Coverage for tests / test_security_http_basic_realm.py: 100%

Shortcuts on this page

r m x toggle line displays

j k next/prev highlighted chunk

0 (zero) top of page

1 (one) first highlighted chunk

[ ] prev/next file

u up to the index

? show/hide this help

36 statements

« prev ^ index » next coverage.py v7.13.3, created at 2026-02-12 18:15 +0000

1from base64 import b64encode 4 ctx1abcd

3from fastapi import FastAPI, Security 4 ctx1abcd

4from fastapi.security import HTTPBasic, HTTPBasicCredentials 4 ctx1abcd

5from fastapi.testclient import TestClient 4 ctx1abcd

6from inline_snapshot import snapshot 4 ctx1abcd

8app = FastAPI() 4 ctx1abcd

10security = HTTPBasic(realm="simple") 4 ctx1abcd

13@app.get("/users/me") 4 ctx1abcd

14def read_current_user(credentials: HTTPBasicCredentials = Security(security)): 4 ctx1abcd

15 return {"username": credentials.username, "password": credentials.password} 3 ctx1hij

18client = TestClient(app) 4 ctx1abcd

21def test_security_http_basic(): 4 ctx1abcd

22 response = client.get("/users/me", auth=("john", "secret")) 3 ctx1hij

23 assert response.status_code == 200, response.text 3 ctx1hij

24 assert response.json() == {"username": "john", "password": "secret"} 3 ctx1hij

27def test_security_http_basic_no_credentials(): 4 ctx1abcd

28 response = client.get("/users/me") 3 ctx1klm

29 assert response.json() == {"detail": "Not authenticated"} 3 ctx1klm

30 assert response.status_code == 401, response.text 3 ctx1klm

31 assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"' 3 ctx1klm

34def test_security_http_basic_invalid_credentials(): 4 ctx1abcd

35 response = client.get( 3 ctx1nop

36 "/users/me", headers={"Authorization": "Basic notabase64token"}

37 )

38 assert response.status_code == 401, response.text 3 ctx1nop

39 assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"' 3 ctx1nop

40 assert response.json() == {"detail": "Not authenticated"} 3 ctx1nop

43def test_security_http_basic_non_basic_credentials(): 4 ctx1abcd

44 payload = b64encode(b"johnsecret").decode("ascii") 3 ctx1efg

45 auth_header = f"Basic {payload}" 3 ctx1efg

46 response = client.get("/users/me", headers={"Authorization": auth_header}) 3 ctx1efg

47 assert response.status_code == 401, response.text 3 ctx1efg

48 assert response.headers["WWW-Authenticate"] == 'Basic realm="simple"' 3 ctx1efg

49 assert response.json() == {"detail": "Not authenticated"} 3 ctx1efg

52def test_openapi_schema(): 4 ctx1abcd

53 response = client.get("/openapi.json") 3 ctx1qrs

54 assert response.status_code == 200, response.text 3 ctx1qrs

55 assert response.json() == snapshot( 3 ctx1qrs

56 {

57 "openapi": "3.1.0",

58 "info": {"title": "FastAPI", "version": "0.1.0"},

59 "paths": {

60 "/users/me": {

61 "get": {

62 "responses": {

63 "200": {

64 "description": "Successful Response",

65 "content": {"application/json": {"schema": {}}},

66 }

67 },

68 "summary": "Read Current User",

69 "operationId": "read_current_user_users_me_get",

70 "security": [{"HTTPBasic": []}],

71 }

72 }

73 },

74 "components": {

75 "securitySchemes": {"HTTPBasic": {"type": "http", "scheme": "basic"}}

76 },

77 }

78 )