mirror
/
tiangolo.fastapi
mirror of https://github.com/tiangolo/fastapi
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

🐛 Fix `OAuth2PasswordRequestForm` and `OAuth2PasswordRequestFormStrict` fixed `grant_type` "password" RegEx (#9783) 

Co-authored-by: pre-commit-ci[bot] <66853113+pre-commit-ci[bot]@users.noreply.github.com>
Co-authored-by: Alejandra <[email protected]>
Co-authored-by: Sofie Van Landeghem <[email protected]>
Co-authored-by: svlandeg <[email protected]>
Co-authored-by: Sebastián Ramírez <[email protected]>
pull/13285/head
Rahul Pai 2 months ago
committed by GitHub
parent
43d9a4d2b1
commit
d5ecbaceae
No known key found for this signature in database GPG Key ID: B5690EEEBB952194
6 changed files with 57 additions and 30 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      fastapi/security/oauth2.py
  2. 25
      tests/test_security_oauth2.py
  3. 25
      tests/test_security_oauth2_optional.py
  4. 25
      tests/test_security_oauth2_optional_description.py
  5. 4
      tests/test_tutorial/test_security/test_tutorial003.py
  6. 4
      tests/test_tutorial/test_security/test_tutorial005.py

4
fastapi/security/oauth2.py
View File

@ -63,7 +63,7 @@ class OAuth2PasswordRequestForm:
*, *,
grant_type: Annotated[ grant_type: Annotated[
Union[str, None], Union[str, None],
Form(pattern="password"), Form(pattern="^password$"),
Doc( Doc(
""" """
The OAuth2 spec says it is required and MUST be the fixed string The OAuth2 spec says it is required and MUST be the fixed string
@ -217,7 +217,7 @@ class OAuth2PasswordRequestFormStrict(OAuth2PasswordRequestForm):
self, self,
grant_type: Annotated[ grant_type: Annotated[
str, str,
Form(pattern="password"), Form(pattern="^password$"),
Doc( Doc(
""" """
The OAuth2 spec says it is required and MUST be the fixed string The OAuth2 spec says it is required and MUST be the fixed string

25
tests/test_security_oauth2.py
View File

@ -1,3 +1,4 @@
import pytest
from dirty_equals import IsDict from dirty_equals import IsDict
from fastapi import Depends, FastAPI, Security from fastapi import Depends, FastAPI, Security
from fastapi.security import OAuth2, OAuth2PasswordRequestFormStrict from fastapi.security import OAuth2, OAuth2PasswordRequestFormStrict
@ -137,10 +138,18 @@ def test_strict_login_no_grant_type():
) )
def test_strict_login_incorrect_grant_type(): @pytest.mark.parametrize(
argnames=["grant_type"],
argvalues=[
pytest.param("incorrect", id="incorrect value"),
pytest.param("passwordblah", id="password with suffix"),
pytest.param("blahpassword", id="password with prefix"),
],
)
def test_strict_login_incorrect_grant_type(grant_type: str):
response = client.post( response = client.post(
"/login", "/login",
data={"username": "johndoe", "password": "secret", "grant_type": "incorrect"}, data={"username": "johndoe", "password": "secret", "grant_type": grant_type},
) )
assert response.status_code == 422 assert response.status_code == 422
assert response.json() == IsDict( assert response.json() == IsDict(
@ -149,9 +158,9 @@ def test_strict_login_incorrect_grant_type():
{ {
"type": "string_pattern_mismatch", "type": "string_pattern_mismatch",
"loc": ["body", "grant_type"], "loc": ["body", "grant_type"],
"msg": "String should match pattern 'password'", "msg": "String should match pattern '^password$'",
"input": "incorrect", "input": grant_type,
"ctx": {"pattern": "password"}, "ctx": {"pattern": "^password$"},
} }
] ]
} }
@ -161,9 +170,9 @@ def test_strict_login_incorrect_grant_type():
"detail": [ "detail": [
{ {
"loc": ["body", "grant_type"], "loc": ["body", "grant_type"],
"msg": 'string does not match regex "password"', "msg": 'string does not match regex "^password$"',
"type": "value_error.str.regex", "type": "value_error.str.regex",
"ctx": {"pattern": "password"}, "ctx": {"pattern": "^password$"},
} }
] ]
} }
@ -248,7 +257,7 @@ def test_openapi_schema():
"properties": { "properties": {
"grant_type": { "grant_type": {
"title": "Grant Type", "title": "Grant Type",
"pattern": "password", "pattern": "^password$",
"type": "string", "type": "string",
}, },
"username": {"title": "Username", "type": "string"}, "username": {"title": "Username", "type": "string"},

25
tests/test_security_oauth2_optional.py
View File

@ -1,5 +1,6 @@
from typing import Optional from typing import Optional
import pytest
from dirty_equals import IsDict from dirty_equals import IsDict
from fastapi import Depends, FastAPI, Security from fastapi import Depends, FastAPI, Security
from fastapi.security import OAuth2, OAuth2PasswordRequestFormStrict from fastapi.security import OAuth2, OAuth2PasswordRequestFormStrict
@ -141,10 +142,18 @@ def test_strict_login_no_grant_type():
) )
def test_strict_login_incorrect_grant_type(): @pytest.mark.parametrize(
argnames=["grant_type"],
argvalues=[
pytest.param("incorrect", id="incorrect value"),
pytest.param("passwordblah", id="password with suffix"),
pytest.param("blahpassword", id="password with prefix"),
],
)
def test_strict_login_incorrect_grant_type(grant_type: str):
response = client.post( response = client.post(
"/login", "/login",
data={"username": "johndoe", "password": "secret", "grant_type": "incorrect"}, data={"username": "johndoe", "password": "secret", "grant_type": grant_type},
) )
assert response.status_code == 422 assert response.status_code == 422
assert response.json() == IsDict( assert response.json() == IsDict(
@ -153,9 +162,9 @@ def test_strict_login_incorrect_grant_type():
{ {
"type": "string_pattern_mismatch", "type": "string_pattern_mismatch",
"loc": ["body", "grant_type"], "loc": ["body", "grant_type"],
"msg": "String should match pattern 'password'", "msg": "String should match pattern '^password$'",
"input": "incorrect", "input": grant_type,
"ctx": {"pattern": "password"}, "ctx": {"pattern": "^password$"},
} }
] ]
} }
@ -165,9 +174,9 @@ def test_strict_login_incorrect_grant_type():
"detail": [ "detail": [
{ {
"loc": ["body", "grant_type"], "loc": ["body", "grant_type"],
"msg": 'string does not match regex "password"', "msg": 'string does not match regex "^password$"',
"type": "value_error.str.regex", "type": "value_error.str.regex",
"ctx": {"pattern": "password"}, "ctx": {"pattern": "^password$"},
} }
] ]
} }
@ -252,7 +261,7 @@ def test_openapi_schema():
"properties": { "properties": {
"grant_type": { "grant_type": {
"title": "Grant Type", "title": "Grant Type",
"pattern": "password", "pattern": "^password$",
"type": "string", "type": "string",
}, },
"username": {"title": "Username", "type": "string"}, "username": {"title": "Username", "type": "string"},

25
tests/test_security_oauth2_optional_description.py
View File

@ -1,5 +1,6 @@
from typing import Optional from typing import Optional
import pytest
from dirty_equals import IsDict from dirty_equals import IsDict
from fastapi import Depends, FastAPI, Security from fastapi import Depends, FastAPI, Security
from fastapi.security import OAuth2, OAuth2PasswordRequestFormStrict from fastapi.security import OAuth2, OAuth2PasswordRequestFormStrict
@ -142,10 +143,18 @@ def test_strict_login_no_grant_type():
) )
def test_strict_login_incorrect_grant_type(): @pytest.mark.parametrize(
argnames=["grant_type"],
argvalues=[
pytest.param("incorrect", id="incorrect value"),
pytest.param("passwordblah", id="password with suffix"),
pytest.param("blahpassword", id="password with prefix"),
],
)
def test_strict_login_incorrect_grant_type(grant_type: str):
response = client.post( response = client.post(
"/login", "/login",
data={"username": "johndoe", "password": "secret", "grant_type": "incorrect"}, data={"username": "johndoe", "password": "secret", "grant_type": grant_type},
) )
assert response.status_code == 422 assert response.status_code == 422
assert response.json() == IsDict( assert response.json() == IsDict(
@ -154,9 +163,9 @@ def test_strict_login_incorrect_grant_type():
{ {
"type": "string_pattern_mismatch", "type": "string_pattern_mismatch",
"loc": ["body", "grant_type"], "loc": ["body", "grant_type"],
"msg": "String should match pattern 'password'", "msg": "String should match pattern '^password$'",
"input": "incorrect", "input": grant_type,
"ctx": {"pattern": "password"}, "ctx": {"pattern": "^password$"},
} }
] ]
} }
@ -166,9 +175,9 @@ def test_strict_login_incorrect_grant_type():
"detail": [ "detail": [
{ {
"loc": ["body", "grant_type"], "loc": ["body", "grant_type"],
"msg": 'string does not match regex "password"', "msg": 'string does not match regex "^password$"',
"type": "value_error.str.regex", "type": "value_error.str.regex",
"ctx": {"pattern": "password"}, "ctx": {"pattern": "^password$"},
} }
] ]
} }
@ -253,7 +262,7 @@ def test_openapi_schema():
"properties": { "properties": {
"grant_type": { "grant_type": {
"title": "Grant Type", "title": "Grant Type",
"pattern": "password", "pattern": "^password$",
"type": "string", "type": "string",
}, },
"username": {"title": "Username", "type": "string"}, "username": {"title": "Username", "type": "string"},

4
tests/test_tutorial/test_security/test_tutorial003.py
View File

@ -149,7 +149,7 @@ def test_openapi_schema(client: TestClient):
{ {
"title": "Grant Type", "title": "Grant Type",
"anyOf": [ "anyOf": [
{"pattern": "password", "type": "string"}, {"pattern": "^password$", "type": "string"},
{"type": "null"}, {"type": "null"},
], ],
} }
@ -158,7 +158,7 @@ def test_openapi_schema(client: TestClient):
# TODO: remove when deprecating Pydantic v1 # TODO: remove when deprecating Pydantic v1
{ {
"title": "Grant Type", "title": "Grant Type",
"pattern": "password", "pattern": "^password$",
"type": "string", "type": "string",
} }
), ),

4
tests/test_tutorial/test_security/test_tutorial005.py
View File

@ -363,7 +363,7 @@ def test_openapi_schema(mod: ModuleType):
{ {
"title": "Grant Type", "title": "Grant Type",
"anyOf": [ "anyOf": [
{"pattern": "password", "type": "string"}, {"pattern": "^password$", "type": "string"},
{"type": "null"}, {"type": "null"},
], ],
} }
@ -372,7 +372,7 @@ def test_openapi_schema(mod: ModuleType):
# TODO: remove when deprecating Pydantic v1 # TODO: remove when deprecating Pydantic v1
{ {
"title": "Grant Type", "title": "Grant Type",
"pattern": "password", "pattern": "^password$",
"type": "string", "type": "string",
} }
), ),

Write Preview
Loading…
Cancel
Save