diff --git a/docs_src/security/tutorial006.py b/docs_src/security/tutorial006.py index 29121ffd6..5b9e9a8e8 100644 --- a/docs_src/security/tutorial006.py +++ b/docs_src/security/tutorial006.py @@ -3,7 +3,7 @@ from fastapi.security import HTTPBasic, HTTPBasicCredentials app = FastAPI() -security = HTTPBasic() +security = HTTPBasic(realm="simple") @app.get("/users/me") diff --git a/docs_src/security/tutorial006_an.py b/docs_src/security/tutorial006_an.py index 985e4b2ad..43e970397 100644 --- a/docs_src/security/tutorial006_an.py +++ b/docs_src/security/tutorial006_an.py @@ -4,7 +4,7 @@ from typing_extensions import Annotated app = FastAPI() -security = HTTPBasic() +security = HTTPBasic(realm="simple") @app.get("/users/me") diff --git a/docs_src/security/tutorial006_an_py39.py b/docs_src/security/tutorial006_an_py39.py index 03c696a4b..721716a15 100644 --- a/docs_src/security/tutorial006_an_py39.py +++ b/docs_src/security/tutorial006_an_py39.py @@ -5,7 +5,7 @@ from fastapi.security import HTTPBasic, HTTPBasicCredentials app = FastAPI() -security = HTTPBasic() +security = HTTPBasic(realm="simple") @app.get("/users/me") diff --git a/fastapi/security/http.py b/fastapi/security/http.py index 0d1bbba3a..cc231fb38 100644 --- a/fastapi/security/http.py +++ b/fastapi/security/http.py @@ -154,13 +154,13 @@ class HTTPBasic(HTTPBase): ), ] = None, realm: Annotated[ - Optional[str], + str, Doc( """ HTTP Basic authentication realm. """ ), - ] = None, + ], description: Annotated[ Optional[str], Doc( diff --git a/tests/test_security_http_basic_empty_realm.py b/tests/test_security_http_basic_empty_realm.py new file mode 100644 index 000000000..eb5513f30 --- /dev/null +++ b/tests/test_security_http_basic_empty_realm.py @@ -0,0 +1,30 @@ +from fastapi import Depends, FastAPI +from fastapi.security import HTTPBasic, HTTPBasicCredentials +from fastapi.testclient import TestClient + +app = FastAPI() + +security = HTTPBasic(realm="") + + +@app.get("/users/me") +def read_current_user(credentials: HTTPBasicCredentials = Depends(security)): + return {"username": credentials.username, "password": credentials.password} + + +client = TestClient(app) + + +def test_security_http_basic_empty_realm(): + response = client.get("/users/me", auth=("john", "secret")) + assert response.status_code == 200, response.text + assert response.json() == {"username": "john", "password": "secret"} + + +def test_security_http_basic_invalid_credentials_empty_realm(): + response = client.get( + "/users/me", headers={"Authorization": "Basic notabase64token"} + ) + assert response.status_code == 401, response.text + assert response.headers["WWW-Authenticate"] == "Basic" + assert response.json() == {"detail": "Invalid authentication credentials"} diff --git a/tests/test_security_http_basic_optional.py b/tests/test_security_http_basic_optional.py index 7071f381a..ab674a99b 100644 --- a/tests/test_security_http_basic_optional.py +++ b/tests/test_security_http_basic_optional.py @@ -7,7 +7,7 @@ from fastapi.testclient import TestClient app = FastAPI() -security = HTTPBasic(auto_error=False) +security = HTTPBasic(realm="simple", auto_error=False) @app.get("/users/me") diff --git a/tests/test_tutorial/test_security/test_tutorial006.py b/tests/test_tutorial/test_security/test_tutorial006.py index 9587159dc..ba10a929b 100644 --- a/tests/test_tutorial/test_security/test_tutorial006.py +++ b/tests/test_tutorial/test_security/test_tutorial006.py @@ -32,7 +32,7 @@ def test_security_http_basic_no_credentials(client: TestClient): response = client.get("/users/me") assert response.json() == {"detail": "Not authenticated"} assert response.status_code == 401, response.text - assert response.headers["WWW-Authenticate"] == "Basic" + assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"' def test_security_http_basic_invalid_credentials(client: TestClient):