happyz
/
fastapi
mirror of https://github.com/tiangolo/fastapi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix: Make Basic Auth realm required per RFC 7235

This commit is contained in:
kumarvishwajeettrivedi 2025-11-22 17:29:05 +05:30
parent cbe5bdb85f
commit a053ad6bea
6 changed files with 11 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
docs_src/security/tutorial006.py
View File

@ -3,7 +3,7 @@ from fastapi.security import HTTPBasic, HTTPBasicCredentials
app = FastAPI()
security = HTTPBasic()
security = HTTPBasic(realm="simple")
@app.get("/users/me")

2
docs_src/security/tutorial006_an.py
View File

@ -4,7 +4,7 @@ from typing_extensions import Annotated
app = FastAPI()
security = HTTPBasic()
security = HTTPBasic(realm="simple")
@app.get("/users/me")

2
docs_src/security/tutorial006_an_py39.py
View File

@ -5,7 +5,7 @@ from fastapi.security import HTTPBasic, HTTPBasicCredentials
app = FastAPI()
security = HTTPBasic()
security = HTTPBasic(realm="simple")
@app.get("/users/me")

4
fastapi/security/http.py
View File

@ -142,13 +142,13 @@ class HTTPBasic(HTTPBase):
),
] = None,
realm: Annotated[
Optional[str],
str,
Doc(
"""
HTTP Basic authentication realm.
"""
),
] = None,
],
description: Annotated[
Optional[str],
Doc(

6
tests/test_security_http_basic_optional.py
View File

@ -7,7 +7,7 @@ from fastapi.testclient import TestClient
app = FastAPI()
security = HTTPBasic(auto_error=False)
security = HTTPBasic(realm="simple", auto_error=False)
@app.get("/users/me")
@ -37,7 +37,7 @@ def test_security_http_basic_invalid_credentials():
"/users/me", headers={"Authorization": "Basic notabase64token"}
)
assert response.status_code == 401, response.text
assert response.headers["WWW-Authenticate"] == "Basic"
assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'
assert response.json() == {"detail": "Invalid authentication credentials"}
@ -46,7 +46,7 @@ def test_security_http_basic_non_basic_credentials():
auth_header = f"Basic {payload}"
response = client.get("/users/me", headers={"Authorization": auth_header})
assert response.status_code == 401, response.text
assert response.headers["WWW-Authenticate"] == "Basic"
assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'
assert response.json() == {"detail": "Invalid authentication credentials"}

6
tests/test_tutorial/test_security/test_tutorial006.py
View File

@ -32,7 +32,7 @@ def test_security_http_basic_no_credentials(client: TestClient):
response = client.get("/users/me")
assert response.json() == {"detail": "Not authenticated"}
assert response.status_code == 401, response.text
assert response.headers["WWW-Authenticate"] == "Basic"
assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'
def test_security_http_basic_invalid_credentials(client: TestClient):
@ -40,7 +40,7 @@ def test_security_http_basic_invalid_credentials(client: TestClient):
"/users/me", headers={"Authorization": "Basic notabase64token"}
)
assert response.status_code == 401, response.text
assert response.headers["WWW-Authenticate"] == "Basic"
assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'
assert response.json() == {"detail": "Invalid authentication credentials"}
@ -49,7 +49,7 @@ def test_security_http_basic_non_basic_credentials(client: TestClient):
auth_header = f"Basic {payload}"
response = client.get("/users/me", headers={"Authorization": auth_header})
assert response.status_code == 401, response.text
assert response.headers["WWW-Authenticate"] == "Basic"
assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"'
assert response.json() == {"detail": "Invalid authentication credentials"}