diff --git a/tests/test_tutorial/test_security/test_tutorial006.py b/tests/test_tutorial/test_security/test_tutorial006.py index a4b3104bb..cca14fa65 100644 --- a/tests/test_tutorial/test_security/test_tutorial006.py +++ b/tests/test_tutorial/test_security/test_tutorial006.py @@ -27,17 +27,22 @@ def test_security_http_basic(client: TestClient): def test_security_http_basic_no_credentials(client: TestClient): response = client.get("/users/me") + www_auth = response.headers["WWW-Authenticate"] assert response.json() == {"detail": "Not authenticated"} assert response.status_code == 401, response.text - assert response.headers["WWW-Authenticate"] == "Basic" + assert www_auth.lower().startswith("basic") + assert 'realm="' in www_auth.lower() + def test_security_http_basic_invalid_credentials(client: TestClient): response = client.get( "/users/me", headers={"Authorization": "Basic notabase64token"} ) + www_auth = response.headers["WWW-Authenticate"] assert response.status_code == 401, response.text - assert response.headers["WWW-Authenticate"] == "Basic" + assert www_auth.lower().startswith("basic") + assert 'realm="' in www_auth.lower() assert response.json() == {"detail": "Not authenticated"} @@ -45,8 +50,10 @@ def test_security_http_basic_non_basic_credentials(client: TestClient): payload = b64encode(b"johnsecret").decode("ascii") auth_header = f"Basic {payload}" response = client.get("/users/me", headers={"Authorization": auth_header}) + www_auth = response.headers["WWW-Authenticate"] assert response.status_code == 401, response.text - assert response.headers["WWW-Authenticate"] == "Basic" + assert www_auth.lower().startswith("basic") + assert 'realm="' in www_auth.lower() assert response.json() == {"detail": "Not authenticated"} diff --git a/tests/test_tutorial/test_security/test_tutorial007.py b/tests/test_tutorial/test_security/test_tutorial007.py index 28b70a2d4..a4fe8fd86 100644 --- a/tests/test_tutorial/test_security/test_tutorial007.py +++ b/tests/test_tutorial/test_security/test_tutorial007.py @@ -25,17 +25,21 @@ def test_security_http_basic(client: TestClient): def test_security_http_basic_no_credentials(client: TestClient): response = client.get("/users/me") + www_auth = response.headers["WWW-Authenticate"] + assert www_auth.lower().startswith("basic") + assert 'realm="' in www_auth.lower() assert response.json() == {"detail": "Not authenticated"} assert response.status_code == 401, response.text - assert response.headers["WWW-Authenticate"] == "Basic" def test_security_http_basic_invalid_credentials(client: TestClient): response = client.get( "/users/me", headers={"Authorization": "Basic notabase64token"} ) + www_auth = response.headers["WWW-Authenticate"] + assert www_auth.lower().startswith("basic") + assert 'realm="' in www_auth.lower() assert response.status_code == 401, response.text - assert response.headers["WWW-Authenticate"] == "Basic" assert response.json() == {"detail": "Not authenticated"} @@ -43,23 +47,29 @@ def test_security_http_basic_non_basic_credentials(client: TestClient): payload = b64encode(b"johnsecret").decode("ascii") auth_header = f"Basic {payload}" response = client.get("/users/me", headers={"Authorization": auth_header}) + www_auth = response.headers["WWW-Authenticate"] + assert www_auth.lower().startswith("basic") + assert 'realm="' in www_auth.lower() assert response.status_code == 401, response.text - assert response.headers["WWW-Authenticate"] == "Basic" assert response.json() == {"detail": "Not authenticated"} def test_security_http_basic_invalid_username(client: TestClient): response = client.get("/users/me", auth=("alice", "swordfish")) + www_auth = response.headers["WWW-Authenticate"] + assert www_auth.lower().startswith("basic") + assert 'realm="' in www_auth.lower() assert response.status_code == 401, response.text assert response.json() == {"detail": "Incorrect username or password"} - assert response.headers["WWW-Authenticate"] == "Basic" def test_security_http_basic_invalid_password(client: TestClient): response = client.get("/users/me", auth=("stanleyjobson", "wrongpassword")) + www_auth = response.headers["WWW-Authenticate"] + assert www_auth.lower().startswith("basic") + assert 'realm="' in www_auth.lower() assert response.status_code == 401, response.text assert response.json() == {"detail": "Incorrect username or password"} - assert response.headers["WWW-Authenticate"] == "Basic" def test_openapi_schema(client: TestClient):