Skip to content

Add auto_error to security utils#134

Merged
tiangolo merged 1 commit intomasterfrom
security-auto-error
Apr 3, 2019
Merged

Add auto_error to security utils#134
tiangolo merged 1 commit intomasterfrom
security-auto-error

Conversation

@tiangolo
Copy link
Copy Markdown
Member

@tiangolo tiangolo commented Apr 3, 2019

✨ Add auto_error to security utils to allow them to be optional, also allowing the declaration of multiple security schemes.

When setting auto_error=False, instead of raising/returning an HTTP 403 "Not authenticated" error to the client, it returns None to the parameter in a path operation function or dependency.

This makes it possible to have optional authentication.

It also allows to declare multiple optional security schemes in a dependency. And then, inside of the dependency, enforce that at least one is provided/validated. This can be used when allowing authentication with username/password using OAuth2PasswordBearer but also with other OAuth2 providers (Google, Facebook, etc).

To use it, in the security utils, instead of writing:

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/token")

write:

oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/token", auto_error=False)

It can also be used to customize the error returned, overwriting the default "Not authenticated" with something different, by taking the result of the dependency and if it's None, raising an HTTPException with a custom detail message.

@tiangolo
✨ Add auto_error to security utils
7c1e308 
to allow them to be optional, also allowing the declaration of multiple security schemes
@codecov
Copy link
Copy Markdown

codecov bot commented Apr 3, 2019
edited
Loading

Codecov Report

Merging #134 into master will not change coverage.
The diff coverage is 100%.

Impacted file tree graph

@@          Coverage Diff           @@
##           master   #134    +/-   ##
======================================
  Coverage     100%   100%            
======================================
  Files         127    137    +10     
  Lines        3037   3404   +367     
======================================
+ Hits         3037   3404   +367
Impacted Files Coverage Δ
tests/test_security_http_digest_optional.py 100% <100%> (ø)
tests/test_security_http_base_optional.py 100% <100%> (ø)
tests/test_security_oauth2_optional.py 100% <100%> (ø)
fastapi/security/api_key.py 100% <100%> (ø) ⬆️
tests/test_security_openid_connect_optional.py 100% <100%> (ø)
tests/test_security_http_bearer_optional.py 100% <100%> (ø)
fastapi/security/http.py 100% <100%> (ø) ⬆️
...s/test_security_oauth2_password_bearer_optional.py 100% <100%> (ø)
tests/test_security_api_key_query_optional.py 100% <100%> (ø)
tests/test_security_api_key_cookie_optional.py 100% <100%> (ø)
... and 14 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b35b0a9...7c1e308. Read the comment docs.

@tiangolo tiangolo merged commit fad3a9e into master Apr 3, 2019
@tiangolo tiangolo deleted the security-auto-error branch April 3, 2019 11:50
@tiangolo tiangolo mentioned this pull request Apr 3, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tiangolo