Browse Source

Fix: Make Basic Auth realm required per RFC 7235

pull/14384/head
kumarvishwajeettrivedi 8 months ago
parent
commit
a053ad6bea
  1. 2
      docs_src/security/tutorial006.py
  2. 2
      docs_src/security/tutorial006_an.py
  3. 2
      docs_src/security/tutorial006_an_py39.py
  4. 4
      fastapi/security/http.py
  5. 6
      tests/test_security_http_basic_optional.py
  6. 6
      tests/test_tutorial/test_security/test_tutorial006.py

2
docs_src/security/tutorial006.py

@ -3,7 +3,7 @@ from fastapi.security import HTTPBasic, HTTPBasicCredentials
app = FastAPI()
security = HTTPBasic()
security = HTTPBasic(realm="simple")
@app.get("/users/me")

2
docs_src/security/tutorial006_an.py

@ -4,7 +4,7 @@ from typing_extensions import Annotated
app = FastAPI()
security = HTTPBasic()
security = HTTPBasic(realm="simple")
@app.get("/users/me")

2
docs_src/security/tutorial006_an_py39.py

@ -5,7 +5,7 @@ from fastapi.security import HTTPBasic, HTTPBasicCredentials
app = FastAPI()
security = HTTPBasic()
security = HTTPBasic(realm="simple")
@app.get("/users/me")

4
fastapi/security/http.py

@ -142,13 +142,13 @@ class HTTPBasic(HTTPBase):
),
] = None,
realm: Annotated[
Optional[str],
str,
Doc(
"""
HTTP Basic authentication realm.
"""
),
] = None,
],
description: Annotated[
Optional[str],
Doc(

6
tests/test_security_http_basic_optional.py

@ -7,7 +7,7 @@ from fastapi.testclient import TestClient
app = FastAPI()
security = HTTPBasic(auto_error=False)
security = HTTPBasic(realm="simple", auto_error=False)
@app.get("/users/me")
@ -37,7 +37,7 @@ def test_security_http_basic_invalid_credentials():
"/users/me", headers={"Authorization": "Basic notabase64token"}
)
assert response.status_code == 401, response.text
assert response.headers["WWW-Authenticate"] == "Basic"
assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'
assert response.json() == {"detail": "Invalid authentication credentials"}
@ -46,7 +46,7 @@ def test_security_http_basic_non_basic_credentials():
auth_header = f"Basic {payload}"
response = client.get("/users/me", headers={"Authorization": auth_header})
assert response.status_code == 401, response.text
assert response.headers["WWW-Authenticate"] == "Basic"
assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'
assert response.json() == {"detail": "Invalid authentication credentials"}

6
tests/test_tutorial/test_security/test_tutorial006.py

@ -32,7 +32,7 @@ def test_security_http_basic_no_credentials(client: TestClient):
response = client.get("/users/me")
assert response.json() == {"detail": "Not authenticated"}
assert response.status_code == 401, response.text
assert response.headers["WWW-Authenticate"] == "Basic"
assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'
def test_security_http_basic_invalid_credentials(client: TestClient):
@ -40,7 +40,7 @@ def test_security_http_basic_invalid_credentials(client: TestClient):
"/users/me", headers={"Authorization": "Basic notabase64token"}
)
assert response.status_code == 401, response.text
assert response.headers["WWW-Authenticate"] == "Basic"
assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'
assert response.json() == {"detail": "Invalid authentication credentials"}
@ -49,7 +49,7 @@ def test_security_http_basic_non_basic_credentials(client: TestClient):
auth_header = f"Basic {payload}"
response = client.get("/users/me", headers={"Authorization": auth_header})
assert response.status_code == 401, response.text
assert response.headers["WWW-Authenticate"] == "Basic"
assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'
assert response.json() == {"detail": "Invalid authentication credentials"}

Loading…
Cancel
Save