Sweep: strip username before login and add a unit test within test_post_login

[leolaf]

• I have searched to see if a similar issue already exists.

It seems that spaces are kept at the beginning and at the end of the username's Textbox on login page.
It is more of a user-end problem when happening but since most sites work like this I thought it would be great to implement it in gradio.

Would it be possible to strip the username in the login route in the script gradio/routes.py ?

Sorry if it is not considered a feature request, but i didn't knew if this behavior was a bug or on purpose.

Thank you !

[abidlabs]

That seems reasonable to me @leolaf -- would you like to open a PR for this?

[sweep-ai]

Here's the PR! #5098.

⚡ Sweep Free Trial: I used GPT-4 to create this ticket. You have 1 GPT-4 tickets left. For more GPT-4 tickets, visit our payment portal.To get Sweep to recreate this ticket, leave a comment prefixed with "sweep:" or edit the issue.

---

Step 1: 🔍 Code Search

I found the following snippets in your repository. I will now analyze these snippets and come up with a plan.

Some code snippets I looked at (click to expand). If some file is missing from here, you can mention the path in the ticket description.

gradio/gradio/routes.py

Lines 1 to 830 in 37caa2e

	"""Implements a FastAPI server to run the gradio interface. Note that some types in this
	module use the Optional/Union notation so that they work correctly with pydantic."""
	from __future__ import annotations
	import asyncio
	import sys
	if sys.version_info >= (3, 9):
	from importlib.resources import files
	else:
	from importlib_resources import files
	import inspect
	import json
	import mimetypes
	import os
	import posixpath
	import secrets
	import tempfile
	import traceback
	from asyncio import TimeoutError as AsyncTimeOutError
	from collections import defaultdict
	from copy import deepcopy
	from pathlib import Path
	from typing import Any, Dict, List, Optional, Type
	from urllib.parse import urlparse
	import fastapi
	import httpx
	import markupsafe
	import orjson
	from fastapi import Depends, FastAPI, File, HTTPException, UploadFile, WebSocket, status
	from fastapi.middleware.cors import CORSMiddleware
	from fastapi.responses import (
	FileResponse,
	HTMLResponse,
	JSONResponse,
	PlainTextResponse,
	)
	from fastapi.security import OAuth2PasswordRequestForm
	from fastapi.templating import Jinja2Templates
	from gradio_client.documentation import document, set_documentation_group
	from jinja2.exceptions import TemplateNotFound
	from starlette.background import BackgroundTask
	from starlette.responses import RedirectResponse, StreamingResponse
	from starlette.websockets import WebSocketState
	import gradio
	import gradio.ranged_response as ranged_response
	from gradio import utils, wasm_utils
	from gradio.context import Context
	from gradio.data_classes import PredictBody, ResetBody
	from gradio.exceptions import Error
	from gradio.helpers import EventData
	from gradio.queueing import Estimation, Event
	from gradio.utils import cancel_tasks, run_coro_in_background, set_task_name
	mimetypes.init()
	STATIC_TEMPLATE_LIB = files("gradio").joinpath("templates").as_posix() # type: ignore
	STATIC_PATH_LIB = files("gradio").joinpath("templates", "frontend", "static").as_posix() # type: ignore
	BUILD_PATH_LIB = files("gradio").joinpath("templates", "frontend", "assets").as_posix() # type: ignore
	VERSION = files("gradio").joinpath("version.txt").read_text()
	class ORJSONResponse(JSONResponse):
	media_type = "application/json"
	@staticmethod
	def _render(content: Any) -> bytes:
	return orjson.dumps(
	content,
	option=orjson.OPT_SERIALIZE_NUMPY | orjson.OPT_PASSTHROUGH_DATETIME,
