🐛 Fix cached dependencies when using a dependency in `Security()` and other places (e.g. `Depends()`) with different OAuth2 scopes (#2945)

Co-authored-by: Sebastián Ramírez <[email protected]>
3 years ago · b993b4af28
2 changed files with 31 additions and 4 deletions
--- a/fastapi/dependencies/utils.py
+++ b/fastapi/dependencies/utils.py
@ -161,7 +161,6 @@ def get_sub_dependant(
    )
    if security_requirement:
        sub_dependant.security_requirements.append(security_requirement)
-    sub_dependant.security_scopes = security_scopes
    return sub_dependant


@ -278,7 +277,13 @@ def get_dependant(
    path_param_names = get_path_param_names(path)
    endpoint_signature = get_typed_signature(call)
    signature_params = endpoint_signature.parameters
-    dependant = Dependant(call=call, name=name, path=path, use_cache=use_cache)
+    dependant = Dependant(
+        call=call,
+        name=name,
+        path=path,
+        security_scopes=security_scopes,
+        use_cache=use_cache,
+    )
    for param_name, param in signature_params.items():
        if isinstance(param.default, params.Depends):
            sub_dependant = get_param_sub_dependant(
@ -495,7 +500,6 @@ async def solve_dependencies(
                name=sub_dependant.name,
                security_scopes=sub_dependant.security_scopes,
            )
-            use_sub_dependant.security_scopes = sub_dependant.security_scopes

        solved_result = await solve_dependencies(
            request=request,
--- a/tests/test_dependency_cache.py
+++ b/tests/test_dependency_cache.py
@ -1,4 +1,4 @@
-from fastapi import Depends, FastAPI
+from fastapi import Depends, FastAPI, Security
 from fastapi.testclient import TestClient

 app = FastAPI()
@ -35,6 +35,19 @@ async def get_sub_counter_no_cache(
    return {"counter": count, "subcounter": subcount}


+@app.get("/scope-counter")
+async def get_scope_counter(
+    count: int = Security(dep_counter),
+    scope_count_1: int = Security(dep_counter, scopes=["scope"]),
+    scope_count_2: int = Security(dep_counter, scopes=["scope"]),
+):
+    return {
+        "counter": count,
+        "scope_counter_1": scope_count_1,
+        "scope_counter_2": scope_count_2,
+    }
+
+
 client = TestClient(app)


@ -66,3 +79,13 @@ def test_sub_counter_no_cache():
    response = client.get("/sub-counter-no-cache/")
    assert response.status_code == 200, response.text
    assert response.json() == {"counter": 4, "subcounter": 3}
+
+
+def test_security_cache():
+    counter_holder["counter"] = 0
+    response = client.get("/scope-counter/")
+    assert response.status_code == 200, response.text
+    assert response.json() == {"counter": 1, "scope_counter_1": 2, "scope_counter_2": 2}
+    response = client.get("/scope-counter/")
+    assert response.status_code == 200, response.text
+    assert response.json() == {"counter": 3, "scope_counter_1": 4, "scope_counter_2": 4}