_http_base_description.py @@ -23,8 +23,9 @@ def test_security_http_base(): def test_security_http_base_no_credentials(): response = client.get("/users/me") - assert response.status_code == 403, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.status_code == 401, response.text + assert response.headers["WWW-Authenticate"] == "Other" def test_openapi_schema(): diff --git a/tests/test_security_http_bearer.py b/tests/test_security_http_bearer.py index 5b9e2d691..de4e0427a 100644 --- a/tests/test_security_http_bearer.py +++ b/tests/test_security_http_bearer.py @@ -23,14 +23,16 @@ def test_security_http_bearer(): def test_security_http_bearer_no_credentials(): response = client.get("/users/me") - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == "Bearer" def test_security_http_bearer_incorrect_scheme_credentials(): response = client.get("/users/me", headers={"Authorization": "Basic notreally"}) - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Invalid authentication credentials"} + assert response.headers["WWW-Authenticate"] == "Bearer" def test_openapi_schema(): diff --git a/tests/test_security_http_bearer_description.py b/tests/test_security_http_bearer_description.py index 2f11c3a14..f87df5434 100644 --- a/tests/test_security_http_bearer_description.py +++ b/tests/test_security_http_bearer_description.py @@ -23,14 +23,16 @@ def test_security_http_bearer(): def test_security_http_bearer_no_credentials(): response = client.get("/users/me") - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == "Bearer" def test_security_http_bearer_incorrect_scheme_credentials(): response = client.get("/users/me", headers={"Authorization": "Basic notreally"}) - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Invalid authentication credentials"} + assert response.headers["WWW-Authenticate"] == "Bearer" def test_openapi_schema(): diff --git a/tests/test_security_http_digest.py b/tests/test_security_http_digest.py index 133d35763..a195430d2 100644 --- a/tests/test_security_http_digest.py +++ b/tests/test_security_http_digest.py @@ -23,16 +23,18 @@ def test_security_http_digest(): def test_security_http_digest_no_credentials(): response = client.get("/users/me") - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == "Digest" def test_security_http_digest_incorrect_scheme_credentials(): response = client.get( "/users/me", headers={"Authorization": "Other invalidauthorization"} ) - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Invalid authentication credentials"} + assert response.headers["WWW-Authenticate"] == "Digest" def test_openapi_schema(): diff --git a/tests/test_security_http_digest_description.py b/tests/test_security_http_digest_description.py index 4e31a0c00..9e2d2c973 100644 --- a/tests/test_security_http_digest_description.py +++ b/tests/test_security_http_digest_description.py @@ -23,15 +23,17 @@ def test_security_http_digest(): def test_security_http_digest_no_credentials(): response = client.get("/users/me") - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == "Digest" def test_security_http_digest_incorrect_scheme_credentials(): response = client.get( "/users/me", headers={"Authorization": "Other invalidauthorization"} ) - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text + assert response.headers["WWW-Authenticate"] == "Digest" assert response.json() == {"detail": "Invalid authentication credentials"} diff --git a/tests/test_security_http_digest_optional.py b/tests/test_security_http_digest_optional.py index 1e6eb8bd7..7934d2eb3 100644 --- a/tests/test_security_http_digest_optional.py +++ b/tests/test_security_http_digest_optional.py @@ -37,8 +37,9 @@ def test_security_http_digest_incorrect_scheme_credentials(): response = client.get( "/users/me", headers={"Authorization": "Other invalidauthorization"} ) - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Invalid authentication credentials"} + assert response.headers["WWW-Authenticate"] == "Digest" def test_openapi_schema(): diff --git a/tests/test_security_oauth2.py b/tests/test_security_oauth2.py index 2b7e3457a..804e4152d 100644 --- a/tests/test_security_oauth2.py +++ b/tests/test_security_oauth2.py @@ -56,8 +56,9 @@ def test_security_oauth2_password_other_header(): def test_security_oauth2_password_bearer_no_header(): response = client.get("/users/me") - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == "Bearer" def test_strict_login_no_data(): diff --git a/tests/test_security_oauth2_authorization_code_bearer.py b/tests/test_security_oauth2_authorization_code_bearer.py index f2097b149..931fed6ec 100644 --- a/tests/test_security_oauth2_authorization_code_bearer.py +++ b/tests/test_security_oauth2_authorization_code_bearer.py @@ -23,12 +23,14 @@ def test_no_token(): response = client.get("/items") assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == "Bearer" def test_incorrect_token(): response = client.get("/items", headers={"Authorization": "Non-existent testtoken"}) assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == "Bearer" def test_token(): diff --git a/tests/test_security_oauth2_authorization_code_bearer_description.py b/tests/test_security_oauth2_authorization_code_bearer_description.py index 5386fbbd9..637008e84 100644 --- a/tests/test_security_oauth2_authorization_code_bearer_description.py +++ b/tests/test_security_oauth2_authorization_code_bearer_description.py @@ -26,12 +26,14 @@ def test_no_token(): response = client.get("/items") assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == "Bearer" def test_incorrect_token(): response = client.get("/items", headers={"Authorization": "Non-existent testtoken"}) assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == "Bearer" def test_token(): diff --git