Coverage for docs_src/security/tutorial003.py: 100%

1from typing import Union 7 ctx1abcdefg

2 

3from fastapi import Depends, FastAPI, HTTPException, status 7 ctx1abcdefg

4from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm 7 ctx1abcdefg

5from pydantic import BaseModel 7 ctx1abcdefg

6 

7fake_users_db = { 7 ctx1abcdefg

8 "johndoe": { 

9 "username": "johndoe", 

10 "full_name": "John Doe", 

11 "email": "johndoe@example.com", 

12 "hashed_password": "fakehashedsecret", 

13 "disabled": False, 

14 }, 

15 "alice": { 

16 "username": "alice", 

17 "full_name": "Alice Wonderson", 

18 "email": "alice@example.com", 

19 "hashed_password": "fakehashedsecret2", 

20 "disabled": True, 

21 }, 

22} 

23 

24app = FastAPI() 7 ctx1abcdefg

25 

26 

27def fake_hash_password(password: str): 7 ctx1abcdefg

28 return "fakehashed" + password 14 ctx1vwxyzABCDEFGHI

29 

30 

31oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token") 7 ctx1abcdefg

32 

33 

34class User(BaseModel): 7 ctx1abcdefg

35 username: str 7 ctx1abcdefg

36 email: Union[str, None] = None 7 ctx1abcdefg

37 full_name: Union[str, None] = None 7 ctx1abcdefg

38 disabled: Union[bool, None] = None 7 ctx1abcdefg

39 

40 

41class UserInDB(User): 7 ctx1abcdefg

42 hashed_password: str 7 ctx1abcdefg

43 

44 

45def get_user(db, username: str): 7 ctx1abcdefg

46 if username in db: 21 ctx1oJhpKiqLjrMksNltOmuPn

47 user_dict = db[username] 14 ctx1ohpiqjrksltmun

48 return UserInDB(**user_dict) 14 ctx1ohpiqjrksltmun

49 

50 

51def fake_decode_token(token): 7 ctx1abcdefg

52 # This doesn't provide any security at all 

53 # Check the next version 

54 user = get_user(fake_users_db, token) 21 ctx1oJhpKiqLjrMksNltOmuPn

55 return user 21 ctx1oJhpKiqLjrMksNltOmuPn

56 

57 

58async def get_current_user(token: str = Depends(oauth2_scheme)): 7 ctx1abcdefg

59 user = fake_decode_token(token) 21 ctx1oJhpKiqLjrMksNltOmuPn

60 if not user: 21 ctx1oJhpKiqLjrMksNltOmuPn

61 raise HTTPException( 7 ctx1JKLMNOP

62 status_code=status.HTTP_401_UNAUTHORIZED, 

63 detail="Not authenticated", 

64 headers={"WWW-Authenticate": "Bearer"}, 

65 ) 

66 return user 14 ctx1ohpiqjrksltmun

67 

68 

69async def get_current_active_user(current_user: User = Depends(get_current_user)): 7 ctx1abcdefg

70 if current_user.disabled: 14 ctx1ohpiqjrksltmun

71 raise HTTPException(status_code=400, detail="Inactive user") 7 ctx1opqrstu

72 return current_user 7 ctx1hijklmn

73 

74 

75@app.post("/token") 7 ctx1abcdefg

76async def login(form_data: OAuth2PasswordRequestForm = Depends()): 7 ctx1abcdefg

77 user_dict = fake_users_db.get(form_data.username) 21 ctx1vwQxyRzASBCTDEUFGVHIW

78 if not user_dict: 21 ctx1vwQxyRzASBCTDEUFGVHIW

79 raise HTTPException(status_code=400, detail="Incorrect username or password") 7 ctx1QRSTUVW

80 user = UserInDB(**user_dict) 14 ctx1vwxyzABCDEFGHI

81 hashed_password = fake_hash_password(form_data.password) 14 ctx1vwxyzABCDEFGHI

82 if not hashed_password == user.hashed_password: 14 ctx1vwxyzABCDEFGHI

83 raise HTTPException(status_code=400, detail="Incorrect username or password") 7 ctx1wyACEGI

84 

85 return {"access_token": user.username, "token_type": "bearer"} 7 ctx1vxzBDFH

86 

87 

88@app.get("/users/me") 7 ctx1abcdefg

89async def read_users_me(current_user: User = Depends(get_current_active_user)): 7 ctx1abcdefg

90 return current_user 7 ctx1hijklmn