happyz
/
fastapi
mirror of https://github.com/tiangolo/fastapi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix scopes on security sub-dependant

This commit is contained in:
Arnaud Durand 2023-07-04 01:32:48 +02:00
parent dd4e78ca7b
commit b8741d6bf4
2 changed files with 26 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
fastapi/dependencies/utils.py
View File

@ -145,14 +145,14 @@ def get_sub_dependant(
security_scopes: Optional[List[str]] = None,
) -> Dependant:
security_requirement = None
security_scopes = security_scopes or []
use_scopes: List[str] = []
if isinstance(depends, params.Security):
use_scopes = security_scopes or []
dependency_scopes = depends.scopes
security_scopes.extend(dependency_scopes)
use_scopes.extend(dependency_scopes)
if isinstance(dependency, SecurityBase):
use_scopes: List[str] = []
if isinstance(dependency, (OAuth2, OpenIdConnect)):
use_scopes = security_scopes
use_scopes = security_scopes or []
security_requirement = SecurityRequirement(
security_scheme=dependency, scopes=use_scopes
)
@ -160,7 +160,7 @@ def get_sub_dependant(
path=path,
call=dependency,
name=name,
security_scopes=security_scopes,
security_scopes=use_scopes,
use_cache=depends.use_cache,
)
if security_requirement:

21
tests/test_dependency_cache.py
View File

@ -48,6 +48,17 @@ async def get_scope_counter(
}
@app.get("/scope-sub-counter")
async def get_scope_counter_sub(
count: int = Security(dep_counter),
scope_subcount: int = Security(super_dep, scopes=["scope"]),
):
return {
"counter": count,
"scope_counter": scope_subcount,
}
client = TestClient(app)
@ -89,3 +100,13 @@ def test_security_cache():
response = client.get("/scope-counter/")
assert response.status_code == 200, response.text
assert response.json() == {"counter": 3, "scope_counter_1": 4, "scope_counter_2": 4}
def test_security_cache_sub():
counter_holder["counter"] = 0
response = client.get("/scope-sub-counter/")
assert response.status_code == 200, response.text
assert response.json() == {"counter": 1, "scope_counter": 1}
response = client.get("/scope-sub-counter/")
assert response.status_code == 200, response.text
assert response.json() == {"counter": 2, "scope_counter": 2}