🐛 Fix HTTP Bearer security auto-error (#282)

2019-06-01 09:57:45 +04:00 · 2019-06-01 09:57:45 +04:00 · d262f6e929
parent d61f5e4b55
commit d262f6e929
2 changed files with 9 additions and 6 deletions
--- a/fastapi/security/http.py
+++ b/fastapi/security/http.py
@ -112,10 +112,13 @@ class HTTPBearer(HTTPBase):
            else:
                return None
        if scheme.lower() != "bearer":
-            raise HTTPException(
-                status_code=HTTP_403_FORBIDDEN,
-                detail="Invalid authentication credentials",
-            )
+            if self.auto_error:
+                raise HTTPException(
+                    status_code=HTTP_403_FORBIDDEN,
+                    detail="Invalid authentication credentials",
+                )
+            else:
+                return None
        return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials)


--- a/tests/test_security_http_bearer_optional.py
+++ b/tests/test_security_http_bearer_optional.py
@ -64,5 +64,5 @@ def test_security_http_bearer_no_credentials():

 def test_security_http_bearer_incorrect_scheme_credentials():
    response = client.get("/users/me", headers={"Authorization": "Basic notreally"})
-    assert response.status_code == 403
-    assert response.json() == {"detail": "Invalid authentication credentials"}
+    assert response.status_code == 200
+    assert response.json() == {"msg": "Create an account first"}