Merge 8cdf7dbebe into 272204c0c7

2025-12-16 21:09:33 +00:00 · 2025-12-16 21:09:33 +00:00 · 1bd85c1e60
parent 272204c0c7 8cdf7dbebe
commit 1bd85c1e60
7 changed files with 37 additions and 7 deletions
--- a/docs_src/security/tutorial006.py
+++ b/docs_src/security/tutorial006.py
@ -3,7 +3,7 @@ from fastapi.security import HTTPBasic, HTTPBasicCredentials

 app = FastAPI()

-security = HTTPBasic()
+security = HTTPBasic(realm="simple")


@app.get("/users/me")
--- a/docs_src/security/tutorial006_an.py
+++ b/docs_src/security/tutorial006_an.py
@ -4,7 +4,7 @@ from typing_extensions import Annotated

 app = FastAPI()

-security = HTTPBasic()
+security = HTTPBasic(realm="simple")


@app.get("/users/me")
--- a/docs_src/security/tutorial006_an_py39.py
+++ b/docs_src/security/tutorial006_an_py39.py
@ -5,7 +5,7 @@ from fastapi.security import HTTPBasic, HTTPBasicCredentials

 app = FastAPI()

-security = HTTPBasic()
+security = HTTPBasic(realm="simple")


@app.get("/users/me")
--- a/fastapi/security/http.py
+++ b/fastapi/security/http.py
@ -154,13 +154,13 @@ class HTTPBasic(HTTPBase):
            ),
        ] = None,
        realm: Annotated[
-            Optional[str],
+            str,
            Doc(
                """
                HTTP Basic authentication realm.
                """
            ),
-        ] = None,
+        ],
        description: Annotated[
            Optional[str],
            Doc(
--- a/tests/test_security_http_basic_empty_realm.py
+++ b/tests/test_security_http_basic_empty_realm.py
@ -0,0 +1,30 @@
+from fastapi import Depends, FastAPI
+from fastapi.security import HTTPBasic, HTTPBasicCredentials
+from fastapi.testclient import TestClient
+
+app = FastAPI()
+
+security = HTTPBasic(realm="")
+
+
+@app.get("/users/me")
+def read_current_user(credentials: HTTPBasicCredentials = Depends(security)):
+    return {"username": credentials.username, "password": credentials.password}
+
+
+client = TestClient(app)
+
+
+def test_security_http_basic_empty_realm():
+    response = client.get("/users/me", auth=("john", "secret"))
+    assert response.status_code == 200, response.text
+    assert response.json() == {"username": "john", "password": "secret"}
+
+
+def test_security_http_basic_invalid_credentials_empty_realm():
+    response = client.get(
+        "/users/me", headers={"Authorization": "Basic notabase64token"}
+    )
+    assert response.status_code == 401, response.text
+    assert response.headers["WWW-Authenticate"] == "Basic"
+    assert response.json() == {"detail": "Invalid authentication credentials"}
--- a/tests/test_security_http_basic_optional.py
+++ b/tests/test_security_http_basic_optional.py
@ -7,7 +7,7 @@ from fastapi.testclient import TestClient

 app = FastAPI()

-security = HTTPBasic(auto_error=False)
+security = HTTPBasic(realm="simple", auto_error=False)


@app.get("/users/me")
--- a/tests/test_tutorial/test_security/test_tutorial006.py
+++ b/tests/test_tutorial/test_security/test_tutorial006.py
@ -32,7 +32,7 @@ def test_security_http_basic_no_credentials(client: TestClient):
    response = client.get("/users/me")
    assert response.json() == {"detail": "Not authenticated"}
    assert response.status_code == 401, response.text
-    assert response.headers["WWW-Authenticate"] == "Basic"
+    assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'


 def test_security_http_basic_invalid_credentials(client: TestClient):