committed by
GitHub
2 changed files with 101 additions and 36 deletions
@ -0,0 +1,78 @@ |
|||
from typing import Union |
|||
|
|||
from fastapi import FastAPI, HTTPException, Security |
|||
from fastapi.security import ( |
|||
OAuth2PasswordBearer, |
|||
SecurityScopes, |
|||
) |
|||
from fastapi.testclient import TestClient |
|||
from typing_extensions import Annotated |
|||
|
|||
app = FastAPI() |
|||
|
|||
oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token") |
|||
|
|||
|
|||
def process_auth( |
|||
credentials: Annotated[Union[str, None], Security(oauth2_scheme)], |
|||
security_scopes: SecurityScopes, |
|||
): |
|||
# This is an incorrect way of using it, this is not checking if the scopes are |
|||
# provided by the token, only if the endpoint is requesting them, but the test |
|||
# here is just to check if FastAPI is indeed registering and passing the scopes |
|||
# correctly when using Security with parameterless dependencies. |
|||
if "a" not in security_scopes.scopes or "b" not in security_scopes.scopes: |
|||
raise HTTPException(detail="a or b not in scopes", status_code=401) |
|||
return {"token": credentials, "scopes": security_scopes.scopes} |
|||
|
|||
|
|||
@app.get("/get-credentials") |
|||
def get_credentials( |
|||
credentials: Annotated[dict, Security(process_auth, scopes=["a", "b"])], |
|||
): |
|||
return credentials |
|||
|
|||
|
|||
@app.get( |
|||
"/parameterless-with-scopes", |
|||
dependencies=[Security(process_auth, scopes=["a", "b"])], |
|||
) |
|||
def get_parameterless_with_scopes(): |
|||
return {"status": "ok"} |
|||
|
|||
|
|||
@app.get( |
|||
"/parameterless-without-scopes", |
|||
dependencies=[Security(process_auth)], |
|||
) |
|||
def get_parameterless_without_scopes(): |
|||
return {"status": "ok"} |
|||
|
|||
|
|||
client = TestClient(app) |
|||
|
|||
|
|||
def test_get_credentials(): |
|||
response = client.get("/get-credentials", headers={"authorization": "Bearer token"}) |
|||
assert response.status_code == 200, response.text |
|||
assert response.json() == {"token": "token", "scopes": ["a", "b"]} |
|||
|
|||
|
|||
def test_parameterless_with_scopes(): |
|||
response = client.get( |
|||
"/parameterless-with-scopes", headers={"authorization": "Bearer token"} |
|||
) |
|||
assert response.status_code == 200, response.text |
|||
assert response.json() == {"status": "ok"} |
|||
|
|||
|
|||
def test_parameterless_without_scopes(): |
|||
response = client.get( |
|||
"/parameterless-without-scopes", headers={"authorization": "Bearer token"} |
|||
) |
|||
assert response.status_code == 401, response.text |
|||
assert response.json() == {"detail": "a or b not in scopes"} |
|||
|
|||
|
|||
def test_call_get_parameterless_without_scopes_for_coverage(): |
|||
assert get_parameterless_without_scopes() == {"status": "ok"} |
|||
Loading…
Reference in new issue