	default=str,
	)
	def render(self, content: Any) -> bytes:
	return ORJSONResponse._render(content)
	@staticmethod
	def _render_str(content: Any) -> str:
	return ORJSONResponse._render(content).decode("utf-8")
	def toorjson(value):
	return markupsafe.Markup(
	ORJSONResponse._render_str(value)
	.replace("<", "\\u003c")
	.replace(">", "\\u003e")
	.replace("&", "\\u0026")
	.replace("'", "\\u0027")
	)
	templates = Jinja2Templates(directory=STATIC_TEMPLATE_LIB)
	templates.env.filters["toorjson"] = toorjson
	client = httpx.AsyncClient()
	###########
	# Auth
	###########
	class App(FastAPI):
	"""
	FastAPI App Wrapper
	"""
	def __init__(self, **kwargs):
	self.tokens = {}
	self.auth = None
	self.blocks: gradio.Blocks | None = None
	self.state_holder = {}
	self.iterators = defaultdict(dict)
	self.iterators_to_reset = defaultdict(set)
	self.lock = asyncio.Lock()
	self.queue_token = secrets.token_urlsafe(32)
	self.startup_events_triggered = False
	self.uploaded_file_dir = os.environ.get("GRADIO_TEMP_DIR") or str(
	Path(tempfile.gettempdir()) / "gradio"
	)
	# Allow user to manually set `docs_url` and `redoc_url`
	# when instantiating an App; when they're not set, disable docs and redoc.
	kwargs.setdefault("docs_url", None)
	kwargs.setdefault("redoc_url", None)
	super().__init__(**kwargs)
	def configure_app(self, blocks: gradio.Blocks) -> None:
	auth = blocks.auth
	if auth is not None:
	if not callable(auth):
	self.auth = {account[0]: account[1] for account in auth}
	else:
	self.auth = auth
	else:
	self.auth = None
	self.blocks = blocks
	if hasattr(self.blocks, "_queue"):
	self.blocks._queue.set_access_token(self.queue_token)
	self.cwd = os.getcwd()
	self.favicon_path = blocks.favicon_path
	self.tokens = {}
	self.root_path = blocks.root_path
	def get_blocks(self) -> gradio.Blocks:
	if self.blocks is None:
	raise ValueError("No Blocks has been configured for this app.")
	return self.blocks
	def build_proxy_request(self, url_path):
	url = httpx.URL(url_path)
	assert self.blocks
	# Don't proxy a URL unless it's a URL specifically loaded by the user using
	# gr.load() to prevent SSRF or harvesting of HF tokens by malicious Spaces.
	is_safe_url = any(
	url.host == httpx.URL(root).host for root in self.blocks.root_urls
	)
	if not is_safe_url:
	raise PermissionError("This URL cannot be proxied.")
	is_hf_url = url.host.endswith(".hf.space")
	headers = {}
	if Context.hf_token is not None and is_hf_url:
	headers["Authorization"] = f"Bearer {Context.hf_token}"
	rp_req = client.build_request("GET", url, headers=headers)
	return rp_req
	@staticmethod
	def create_app(
	blocks: gradio.Blocks, app_kwargs: Dict[str, Any] | None = None
	) -> App:
	app_kwargs = app_kwargs or {}
	if not wasm_utils.IS_WASM:
	app_kwargs.setdefault("default_response_class", ORJSONResponse)
	app = App(**app_kwargs)
	app.configure_app(blocks)
	if not wasm_utils.IS_WASM:
	app.add_middleware(
	CORSMiddleware,
	allow_origins=["*"],
	allow_methods=["*"],
	allow_headers=["*"],
	)
	@app.get("/user")
	@app.get("/user/")
	def get_current_user(request: fastapi.Request) -> Optional[str]:
	token = request.cookies.get("access-token") or request.cookies.get(
	"access-token-unsecure"
	)
	return app.tokens.get(token)
	@app.get("/login_check")
	@app.get("/login_check/")
	def login_check(user: str = Depends(get_current_user)):
	if app.auth is None or user is not None:
	return
	raise HTTPException(
	status_code=status.HTTP_401_UNAUTHORIZED, detail="Not authenticated"
	)
	async def ws_login_check(websocket: WebSocket) -> Optional[str]:
	token = websocket.cookies.get("access-token") or websocket.cookies.get(
	"access-token-unsecure"
	)
	return token # token is returned to allow request in queue
	@app.get("/token")
