From f347a3583beb2c8a629eaa4f6f012c26b153e251 Mon Sep 17 00:00:00 2001
From: Suren Khorenyan <s.khorenyan@mts.ai>
Date: Sat, 11 Mar 2023 14:46:59 +0300
Subject: [PATCH] HTTP Basic and Bearer auto error detail tests

---
 ...t_security_http_basic_auto_error_detail.py | 30 +++++++++++++++++++
 ..._security_http_bearer_auto_error_detail.py | 28 +++++++++++++++++
 2 files changed, 58 insertions(+)
 create mode 100644 tests/test_security_http_basic_auto_error_detail.py
 create mode 100644 tests/test_security_http_bearer_auto_error_detail.py

diff --git a/tests/test_security_http_basic_auto_error_detail.py b/tests/test_security_http_basic_auto_error_detail.py
new file mode 100644
index 000000000..8de85137c
--- /dev/null
+++ b/tests/test_security_http_basic_auto_error_detail.py
@@ -0,0 +1,30 @@
+from typing import Optional
+
+from fastapi import FastAPI, Security
+from fastapi.security import HTTPBasic, HTTPBasicCredentials
+from fastapi.testclient import TestClient
+
+app = FastAPI()
+
+error_message = "not a 20 minute adventure"
+security = HTTPBasic(auto_error=True, auto_error_detail=error_message)
+
+
+@app.get("/users/me")
+def read_current_user(credentials: Optional[HTTPBasicCredentials] = Security(security)):
+    return {"username": credentials.username, "password": credentials.password}
+
+
+client = TestClient(app)
+
+
+def test_security_http_basic():
+    response = client.get("/users/me", auth=("john", "secret"))
+    assert response.status_code == 200, response.text
+    assert response.json() == {"username": "john", "password": "secret"}
+
+
+def test_security_http_basic_no_credentials():
+    response = client.get("/users/me")
+    assert response.status_code == 401, response.text
+    assert response.json() == {"detail": error_message}
diff --git a/tests/test_security_http_bearer_auto_error_detail.py b/tests/test_security_http_bearer_auto_error_detail.py
new file mode 100644
index 000000000..d6a254763
--- /dev/null
+++ b/tests/test_security_http_bearer_auto_error_detail.py
@@ -0,0 +1,28 @@
+from fastapi import FastAPI, Security
+from fastapi.security import HTTPAuthorizationCredentials, HTTPBearer
+from fastapi.testclient import TestClient
+
+app = FastAPI()
+
+error_message = "not a 20 minute adventure"
+security = HTTPBearer(auto_error=True, auto_error_detail=error_message)
+
+
+@app.get("/users/me")
+def read_current_user(credentials: HTTPAuthorizationCredentials = Security(security)):
+    return {"scheme": credentials.scheme, "credentials": credentials.credentials}
+
+
+client = TestClient(app)
+
+
+def test_security_http_bearer():
+    response = client.get("/users/me", headers={"Authorization": "Bearer foobar"})
+    assert response.status_code == 200, response.text
+    assert response.json() == {"scheme": "Bearer", "credentials": "foobar"}
+
+
+def test_security_http_bearer_no_credentials():
+    response = client.get("/users/me")
+    assert response.status_code == 403, response.text
+    assert response.json() == {"detail": error_message}