Coverage for tests / test_tutorial / test_security / test_tutorial007.py: 100%

1import importlib 4 ctx1abdc

2from base64 import b64encode 4 ctx1abdc

3 

4import pytest 4 ctx1abdc

5from fastapi.testclient import TestClient 4 ctx1abdc

6from inline_snapshot import snapshot 4 ctx1abdc

7 

8 

9@pytest.fixture( 4 ctx1abdc

10 name="client", 

11 params=[ 

12 pytest.param("tutorial007_py310"), 

13 pytest.param("tutorial007_an_py310"), 

14 ], 

15) 

16def get_client(request: pytest.FixtureRequest): 4 ctx1abdc

17 mod = importlib.import_module(f"docs_src.security.{request.param}") 3 ctx1abc

18 return TestClient(mod.app) 3 ctx1abc

19 

20 

21def test_security_http_basic(client: TestClient): 4 ctx1abdc

22 response = client.get("/users/me", auth=("stanleyjobson", "swordfish")) 3 ctx1tuv

23 assert response.status_code == 200, response.text 3 ctx1tuv

24 assert response.json() == {"username": "stanleyjobson"} 3 ctx1tuv

25 

26 

27def test_security_http_basic_no_credentials(client: TestClient): 4 ctx1abdc

28 response = client.get("/users/me") 3 ctx1hij

29 assert response.json() == {"detail": "Not authenticated"} 3 ctx1hij

30 assert response.status_code == 401, response.text 3 ctx1hij

31 assert response.headers["WWW-Authenticate"] == "Basic" 3 ctx1hij

32 

33 

34def test_security_http_basic_invalid_credentials(client: TestClient): 4 ctx1abdc

35 response = client.get( 3 ctx1klm

36 "/users/me", headers={"Authorization": "Basic notabase64token"} 

37 ) 

38 assert response.status_code == 401, response.text 3 ctx1klm

39 assert response.headers["WWW-Authenticate"] == "Basic" 3 ctx1klm

40 assert response.json() == {"detail": "Not authenticated"} 3 ctx1klm

41 

42 

43def test_security_http_basic_non_basic_credentials(client: TestClient): 4 ctx1abdc

44 payload = b64encode(b"johnsecret").decode("ascii") 3 ctx1efg

45 auth_header = f"Basic {payload}" 3 ctx1efg

46 response = client.get("/users/me", headers={"Authorization": auth_header}) 3 ctx1efg

47 assert response.status_code == 401, response.text 3 ctx1efg

48 assert response.headers["WWW-Authenticate"] == "Basic" 3 ctx1efg

49 assert response.json() == {"detail": "Not authenticated"} 3 ctx1efg

50 

51 

52def test_security_http_basic_invalid_username(client: TestClient): 4 ctx1abdc

53 response = client.get("/users/me", auth=("alice", "swordfish")) 3 ctx1nop

54 assert response.status_code == 401, response.text 3 ctx1nop

55 assert response.json() == {"detail": "Incorrect username or password"} 3 ctx1nop

56 assert response.headers["WWW-Authenticate"] == "Basic" 3 ctx1nop

57 

58 

59def test_security_http_basic_invalid_password(client: TestClient): 4 ctx1abdc

60 response = client.get("/users/me", auth=("stanleyjobson", "wrongpassword")) 3 ctx1qrs

61 assert response.status_code == 401, response.text 3 ctx1qrs

62 assert response.json() == {"detail": "Incorrect username or password"} 3 ctx1qrs

63 assert response.headers["WWW-Authenticate"] == "Basic" 3 ctx1qrs

64 

65 

66def test_openapi_schema(client: TestClient): 4 ctx1abdc

67 response = client.get("/openapi.json") 3 ctx1wxy

68 assert response.status_code == 200, response.text 3 ctx1wxy

69 assert response.json() == snapshot( 3 ctx1wxy

70 { 

71 "openapi": "3.1.0", 

72 "info": {"title": "FastAPI", "version": "0.1.0"}, 

73 "paths": { 

74 "/users/me": { 

75 "get": { 

76 "responses": { 

77 "200": { 

78 "description": "Successful Response", 

79 "content": {"application/json": {"schema": {}}}, 

80 } 

81 }, 

82 "summary": "Read Current User", 

83 "operationId": "read_current_user_users_me_get", 

84 "security": [{"HTTPBasic": []}], 

85 } 

86 } 

87 }, 

88 "components": { 

89 "securitySchemes": {"HTTPBasic": {"type": "http", "scheme": "basic"}} 

90 }, 

91 } 

92 )