mirror of
https://github.com/rjNemo/fastapi
synced 2026-06-06 10:36:39 +00:00
fe453f80ed
* Update isort script to match changes in the new release, isort v5.0.2 * Downgrade isort to version v4.3.21 * Add an alternative flag to --recursive in isort v5.0.2 * Add isort config file * 🚚 Import from docs_src for tests * 🎨 Format dependencies.utils * 🎨 Remove isort combine_as_imports, keep black profile * 🔧 Update isort config, use pyproject.toml, Black profile * 🔧 Update format scripts to use explicit directories to format otherwise it would try to format venv env directories, I have several with different Python versions * 🎨 Format NoSQL tutorial after re-sorting imports * 🎨 Fix format for __init__.py Co-authored-by: Sebastián Ramírez <tiangolo@gmail.com>
69 lines
2.3 KiB
Python
69 lines
2.3 KiB
Python
from base64 import b64encode
|
|
|
|
from fastapi.testclient import TestClient
|
|
from requests.auth import HTTPBasicAuth
|
|
|
|
from docs_src.security.tutorial006 import app
|
|
|
|
client = TestClient(app)
|
|
|
|
openapi_schema = {
|
|
"openapi": "3.0.2",
|
|
"info": {"title": "FastAPI", "version": "0.1.0"},
|
|
"paths": {
|
|
"/users/me": {
|
|
"get": {
|
|
"responses": {
|
|
"200": {
|
|
"description": "Successful Response",
|
|
"content": {"application/json": {"schema": {}}},
|
|
}
|
|
},
|
|
"summary": "Read Current User",
|
|
"operationId": "read_current_user_users_me_get",
|
|
"security": [{"HTTPBasic": []}],
|
|
}
|
|
}
|
|
},
|
|
"components": {
|
|
"securitySchemes": {"HTTPBasic": {"type": "http", "scheme": "basic"}}
|
|
},
|
|
}
|
|
|
|
|
|
def test_openapi_schema():
|
|
response = client.get("/openapi.json")
|
|
assert response.status_code == 200, response.text
|
|
assert response.json() == openapi_schema
|
|
|
|
|
|
def test_security_http_basic():
|
|
auth = HTTPBasicAuth(username="john", password="secret")
|
|
response = client.get("/users/me", auth=auth)
|
|
assert response.status_code == 200, response.text
|
|
assert response.json() == {"username": "john", "password": "secret"}
|
|
|
|
|
|
def test_security_http_basic_no_credentials():
|
|
response = client.get("/users/me")
|
|
assert response.json() == {"detail": "Not authenticated"}
|
|
assert response.status_code == 401, response.text
|
|
assert response.headers["WWW-Authenticate"] == "Basic"
|
|
|
|
|
|
def test_security_http_basic_invalid_credentials():
|
|
response = client.get(
|
|
"/users/me", headers={"Authorization": "Basic notabase64token"}
|
|
)
|
|
assert response.status_code == 401, response.text
|
|
assert response.headers["WWW-Authenticate"] == "Basic"
|
|
assert response.json() == {"detail": "Invalid authentication credentials"}
|
|
|
|
|
|
def test_security_http_basic_non_basic_credentials():
|
|
payload = b64encode(b"johnsecret").decode("ascii")
|
|
auth_header = f"Basic {payload}"
|
|
response = client.get("/users/me", headers={"Authorization": auth_header})
|
|
assert response.status_code == 401, response.text
|
|
assert response.headers["WWW-Authenticate"] == "Basic"
|
|
assert response.json() == {"detail": "Invalid authentication credentials"}
|