mirror of
https://github.com/rjNemo/fastapi
synced 2026-06-06 02:26:46 +00:00
fe453f80ed
* Update isort script to match changes in the new release, isort v5.0.2 * Downgrade isort to version v4.3.21 * Add an alternative flag to --recursive in isort v5.0.2 * Add isort config file * 🚚 Import from docs_src for tests * 🎨 Format dependencies.utils * 🎨 Remove isort combine_as_imports, keep black profile * 🔧 Update isort config, use pyproject.toml, Black profile * 🔧 Update format scripts to use explicit directories to format otherwise it would try to format venv env directories, I have several with different Python versions * 🎨 Format NoSQL tutorial after re-sorting imports * 🎨 Fix format for __init__.py Co-authored-by: Sebastián Ramírez <tiangolo@gmail.com>
148 lines
5.4 KiB
Python
148 lines
5.4 KiB
Python
import binascii
|
|
from base64 import b64decode
|
|
from typing import Optional
|
|
|
|
from fastapi.exceptions import HTTPException
|
|
from fastapi.openapi.models import HTTPBase as HTTPBaseModel
|
|
from fastapi.openapi.models import HTTPBearer as HTTPBearerModel
|
|
from fastapi.security.base import SecurityBase
|
|
from fastapi.security.utils import get_authorization_scheme_param
|
|
from pydantic import BaseModel
|
|
from starlette.requests import Request
|
|
from starlette.status import HTTP_401_UNAUTHORIZED, HTTP_403_FORBIDDEN
|
|
|
|
|
|
class HTTPBasicCredentials(BaseModel):
|
|
username: str
|
|
password: str
|
|
|
|
|
|
class HTTPAuthorizationCredentials(BaseModel):
|
|
scheme: str
|
|
credentials: str
|
|
|
|
|
|
class HTTPBase(SecurityBase):
|
|
def __init__(
|
|
self, *, scheme: str, scheme_name: str = None, auto_error: bool = True
|
|
):
|
|
self.model = HTTPBaseModel(scheme=scheme)
|
|
self.scheme_name = scheme_name or self.__class__.__name__
|
|
self.auto_error = auto_error
|
|
|
|
async def __call__(
|
|
self, request: Request
|
|
) -> Optional[HTTPAuthorizationCredentials]:
|
|
authorization: str = request.headers.get("Authorization")
|
|
scheme, credentials = get_authorization_scheme_param(authorization)
|
|
if not (authorization and scheme and credentials):
|
|
if self.auto_error:
|
|
raise HTTPException(
|
|
status_code=HTTP_403_FORBIDDEN, detail="Not authenticated"
|
|
)
|
|
else:
|
|
return None
|
|
return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials)
|
|
|
|
|
|
class HTTPBasic(HTTPBase):
|
|
def __init__(
|
|
self, *, scheme_name: str = None, realm: str = None, auto_error: bool = True
|
|
):
|
|
self.model = HTTPBaseModel(scheme="basic")
|
|
self.scheme_name = scheme_name or self.__class__.__name__
|
|
self.realm = realm
|
|
self.auto_error = auto_error
|
|
|
|
async def __call__( # type: ignore
|
|
self, request: Request
|
|
) -> Optional[HTTPBasicCredentials]:
|
|
authorization: str = request.headers.get("Authorization")
|
|
scheme, param = get_authorization_scheme_param(authorization)
|
|
if self.realm:
|
|
unauthorized_headers = {"WWW-Authenticate": f'Basic realm="{self.realm}"'}
|
|
else:
|
|
unauthorized_headers = {"WWW-Authenticate": "Basic"}
|
|
invalid_user_credentials_exc = HTTPException(
|
|
status_code=HTTP_401_UNAUTHORIZED,
|
|
detail="Invalid authentication credentials",
|
|
headers=unauthorized_headers,
|
|
)
|
|
if not authorization or scheme.lower() != "basic":
|
|
if self.auto_error:
|
|
raise HTTPException(
|
|
status_code=HTTP_401_UNAUTHORIZED,
|
|
detail="Not authenticated",
|
|
headers=unauthorized_headers,
|
|
)
|
|
else:
|
|
return None
|
|
try:
|
|
data = b64decode(param).decode("ascii")
|
|
except (ValueError, UnicodeDecodeError, binascii.Error):
|
|
raise invalid_user_credentials_exc
|
|
username, separator, password = data.partition(":")
|
|
if not (separator):
|
|
raise invalid_user_credentials_exc
|
|
return HTTPBasicCredentials(username=username, password=password)
|
|
|
|
|
|
class HTTPBearer(HTTPBase):
|
|
def __init__(
|
|
self,
|
|
*,
|
|
bearerFormat: str = None,
|
|
scheme_name: str = None,
|
|
auto_error: bool = True,
|
|
):
|
|
self.model = HTTPBearerModel(bearerFormat=bearerFormat)
|
|
self.scheme_name = scheme_name or self.__class__.__name__
|
|
self.auto_error = auto_error
|
|
|
|
async def __call__(
|
|
self, request: Request
|
|
) -> Optional[HTTPAuthorizationCredentials]:
|
|
authorization: str = request.headers.get("Authorization")
|
|
scheme, credentials = get_authorization_scheme_param(authorization)
|
|
if not (authorization and scheme and credentials):
|
|
if self.auto_error:
|
|
raise HTTPException(
|
|
status_code=HTTP_403_FORBIDDEN, detail="Not authenticated"
|
|
)
|
|
else:
|
|
return None
|
|
if scheme.lower() != "bearer":
|
|
if self.auto_error:
|
|
raise HTTPException(
|
|
status_code=HTTP_403_FORBIDDEN,
|
|
detail="Invalid authentication credentials",
|
|
)
|
|
else:
|
|
return None
|
|
return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials)
|
|
|
|
|
|
class HTTPDigest(HTTPBase):
|
|
def __init__(self, *, scheme_name: str = None, auto_error: bool = True):
|
|
self.model = HTTPBaseModel(scheme="digest")
|
|
self.scheme_name = scheme_name or self.__class__.__name__
|
|
self.auto_error = auto_error
|
|
|
|
async def __call__(
|
|
self, request: Request
|
|
) -> Optional[HTTPAuthorizationCredentials]:
|
|
authorization: str = request.headers.get("Authorization")
|
|
scheme, credentials = get_authorization_scheme_param(authorization)
|
|
if not (authorization and scheme and credentials):
|
|
if self.auto_error:
|
|
raise HTTPException(
|
|
status_code=HTTP_403_FORBIDDEN, detail="Not authenticated"
|
|
)
|
|
else:
|
|
return None
|
|
if scheme.lower() != "digest":
|
|
raise HTTPException(
|
|
status_code=HTTP_403_FORBIDDEN,
|
|
detail="Invalid authentication credentials",
|
|
)
|
|
return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials)
|