	@app.get("/token/")
	def get_token(request: fastapi.Request) -> dict:
	token = request.cookies.get("access-token")
	return {"token": token, "user": app.tokens.get(token)}
	@app.get("/app_id")
	@app.get("/app_id/")
	def app_id(request: fastapi.Request) -> dict:
	return {"app_id": app.get_blocks().app_id}
	@app.post("/login")
	@app.post("/login/")
	def login(form_data: OAuth2PasswordRequestForm = Depends()):
	username, password = form_data.username, form_data.password
	if app.auth is None:
	return RedirectResponse(url="/", status_code=status.HTTP_302_FOUND)
	if (
	not callable(app.auth)
	and username in app.auth
	and app.auth[username] == password
	) or (callable(app.auth) and app.auth.__call__(username, password)):
	token = secrets.token_urlsafe(16)
	app.tokens[token] = username
	response = JSONResponse(content={"success": True})
	response.set_cookie(
	key="access-token",
	value=token,
	httponly=True,
	samesite="none",
	secure=True,
	)
	response.set_cookie(
	key="access-token-unsecure", value=token, httponly=True
	)
	return response
	else:
	raise HTTPException(status_code=400, detail="Incorrect credentials.")
	###############
	# Main Routes
	###############
	@app.head("/", response_class=HTMLResponse)
	@app.get("/", response_class=HTMLResponse)
	def main(request: fastapi.Request, user: str = Depends(get_current_user)):
	mimetypes.add_type("application/javascript", ".js")
	blocks = app.get_blocks()
	root_path = request.scope.get("root_path", "")
	if app.auth is None or user is not None:
	config = app.get_blocks().config
	config["root"] = root_path
	else:
	config = {
	"auth_required": True,
	"auth_message": blocks.auth_message,
	"space_id": app.get_blocks().space_id,
	"root": root_path,
	}
	try:
	template = (
	"frontend/share.html" if blocks.share else "frontend/index.html"
	)
	return templates.TemplateResponse(
	template,
	{"request": request, "config": config},
	)
	except TemplateNotFound as err:
	if blocks.share:
	raise ValueError(
	"Did you install Gradio from source files? Share mode only "
	"works when Gradio is installed through the pip package."
	) from err
	else:
	raise ValueError(
	"Did you install Gradio from source files? You need to build "
	"the frontend by running /scripts/build_frontend.sh"
	) from err
	@app.get("/info/", dependencies=[Depends(login_check)])
	@app.get("/info", dependencies=[Depends(login_check)])
	def api_info(serialize: bool = True):
	config = app.get_blocks().config
	return gradio.blocks.get_api_info(config, serialize) # type: ignore
	@app.get("/config/", dependencies=[Depends(login_check)])
	@app.get("/config", dependencies=[Depends(login_check)])
	def get_config(request: fastapi.Request):
	root_path = request.scope.get("root_path", "")
	config = app.get_blocks().config
	config["root"] = root_path
	return config
	@app.get("/static/{path:path}")
	def static_resource(path: str):
	static_file = safe_join(STATIC_PATH_LIB, path)
	return FileResponse(static_file)
	@app.get("/assets/{path:path}")
	def build_resource(path: str):
	build_file = safe_join(BUILD_PATH_LIB, path)
	return FileResponse(build_file)
	@app.get("/favicon.ico")
	async def favicon():
	blocks = app.get_blocks()
	if blocks.favicon_path is None:
	return static_resource("img/logo.svg")
	else:
	return FileResponse(blocks.favicon_path)
	@app.head("/proxy={url_path:path}", dependencies=[Depends(login_check)])
	@app.get("/proxy={url_path:path}", dependencies=[Depends(login_check)])
	async def reverse_proxy(url_path: str):
	# Adapted from: https://github.com/tiangolo/fastapi/issues/1788
	try:
	rp_req = app.build_proxy_request(url_path)
	except PermissionError as err:
	raise HTTPException(status_code=400, detail=str(err)) from err
	rp_resp = await client.send(rp_req, stream=True)
