From d2cb0f73dfcc0e2ba4eb3be7429f5bd192b5a0fb Mon Sep 17 00:00:00 2001 From: Suren Khorenyan Date: Fri, 15 Jul 2022 11:11:22 +0300 Subject: [PATCH 1/4] Allow to set custom auto error detail Allow to set custom auto error detail for HTTP Security dependencies --- fastapi/security/http.py | 47 +++++++++++++++++++++++++++++++++++++--- 1 file changed, 44 insertions(+), 3 deletions(-) diff --git a/fastapi/security/http.py b/fastapi/security/http.py index 738455de3..17273d91e 100644 --- a/fastapi/security/http.py +++ b/fastapi/security/http.py @@ -178,11 +178,24 @@ class HTTPBasic(HTTPBase): """ ), ] = True, + auto_error_detail: Annotated[ + str, + Doc( + """ + The text to be returned to the client when `auto_error` + raises an HTTP exception. + + It useful when you have multiple errors defined: set + different detail text to easily differentiate which error was raised. + """ + ), + ] = "Not authenticated", ): self.model = HTTPBaseModel(scheme="basic", description=description) self.scheme_name = scheme_name or self.__class__.__name__ self.realm = realm self.auto_error = auto_error + self.auto_error_detail = auto_error_detail async def __call__( # type: ignore self, request: Request @@ -197,7 +210,7 @@ class HTTPBasic(HTTPBase): if self.auto_error: raise HTTPException( status_code=HTTP_401_UNAUTHORIZED, - detail="Not authenticated", + detail=self.auto_error_detail, headers=unauthorized_headers, ) else: @@ -293,10 +306,23 @@ class HTTPBearer(HTTPBase): """ ), ] = True, + auto_error_detail: Annotated[ + str, + Doc( + """ + The text to be returned to the client when `auto_error` + raises an HTTP exception. + + It useful when you have multiple errors defined: set + different detail text to easily differentiate which error was raised. + """ + ), + ] = "Not authenticated", ): self.model = HTTPBearerModel(bearerFormat=bearerFormat, description=description) self.scheme_name = scheme_name or self.__class__.__name__ self.auto_error = auto_error + self.auto_error_detail = auto_error_detail async def __call__( self, request: Request @@ -306,7 +332,8 @@ class HTTPBearer(HTTPBase): if not (authorization and scheme and credentials): if self.auto_error: raise HTTPException( - status_code=HTTP_403_FORBIDDEN, detail="Not authenticated" + status_code=HTTP_403_FORBIDDEN, + detail=self.auto_error_detail, ) else: return None @@ -395,10 +422,23 @@ class HTTPDigest(HTTPBase): """ ), ] = True, + auto_error_detail: Annotated[ + str, + Doc( + """ + The text to be returned to the client when `auto_error` + raises an HTTP exception. + + It useful when you have multiple errors defined: set + different detail text to easily differentiate which error was raised. + """ + ), + ] = "Not authenticated", ): self.model = HTTPBaseModel(scheme="digest", description=description) self.scheme_name = scheme_name or self.__class__.__name__ self.auto_error = auto_error + self.auto_error_detail = auto_error_detail async def __call__( self, request: Request @@ -408,7 +448,8 @@ class HTTPDigest(HTTPBase): if not (authorization and scheme and credentials): if self.auto_error: raise HTTPException( - status_code=HTTP_403_FORBIDDEN, detail="Not authenticated" + status_code=HTTP_403_FORBIDDEN, + detail=self.auto_error_detail, ) else: return None From f347a3583beb2c8a629eaa4f6f012c26b153e251 Mon Sep 17 00:00:00 2001 From: Suren Khorenyan Date: Sat, 11 Mar 2023 14:46:59 +0300 Subject: [PATCH 2/4] HTTP Basic and Bearer auto error detail tests --- ...t_security_http_basic_auto_error_detail.py | 30 +++++++++++++++++++ ..._security_http_bearer_auto_error_detail.py | 28 +++++++++++++++++ 2 files changed, 58 insertions(+) create mode 100644 tests/test_security_http_basic_auto_error_detail.py create mode 100644 tests/test_security_http_bearer_auto_error_detail.py diff --git a/tests/test_security_http_basic_auto_error_detail.py b/tests/test_security_http_basic_auto_error_detail.py new file mode 100644 index 000000000..8de85137c --- /dev/null +++ b/tests/test_security_http_basic_auto_error_detail.py @@ -0,0 +1,30 @@ +from typing import Optional + +from fastapi import FastAPI, Security +from fastapi.security import HTTPBasic, HTTPBasicCredentials +from fastapi.testclient import TestClient + +app = FastAPI() + +error_message = "not a 20 minute adventure" +security = HTTPBasic(auto_error=True, auto_error_detail=error_message) + + +@app.get("/users/me") +def read_current_user(credentials: Optional[HTTPBasicCredentials] = Security(security)): + return {"username": credentials.username, "password": credentials.password} + + +client = TestClient(app) + + +def test_security_http_basic(): + response = client.get("/users/me", auth=("john", "secret")) + assert response.status_code == 200, response.text + assert response.json() == {"username": "john", "password": "secret"} + + +def test_security_http_basic_no_credentials(): + response = client.get("/users/me") + assert response.status_code == 401, response.text + assert response.json() == {"detail": error_message} diff --git a/tests/test_security_http_bearer_auto_error_detail.py b/tests/test_security_http_bearer_auto_error_detail.py new file mode 100644 index 000000000..d6a254763 --- /dev/null +++ b/tests/test_security_http_bearer_auto_error_detail.py @@ -0,0 +1,28 @@ +from fastapi import FastAPI, Security +from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer +from fastapi.testclient import TestClient + +app = FastAPI() + +error_message = "not a 20 minute adventure" +security = HTTPBearer(auto_error=True, auto_error_detail=error_message) + + +@app.get("/users/me") +def read_current_user(credentials: HTTPAuthorizationCredentials = Security(security)): + return {"scheme": credentials.scheme, "credentials": credentials.credentials} + + +client = TestClient(app) + + +def test_security_http_bearer(): + response = client.get("/users/me", headers={"Authorization": "Bearer foobar"}) + assert response.status_code == 200, response.text + assert response.json() == {"scheme": "Bearer", "credentials": "foobar"} + + +def test_security_http_bearer_no_credentials(): + response = client.get("/users/me") + assert response.status_code == 403, response.text + assert response.json() == {"detail": error_message} From a06a45dfd49ac6b5d4d8d1215ccc619dee51931c Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Sat, 17 Feb 2024 14:38:21 +0000 Subject: [PATCH 3/4] =?UTF-8?q?=F0=9F=8E=A8=20[pre-commit.ci]=20Auto=20for?= =?UTF-8?q?mat=20from=20pre-commit.com=20hooks?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- fastapi/security/http.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/fastapi/security/http.py b/fastapi/security/http.py index 17273d91e..138e79074 100644 --- a/fastapi/security/http.py +++ b/fastapi/security/http.py @@ -182,10 +182,10 @@ class HTTPBasic(HTTPBase): str, Doc( """ - The text to be returned to the client when `auto_error` + The text to be returned to the client when `auto_error` raises an HTTP exception. - It useful when you have multiple errors defined: set + It useful when you have multiple errors defined: set different detail text to easily differentiate which error was raised. """ ), @@ -310,10 +310,10 @@ class HTTPBearer(HTTPBase): str, Doc( """ - The text to be returned to the client when `auto_error` + The text to be returned to the client when `auto_error` raises an HTTP exception. - It useful when you have multiple errors defined: set + It useful when you have multiple errors defined: set different detail text to easily differentiate which error was raised. """ ), @@ -426,10 +426,10 @@ class HTTPDigest(HTTPBase): str, Doc( """ - The text to be returned to the client when `auto_error` + The text to be returned to the client when `auto_error` raises an HTTP exception. - It useful when you have multiple errors defined: set + It useful when you have multiple errors defined: set different detail text to easily differentiate which error was raised. """ ), From 8741407b045ca7867b993b2237544c19180b3e36 Mon Sep 17 00:00:00 2001 From: Sofie Van Landeghem Date: Mon, 2 Sep 2024 17:00:05 +0200 Subject: [PATCH 4/4] Fix small typo --- fastapi/security/http.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fastapi/security/http.py b/fastapi/security/http.py index 91cf8120a..c9c978fbe 100644 --- a/fastapi/security/http.py +++ b/fastapi/security/http.py @@ -185,7 +185,7 @@ class HTTPBasic(HTTPBase): The text to be returned to the client when `auto_error` raises an HTTP exception. - It useful when you have multiple errors defined: set + It's useful when you have multiple errors defined: set different detail text to easily differentiate which error was raised. """ ), @@ -313,7 +313,7 @@ class HTTPBearer(HTTPBase): The text to be returned to the client when `auto_error` raises an HTTP exception. - It useful when you have multiple errors defined: set + It's useful when you have multiple errors defined: set different detail text to easily differentiate which error was raised. """ ), @@ -429,7 +429,7 @@ class HTTPDigest(HTTPBase): The text to be returned to the client when `auto_error` raises an HTTP exception. - It useful when you have multiple errors defined: set + It's useful when you have multiple errors defined: set different detail text to easily differentiate which error was raised. """ ),