Coverage for docs_src/security/tutorial003_an.py: 100%

1from typing import Union 6 ctx1abcdef

2 

3from fastapi import Depends, FastAPI, HTTPException, status 6 ctx1abcdef

4from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm 6 ctx1abcdef

5from pydantic import BaseModel 6 ctx1abcdef

6from typing_extensions import Annotated 6 ctx1abcdef

7 

8fake_users_db = { 6 ctx1abcdef

9 "johndoe": { 

10 "username": "johndoe", 

11 "full_name": "John Doe", 

12 "email": "johndoe@example.com", 

13 "hashed_password": "fakehashedsecret", 

14 "disabled": False, 

15 }, 

16 "alice": { 

17 "username": "alice", 

18 "full_name": "Alice Wonderson", 

19 "email": "alice@example.com", 

20 "hashed_password": "fakehashedsecret2", 

21 "disabled": True, 

22 }, 

23} 

24 

25app = FastAPI() 6 ctx1abcdef

26 

27 

28def fake_hash_password(password: str): 6 ctx1abcdef

29 return "fakehashed" + password 12 ctx1stuvwxyzABCD

30 

31 

32oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token") 6 ctx1abcdef

33 

34 

35class User(BaseModel): 6 ctx1abcdef

36 username: str 6 ctx1abcdef

37 email: Union[str, None] = None 6 ctx1abcdef

38 full_name: Union[str, None] = None 6 ctx1abcdef

39 disabled: Union[bool, None] = None 6 ctx1abcdef

40 

41 

42class UserInDB(User): 6 ctx1abcdef

43 hashed_password: str 6 ctx1abcdef

44 

45 

46def get_user(db, username: str): 6 ctx1abcdef

47 if username in db: 18 ctx1mEgnFhoGipHjqIkrJl

48 user_dict = db[username] 12 ctx1mgnhoipjqkrl

49 return UserInDB(**user_dict) 12 ctx1mgnhoipjqkrl

50 

51 

52def fake_decode_token(token): 6 ctx1abcdef

53 # This doesn't provide any security at all 

54 # Check the next version 

55 user = get_user(fake_users_db, token) 18 ctx1mEgnFhoGipHjqIkrJl

56 return user 18 ctx1mEgnFhoGipHjqIkrJl

57 

58 

59async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]): 6 ctx1abcdef

60 user = fake_decode_token(token) 18 ctx1mEgnFhoGipHjqIkrJl

61 if not user: 18 ctx1mEgnFhoGipHjqIkrJl

62 raise HTTPException( 6 ctx1EFGHIJ

63 status_code=status.HTTP_401_UNAUTHORIZED, 

64 detail="Invalid authentication credentials", 

65 headers={"WWW-Authenticate": "Bearer"}, 

66 ) 

67 return user 12 ctx1mgnhoipjqkrl

68 

69 

70async def get_current_active_user( 6 ctx1abcdef

71 current_user: Annotated[User, Depends(get_current_user)], 

72): 

73 if current_user.disabled: 12 ctx1mgnhoipjqkrl

74 raise HTTPException(status_code=400, detail="Inactive user") 6 ctx1mnopqr

75 return current_user 6 ctx1ghijkl

76 

77 

78@app.post("/token") 6 ctx1abcdef

79async def login(form_data: Annotated[OAuth2PasswordRequestForm, Depends()]): 6 ctx1abcdef

80 user_dict = fake_users_db.get(form_data.username) 18 ctx1stKuvLwxMyzNABOCDP

81 if not user_dict: 18 ctx1stKuvLwxMyzNABOCDP

82 raise HTTPException(status_code=400, detail="Incorrect username or password") 6 ctx1KLMNOP

83 user = UserInDB(**user_dict) 12 ctx1stuvwxyzABCD

84 hashed_password = fake_hash_password(form_data.password) 12 ctx1stuvwxyzABCD

85 if not hashed_password == user.hashed_password: 12 ctx1stuvwxyzABCD

86 raise HTTPException(status_code=400, detail="Incorrect username or password") 6 ctx1tvxzBD

87 

88 return {"access_token": user.username, "token_type": "bearer"} 6 ctx1suwyAC

89 

90 

91@app.get("/users/me") 6 ctx1abcdef

92async def read_users_me( 6 ctx1abcdef

93 current_user: Annotated[User, Depends(get_current_active_user)], 

94): 

95 return current_user 6 ctx1ghijkl