	return StreamingResponse(
	rp_resp.aiter_raw(),
	status_code=rp_resp.status_code,
	headers=rp_resp.headers, # type: ignore
	background=BackgroundTask(rp_resp.aclose),
	)
	@app.head("/file={path_or_url:path}", dependencies=[Depends(login_check)])
	@app.get("/file={path_or_url:path}", dependencies=[Depends(login_check)])
	async def file(path_or_url: str, request: fastapi.Request):
	blocks = app.get_blocks()
	if utils.validate_url(path_or_url):
	return RedirectResponse(
	url=path_or_url, status_code=status.HTTP_302_FOUND
	)
	abs_path = utils.abspath(path_or_url)
	in_blocklist = any(
	utils.is_in_or_equal(abs_path, blocked_path)
	for blocked_path in blocks.blocked_paths
	)
	is_dotfile = any(part.startswith(".") for part in abs_path.parts)
	is_dir = abs_path.is_dir()
	if in_blocklist or is_dotfile or is_dir:
	raise HTTPException(403, f"File not allowed: {path_or_url}.")
	if not abs_path.exists():
	raise HTTPException(404, f"File not found: {path_or_url}.")
	in_app_dir = utils.is_in_or_equal(abs_path, app.cwd)
	created_by_app = str(abs_path) in set().union(*blocks.temp_file_sets)
	in_allowlist = any(
	utils.is_in_or_equal(abs_path, allowed_path)
	for allowed_path in blocks.allowed_paths
	)
	was_uploaded = utils.is_in_or_equal(abs_path, app.uploaded_file_dir)
	if not (in_app_dir or created_by_app or in_allowlist or was_uploaded):
	raise HTTPException(403, f"File not allowed: {path_or_url}.")
	range_val = request.headers.get("Range", "").strip()
	if range_val.startswith("bytes=") and "-" in range_val:
	range_val = range_val[6:]
	start, end = range_val.split("-")
	if start.isnumeric() and end.isnumeric():
	start = int(start)
	end = int(end)
	response = ranged_response.RangedFileResponse(
	abs_path,
	ranged_response.OpenRange(start, end),
	dict(request.headers),
	stat_result=os.stat(abs_path),
	)
	return response
	return FileResponse(abs_path, headers={"Accept-Ranges": "bytes"})
	@app.get("/file/{path:path}", dependencies=[Depends(login_check)])
	async def file_deprecated(path: str, request: fastapi.Request):
	return await file(path, request)
	@app.post("/reset/")
	@app.post("/reset")
	async def reset_iterator(body: ResetBody):
	if body.session_hash not in app.iterators:
	return {"success": False}
	async with app.lock:
	app.iterators[body.session_hash][body.fn_index] = None
	app.iterators_to_reset[body.session_hash].add(body.fn_index)
	return {"success": True}
	async def run_predict(
	body: PredictBody,
	request: Request | List[Request],
	fn_index_inferred: int,
	):
	fn_index = body.fn_index
	if hasattr(body, "session_hash"):
	if body.session_hash not in app.state_holder:
	app.state_holder[body.session_hash] = {
	_id: deepcopy(getattr(block, "value", None))
	for _id, block in app.get_blocks().blocks.items()
	if getattr(block, "stateful", False)
	}
	session_state = app.state_holder[body.session_hash]
	# The should_reset set keeps track of the fn_indices
	# that have been cancelled. When a job is cancelled,
	# the /reset route will mark the jobs as having been reset.
	# That way if the cancel job finishes BEFORE the job being cancelled
	# the job being cancelled will not overwrite the state of the iterator.
	if fn_index in app.iterators_to_reset[body.session_hash]:
	iterators = {}
	app.iterators_to_reset[body.session_hash].remove(fn_index)
	else:
	iterators = app.iterators[body.session_hash]
	else:
	session_state = {}
	iterators = {}
	event_id = getattr(body, "event_id", None)
	raw_input = body.data
	dependency = app.get_blocks().dependencies[fn_index_inferred]
	target = dependency["targets"][0] if len(dependency["targets"]) else None
	event_data = EventData(
	app.get_blocks().blocks.get(target) if target else None,
	body.event_data,
	)
	batch = dependency["batch"]
	if not (body.batched) and batch:
	raw_input = [raw_input]
	try:
	with utils.MatplotlibBackendMananger():
	output = await app.get_blocks().process_api(
	fn_index=fn_index_inferred,
	inputs=raw_input,
	request=request,
	state=session_state,
	iterators=iterators,
	event_id=event_id,
	event_data=event_data,
	)
	iterator = output.pop("iterator", None)
	if hasattr(body, "session_hash"):
	app.iterators[body.session_hash][fn_index] = iterator
	if isinstance(output, Error):
	raise output
	except BaseException as error:
	show_error = app.get_blocks().show_error or isinstance(error, Error)
	traceback.print_exc()
	return JSONResponse(
	content={"error": str(error) if show_error else None},
	status_code=500,
	)
	if not (body.batched) and batch:
	output["data"] = output["data"][0]
	return output
	# had to use '/run' endpoint for Colab compatibility, '/api' supported for backwards compatibility
	@app.post("/run/{api_name}", dependencies=[Depends(login_check)])
	@app.post("/run/{api_name}/", dependencies=[Depends(login_check)])
	@app.post("/api/{api_name}", dependencies=[Depends(login_check)])
	@app.post("/api/{api_name}/", dependencies=[Depends(login_check)])
	async def predict(
	api_name: str,
	body: PredictBody,
	request: fastapi.Request,
	username: str = Depends(get_current_user),
	):
	fn_index_inferred = None
	if body.fn_index is None:
	for i, fn in enumerate(app.get_blocks().dependencies):
	if fn["api_name"] == api_name:
	fn_index_inferred = i
	break
	if fn_index_inferred is None:
	return JSONResponse(
	content={
	"error": f"This app has no endpoint /api/{api_name}/."
	},
	status_code=500,
	)
	else:
	fn_index_inferred = body.fn_index
	if (
	not app.get_blocks().api_open
	and app.get_blocks().queue_enabled_for_fn(fn_index_inferred)
	and f"Bearer {app.queue_token}" != request.headers.get("Authorization")
	):
	raise HTTPException(
	status_code=status.HTTP_401_UNAUTHORIZED,
	detail="Not authorized to skip the queue",
	)
	# If this fn_index cancels jobs, then the only input we need is the
	# current session hash
	if app.get_blocks().dependencies[fn_index_inferred]["cancels"]:
	body.data = [body.session_hash]
	if body.request:
	if body.batched:
	gr_request = [
	Request(username=username, **req) for req in body.request
	]
	else:
	assert isinstance(body.request, dict)
	gr_request = Request(username=username, **body.request)
	else:
	gr_request = Request(username=username, request=request)
	result = await run_predict(
	body=body,
	fn_index_inferred=fn_index_inferred,
	request=gr_request,
	)
	return result
	@app.websocket("/queue/join")
	async def join_queue(
	websocket: WebSocket,
	token: Optional[str] = Depends(ws_login_check),
	):
	blocks = app.get_blocks()
	if app.auth is not None and token is None:
	await websocket.close(code=status.WS_1008_POLICY_VIOLATION)
	return
	if blocks._queue.server_path is None:
	app_url = get_server_url_from_ws_url(str(websocket.url))
	blocks._queue.set_url(app_url)
	await websocket.accept()
	# In order to cancel jobs, we need the session_hash and fn_index
	# to create a unique id for each job
	try:
	await asyncio.wait_for(
	websocket.send_json({"msg": "send_hash"}), timeout=5
	)
	except AsyncTimeOutError:
	return
	try:
	session_info = await asyncio.wait_for(
	websocket.receive_json(), timeout=5
	)
	except AsyncTimeOutError:
	return
	event = Event(
	websocket, session_info["session_hash"], session_info["fn_index"]
	)
	# set the token into Event to allow using the same token for call_prediction
	event.token = token
	event.session_hash = session_info["session_hash"]
	# Continuous events are not put in the queue so that they do not
	# occupy the queue's resource as they are expected to run forever
	if blocks.dependencies[event.fn_index].get("every", 0):
	await cancel_tasks({f"{event.session_hash}_{event.fn_index}"})
	await blocks._queue.reset_iterators(event.session_hash, event.fn_index)
	blocks._queue.continuous_tasks.append(event)
	task = run_coro_in_background(
	blocks._queue.process_events, [event], False
	)
	set_task_name(task, event.session_hash, event.fn_index, batch=False)
	else:
	rank = blocks._queue.push(event)
	if rank is None:
	await blocks._queue.send_message(event, {"msg": "queue_full"})
	await event.disconnect()
	return
	estimation = blocks._queue.get_estimation()
	await blocks._queue.send_estimation(event, estimation, rank)
	while True:
	await asyncio.sleep(1)
	if websocket.application_state == WebSocketState.DISCONNECTED:
	return
	@app.get(
	"/queue/status",
	dependencies=[Depends(login_check)],
	response_model=Estimation,
	)
	async def get_queue_status():
	return app.get_blocks()._queue.get_estimation()
	@app.post("/upload", dependencies=[Depends(login_check)])
	async def upload_file(
	files: List[UploadFile] = File(...),
	):
	output_files = []
	file_manager = gradio.File()
	for input_file in files:
	output_files.append(
	await file_manager.save_uploaded_file(
	input_file, app.uploaded_file_dir
	)
	)
	return output_files
	@app.on_event("startup")
	@app.get("/startup-events")
	async def startup_events():
	if not app.startup_events_triggered:
	app.get_blocks().startup_events()
	app.startup_events_triggered = True
	return True
	return False
	@app.get("/theme.css", response_class=PlainTextResponse)
	def theme_css():
	return PlainTextResponse(app.get_blocks().theme_css, media_type="text/css")
	@app.get("/robots.txt", response_class=PlainTextResponse)
	def robots_txt():
	if app.get_blocks().share:
	return "User-agent: *\nDisallow: /"
	else:
	return "User-agent: *\nDisallow: "
	return app
	########
	# Helper functions
	########
	def safe_join(directory: str, path: str) -> str:
	"""Safely path to a base directory to avoid escaping the base directory.
	Borrowed from: werkzeug.security.safe_join"""
	_os_alt_seps: List[str] = [
	sep for sep in [os.path.sep, os.path.altsep] if sep is not None and sep != "/"
	]
	if path == "":
	raise HTTPException(400)
	filename = posixpath.normpath(path)
	fullpath = os.path.join(directory, filename)
	if (
	any(sep in filename for sep in _os_alt_seps)
	or os.path.isabs(filename)
	or filename == ".."
	or filename.startswith("../")
	or os.path.isdir(fullpath)
	):
	raise HTTPException(403)
	if not os.path.exists(fullpath):
	raise HTTPException(404, "File not found")
	return fullpath
	def get_types(cls_set: List[Type]):
	docset = []
	types = []
	for cls in cls_set:
	doc = inspect.getdoc(cls) or ""
	doc_lines = doc.split("\n")
	for line in doc_lines:
	if "value (" in line:
	types.append(line.split("value (")[1].split(")")[0])
	docset.append(doc_lines[1].split(":")[-1])
	return docset, types
	def get_server_url_from_ws_url(ws_url: str):
	ws_url_parsed = urlparse(ws_url)
	scheme = "http" if ws_url_parsed.scheme == "ws" else "https"
	port = f":{ws_url_parsed.port}" if ws_url_parsed.port else ""
	return f"{scheme}://{ws_url_parsed.hostname}{port}{ws_url_parsed.path.replace('queue/join', '')}"
	set_documentation_group("routes")
	class Obj:
	"""
	Using a class to convert dictionaries into objects. Used by the `Request` class.
	Credit: https://www.geeksforgeeks.org/convert-nested-python-dictionary-to-object/
	"""
	def __init__(self, dict_):
	self.__dict__.update(dict_)
	for key, value in dict_.items():
	if isinstance(value, (dict, list)):
	value = Obj(value)
	setattr(self, key, value)
	def __getitem__(self, item):
	return self.__dict__[item]
	def __setitem__(self, item, value):
	self.__dict__[item] = value
	def __iter__(self):
	for key, value in self.__dict__.items():
	if isinstance(value, Obj):
	yield (key, dict(value))
	else:
	yield (key, value)
	def __contains__(self, item) -> bool:
	if item in self.__dict__:
	return True
	for value in self.__dict__.values():
	if isinstance(value, Obj) and item in value:
	return True
	return False
	def keys(self):
	return self.__dict__.keys()
	def values(self):
	return self.__dict__.values()
	def items(self):
	return self.__dict__.items()
	def __str__(self) -> str:
	return str(self.__dict__)
	def __repr__(self) -> str:
	return str(self.__dict__)
	@document()
	class Request:
	"""
	A Gradio request object that can be used to access the request headers, cookies,
	query parameters and other information about the request from within the prediction
	function. The class is a thin wrapper around the fastapi.Request class. Attributes
	of this class include: `headers`, `client`, `query_params`, and `path_params`. If
	auth is enabled, the `username` attribute can be used to get the logged in user.
	Example:
	import gradio as gr
	def echo(name, request: gr.Request):
	print("Request headers dictionary:", request.headers)
	print("IP address:", request.client.host)
	return name
	io = gr.Interface(echo, "textbox", "textbox").launch()
	"""
	def __init__(
	self,
	request: fastapi.Request | None = None,
	username: str | None = None,
	**kwargs,
	):
	"""
	Can be instantiated with either a fastapi.Request or by manually passing in
	attributes (needed for websocket-based queueing).
	Parameters:
	request: A fastapi.Request
	"""
	self.request = request
	self.username = username
	self.kwargs: Dict = kwargs
	def dict_to_obj(self, d):
	if isinstance(d, dict):
	return json.loads(json.dumps(d), object_hook=Obj)
	else:
	return d
	def __getattr__(self, name):
	if self.request:
	return self.dict_to_obj(getattr(self.request, name))
	else:
	try:
	obj = self.kwargs[name]
	except KeyError as ke:
	raise AttributeError(
	f"'Request' object has no attribute '{name}'"
	) from ke
	return self.dict_to_obj(obj)
	@document()
	def mount_gradio_app(
	app: fastapi.FastAPI,
	blocks: gradio.Blocks,
	path: str,
	gradio_api_url: str | None = None,
	app_kwargs: dict[str, Any] | None = None,
	) -> fastapi.FastAPI:
	"""Mount a gradio.Blocks to an existing FastAPI application.
	Parameters:
	app: The parent FastAPI application.
	blocks: The blocks object we want to mount to the parent app.
	path: The path at which the gradio application will be mounted.
	gradio_api_url: The full url at which the gradio app will run. This is only needed if deploying to Huggingface spaces of if the websocket endpoints of your deployed app are on a different network location than the gradio app. If deploying to spaces, set gradio_api_url to 'http://localhost:7860/'
	app_kwargs: Additional keyword arguments to pass to the underlying FastAPI app as a dictionary of parameter keys and argument values. For example, `{"docs_url": "/docs"}`
	Example:
	from fastapi import FastAPI
	import gradio as gr
	app = FastAPI()
	@app.get("/")
	def read_main():
	return {"message": "This is your main app"}
	io = gr.Interface(lambda x: "Hello, " + x + "!", "textbox", "textbox")
	app = gr.mount_gradio_app(app, io, path="/gradio")
	# Then run `uvicorn run:app` from the terminal and navigate to http://localhost:8000/gradio.
	"""
	blocks.dev_mode = False
	blocks.config = blocks.get_config_file()
	blocks.validate_queue_settings()
	gradio_app = App.create_app(blocks, app_kwargs=app_kwargs)
	@app.on_event("startup")
	async def start_queue():
	if gradio_app.get_blocks().enable_queue:
	if gradio_api_url:
	gradio_app.get_blocks()._queue.set_url(gradio_api_url)
	gradio_app.get_blocks().startup_events()
	app.mount(path, gradio_app)
	return app

