8000 Add auto_error to security utils by tiangolo · Pull Request #134 · fastapi/fastapi · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add auto_error to security utils #134

Merged
merged 1 commit into from
Apr 3, 2019
Merged

Add auto_error to security utils #134

merged 1 commit into from
Apr 3, 2019

Conversation

tiangolo
Copy link
Member
@tiangolo tiangolo commented Apr 3, 2019

✨ Add auto_error to security utils to allow them to be optional, also allowing the declaration of multiple security schemes.

When setting auto_error=False, instead of raising/returning an HTTP 403 "Not authenticated" error to the client, it returns None to the parameter in a path operation function or dependency.

This makes it possible to have optional authentication.

It also allows to declare multiple optional security schemes in a dependency. And then, inside of the dependency, enforce that at least one is provided/validated. This can be used when allowing authentication with username/password using OAuth2PasswordBearer but also with other OAuth2 providers (Google, Facebook, etc).

To use it, in the security utils, instead of writing:

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/token")

write:

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/token", auto_error=False)

It can also be used to customize the error returned, overwriting the default "Not authenticated" with something different, by taking the result of the dependency and if it's None, raising an HTTPException with a custom detail message.

@tiangolo
✨ Add auto_error to security utils
7c1e308 
to allow them to be optional, also allowing the declaration of multiple security schemes
@codecov
Copy link
codecov bot commented Apr 3, 2019
edited
Loading

Codecov Report

Merging #134 into master will not change coverage.
The diff coverage is 100%.

Impacted file tree graph

@@          Coverage Diff           @@
##           master   #134    +/-   ##
======================================
  Coverage     100%   100%            
======================================
  Files         127    137    +10     
  Lines        3037   3404   +367     
======================================
+ Hits         3037   3404   +367
Impacted Files Coverage Δ
tests/test_security_http_digest_optional.py 100% <100%> (ø)
tests/test_security_http_base_optional.py 100% <100%> (ø)
tests/test_security_oauth2_optional.py 100% <100%> (ø)
fastapi/security/api_key.py 100% <100%> (ø) ⬆️
tests/test_security_openid_connect_optional.py 100% <100%> (ø)
tests/test_security_http_bearer_optional.py 100% <100%> (ø)
fastapi/security/http.py 100% <100%> (ø) ⬆️
...s/test_security_oauth2_password_bearer_optional.py 100% <100%> (ø)
tests/test_security_api_key_query_optional.py 100% <100%> (ø)
tests/test_security_api_key_cookie_optional.py 100% <100%> (ø)
... and 14 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b35b0a9...7c1e308. Read the comment docs.

@tiangolo tiangolo merged commit fad3a9e into master Apr 3, 2019
@tiangolo tiangolo deleted the security-auto-error branch April 3, 2019 11:50
@tiangolo tiangolo mentioned this pull request Apr 3, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@tiangolo
0