a/tests/test_security_openid_connect.py b/tests/test_security_openid_connect.py index 1e322e640..c9a0a8db7 100644 --- a/tests/test_security_openid_connect.py +++ b/tests/test_security_openid_connect.py @@ -39,8 +39,9 @@ def test_security_oauth2_password_other_header(): def test_security_oauth2_password_bearer_no_header(): response = client.get("/users/me") - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == "Bearer" def test_openapi_schema(): diff --git a/tests/test_security_openid_connect_description.py b/tests/test_security_openid_connect_description.py index 44cf57f86..d008cbc63 100644 --- a/tests/test_security_openid_connect_description.py +++ b/tests/test_security_openid_connect_description.py @@ -41,8 +41,9 @@ def test_security_oauth2_password_other_header(): def test_security_oauth2_password_bearer_no_header(): response = client.get("/users/me") - assert response.status_code == 403, response.text + assert response.status_code == 401, response.text assert response.json() == {"detail": "Not authenticated"} + assert response.headers["WWW-Authenticate"] == "Bearer" def test_openapi_schema(): From 50f9745c5c74a9129b39b180f27b9c699070a5c6 Mon Sep 17 00:00:00 2001 From: Manish <88748362+manraut@users.noreply.github.com> Date: Thu, 6 Feb 2025 18:49:57 +0530 Subject: [PATCH 3/7] fix(security): store scheme directly in HTTPBase for WWW-Authenticate header --- fastapi/security/http.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fastapi/security/http.py b/fastapi/security/http.py index d61d07887..a5721ffdd 100644 --- a/fastapi/security/http.py +++ b/fastapi/security/http.py @@ -78,6 +78,7 @@ class HTTPBase(SecurityBase): self.model = HTTPBaseModel(scheme=scheme, description=description) self.scheme_name = scheme_name or self.__class__.__name__ self.auto_error = auto_error + self.scheme = scheme async def __call__( self, request: Request @@ -90,7 +91,7 @@ class HTTPBase(SecurityBase): raise HTTPException( status_code=HTTP_401_UNAUTHORIZED, detail="Not authenticated", - headers={"WWW-Authenticate": self.model.scheme}, + headers={"WWW-Authenticate": self.scheme}, ) else: From c12ad4542ef1de4edc163c83ea9d45d2ba665def Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Mon, 3 Mar 2025 07:41:24 +0000 Subject: [PATCH 4/7] =?UTF-8?q?=F0=9F=8E=A8=20[pre-commit.ci]=20Auto=20for?= =?UTF-8?q?mat=20from=20pre-commit.com=20hooks?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- fastapi/security/http.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fastapi/security/http.py b/fastapi/security/http.py index 24b0a7be0..9f17a600e 100644 --- a/fastapi/security/http.py +++ b/fastapi/security/http.py @@ -430,6 +430,6 @@ class HTTPDigest(HTTPBase): headers={"WWW-Authenticate": "Digest"}, ) else: - return None + return None return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials) From bfa95a6180cec10ef669b7a438e75bd59e2cf2e4 Mon Sep 17 00:00:00 2001 From: Manish <88748362+mnshai@users.noreply.github.com> Date: Mon, 3 Mar 2025 14:30:25 +0530 Subject: [PATCH 5/7] refactor: simplify auth_header generation in API key authentication --- fastapi/security/api_key.py | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/fastapi/security/api_key.py b/fastapi/security/api_key.py index a0c34caed..943877c8f 100644 --- a/fastapi/security/api_key.py +++ b/fastapi/security/api_key.py @@ -15,13 +15,7 @@ class APIKeyBase(SecurityBase): ) -> Optional[str]: if not api_key: if auto_error: - # Customize header based on where the API key should be - auth_header = { - APIKeyIn.query: f'ApiKey name="{key_name}", in="query"', - APIKeyIn.header: f'ApiKey name="{key_name}", in="header"', - APIKeyIn.cookie: f'ApiKey name="{key_name}", in="cookie"', - }.get(key_in, "ApiKey") - + auth_header = f'ApiKey name="{key_name}", in="{key_in.value}"' raise HTTPException( status_code=HTTP_401_UNAUTHORIZED, detail="Not authenticated", From 41de2dc4332f5a86a0508de397bd154b3485c651 Mon Sep 17 00:00:00 2001 From: Manish <88748362+mnshai@users.noreply.github.com> Date: Mon, 3 Mar 2025 14:50:18 +0530 Subject: [PATCH 6/7] refactor: remove debug print statement --- fastapi/security/http.py | 1 - 1 file changed, 1 deletion(-) diff --git a/fastapi/security/http.py b/fastapi/security/http.py index 9f17a600e..d9de1f0d7 100644 --- a/fastapi/security/http.py +++ b/fastapi/security/http.py @@ -87,7 +87,6 @@ class HTTPBase(SecurityBase): scheme, credentials = get_authorization_scheme_param(authorization) if not (authorization and scheme and credentials): if self.auto_error: - print(scheme) raise HTTPException( status_code=HTTP_401_UNAUTHORIZED, detail="Not authenticated", From 615df05bf14c65172866c510facdc7ea7a1feb8f Mon Sep 17 00:00:00 2001 From: Manish <88748362+mnshai@users.noreply.github.com> Date: Mon, 3 Mar 2025 22:59:43 +0530 Subject: [PATCH 7/7] refactor: update authentication scheme handling in HTTPBase --- fastapi/security/http.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/fastapi/security/http.py b/fastapi/security/http.py index d9de1f0d7..e26d85932 100644 --- a/fastapi/security/http.py +++ b/fastapi/security/http.py @@ -75,10 +75,11 @@ class HTTPBase(SecurityBase): description: Optional[str] = None, auto_error: bool = True, ): - self.model = HTTPBaseModel(scheme=scheme, description=description) + self.model: HTTPBaseModel = HTTPBaseModel( + scheme=scheme, description=description + ) self.scheme_name = scheme_name or self.__class__.__name__ self.auto_error = auto_error - self.scheme = scheme async def __call__( self, request: Request @@ -90,7 +91,7 @@ class HTTPBase(SecurityBase): raise HTTPException( status_code=HTTP_401_UNAUTHORIZED, detail="Not authenticated", - headers={"WWW-Authenticate": self.scheme}, + headers={"WWW-Authenticate": self.model.scheme}, ) else: