happyz
/
fastapi
mirror of https://github.com/tiangolo/fastapi.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

🐛 Fix HTTP Bearer security auto-error (#282)

This commit is contained in:
Sebastián Ramírez 2019-06-01 09:57:45 +04:00 committed by GitHub
parent d61f5e4b55
commit d262f6e929
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 9 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
fastapi/security/http.py
View File

@ -112,10 +112,13 @@ class HTTPBearer(HTTPBase):
else: else:
return None return None
if scheme.lower() != "bearer": if scheme.lower() != "bearer":
raise HTTPException( if self.auto_error:
status_code=HTTP_403_FORBIDDEN, raise HTTPException(
detail="Invalid authentication credentials", status_code=HTTP_403_FORBIDDEN,
) detail="Invalid authentication credentials",
)
else:
return None
return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials) return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials)

4
tests/test_security_http_bearer_optional.py
View File

@ -64,5 +64,5 @@ def test_security_http_bearer_no_credentials():
def test_security_http_bearer_incorrect_scheme_credentials(): def test_security_http_bearer_incorrect_scheme_credentials():
response = client.get("/users/me", headers={"Authorization": "Basic notreally"}) response = client.get("/users/me", headers={"Authorization": "Basic notreally"})
assert response.status_code == 403 assert response.status_code == 200
assert response.json() == {"detail": "Invalid authentication credentials"} assert response.json() == {"msg": "Create an account first"}