From 7dd881334d6bdd582a2529b0ed5d05b0484f969a Mon Sep 17 00:00:00 2001
From: Andrew <amacfie@sent.com>
Date: Sun, 14 Jun 2020 11:54:46 -0400
Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fix=20testing=20security=20scope?=
 =?UTF-8?q?s=20when=20using=20dependency=20overrides=20(#1549)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-authored-by: Sebastián Ramírez <tiangolo@gmail.com>
---
 fastapi/dependencies/utils.py               |  1 +
 tests/test_dependency_security_overrides.py | 65 +++++++++++++++++++++
 2 files changed, 66 insertions(+)
 create mode 100644 tests/test_dependency_security_overrides.py

diff --git a/fastapi/dependencies/utils.py b/fastapi/dependencies/utils.py
index 493977355..e7896f491 100644
--- a/fastapi/dependencies/utils.py
+++ b/fastapi/dependencies/utils.py
@@ -500,6 +500,7 @@ async def solve_dependencies(
                 name=sub_dependant.name,
                 security_scopes=sub_dependant.security_scopes,
             )
+            use_sub_dependant.security_scopes = sub_dependant.security_scopes
 
         solved_result = await solve_dependencies(
             request=request,
diff --git a/tests/test_dependency_security_overrides.py b/tests/test_dependency_security_overrides.py
new file mode 100644
index 000000000..b89d82db4
--- /dev/null
+++ b/tests/test_dependency_security_overrides.py
@@ -0,0 +1,65 @@
+from typing import List, Tuple
+
+from fastapi import Depends, FastAPI, Security
+from fastapi.security import SecurityScopes
+from fastapi.testclient import TestClient
+
+app = FastAPI()
+
+
+def get_user(required_scopes: SecurityScopes):
+    return "john", required_scopes.scopes
+
+
+def get_user_override(required_scopes: SecurityScopes):
+    return "alice", required_scopes.scopes
+
+
+def get_data():
+    return [1, 2, 3]
+
+
+def get_data_override():
+    return [3, 4, 5]
+
+
+@app.get("/user")
+def read_user(
+    user_data: Tuple[str, List[str]] = Security(get_user, scopes=["foo", "bar"]),
+    data: List[int] = Depends(get_data),
+):
+    return {"user": user_data[0], "scopes": user_data[1], "data": data}
+
+
+client = TestClient(app)
+
+
+def test_normal():
+    response = client.get("/user")
+    assert response.json() == {
+        "user": "john",
+        "scopes": ["foo", "bar"],
+        "data": [1, 2, 3],
+    }
+
+
+def test_override_data():
+    app.dependency_overrides[get_data] = get_data_override
+    response = client.get("/user")
+    assert response.json() == {
+        "user": "john",
+        "scopes": ["foo", "bar"],
+        "data": [3, 4, 5],
+    }
+    app.dependency_overrides = {}
+
+
+def test_override_security():
+    app.dependency_overrides[get_user] = get_user_override
+    response = client.get("/user")
+    assert response.json() == {
+        "user": "alice",
+        "scopes": ["foo", "bar"],
+        "data": [1, 2, 3],
+    }
+    app.dependency_overrides = {}