gradio/test/test_routes.py

Lines 480 to 640 in 37caa2e

	while not completed:
	msg = json.loads(await ws.recv())
	if msg["msg"] == "send_data":
	await ws.send(json.dumps({"data": ["foo"], "fn_index": 0}))
	if msg["msg"] == "send_hash":
	await ws.send(json.dumps({"fn_index": 0, "session_hash": "shdce"}))
	completed = msg["msg"] == "process_completed"
	assert io._queue.server_path == "foo_url"
	@pytest.mark.parametrize(
	"ws_url,answer",
	[
	("ws://127.0.0.1:7861/queue/join", "http://127.0.0.1:7861/"),
	(
	"ws://127.0.0.1:7861/gradio/gradio/gradio/queue/join",
	"http://127.0.0.1:7861/gradio/gradio/gradio/",
	),
	(
	"wss://gradio-titanic-survival.hf.space/queue/join",
	"https://gradio-titanic-survival.hf.space/",
	),
	],
	)
	def test_get_server_url_from_ws_url(self, ws_url, answer):
	assert routes.get_server_url_from_ws_url(ws_url) == answer
	class TestDevMode:
	def test_mount_gradio_app_set_dev_mode_false(self):
	app = FastAPI()
	@app.get("/")
	def read_main():
	return {"message": "Hello!"}
	with gr.Blocks() as blocks:
	gr.Textbox("Hello from gradio!")
	app = routes.mount_gradio_app(app, blocks, path="/gradio")
	gradio_fast_api = next(
	route for route in app.routes if isinstance(route, starlette.routing.Mount)
	)
	assert not gradio_fast_api.app.blocks.dev_mode
	class TestPassingRequest:
	def test_request_included_with_regular_function(self):
	def identity(name, request: gr.Request):
	assert isinstance(request.client.host, str)
	return name
	app, _, _ = gr.Interface(identity, "textbox", "textbox").launch(
	prevent_thread_lock=True,
	)
	client = TestClient(app)
	response = client.post("/api/predict/", json={"data": ["test"]})
	assert response.status_code == 200
	output = dict(response.json())
	assert output["data"] == ["test"]
	def test_request_get_headers(self):
	def identity(name, request: gr.Request):
	assert isinstance(request.headers["user-agent"], str)
	assert isinstance(request.headers.items(), list)
	assert isinstance(request.headers.keys(), list)
	assert isinstance(request.headers.values(), list)
	assert isinstance(dict(request.headers), dict)
	user_agent = request.headers["user-agent"]
	assert "testclient" in user_agent
	return name
	app, _, _ = gr.Interface(identity, "textbox", "textbox").launch(
	prevent_thread_lock=True,
	)
	client = TestClient(app)
	response = client.post("/api/predict/", json={"data": ["test"]})
	assert response.status_code == 200
	output = dict(response.json())
	assert output["data"] == ["test"]
	def test_request_includes_username_as_none_if_no_auth(self):
	def identity(name, request: gr.Request):
	assert request.username is None
	return name
	app, _, _ = gr.Interface(identity, "textbox", "textbox").launch(
	prevent_thread_lock=True,
	)
	client = TestClient(app)
	response = client.post("/api/predict/", json={"data": ["test"]})
	assert response.status_code == 200
	output = dict(response.json())
	assert output["data"] == ["test"]
	def test_request_includes_username_with_auth(self):
	def identity(name, request: gr.Request):
	assert request.username == "admin"
	return name
	app, _, _ = gr.Interface(identity, "textbox", "textbox").launch(
	prevent_thread_lock=True, auth=("admin", "password")
	)
	client = TestClient(app)
	client.post(
	"/login",
	data={"username": "admin", "password": "password"},
	)
	response = client.post("/api/predict/", json={"data": ["test"]})
	assert response.status_code == 200
	output = dict(response.json())
	assert output["data"] == ["test"]
	def test_predict_route_is_blocked_if_api_open_false():
	io = Interface(lambda x: x, "text", "text", examples=[["freddy"]]).queue(
	api_open=False
	)
	app, _, _ = io.launch(prevent_thread_lock=True)
	assert not io.show_api
	client = TestClient(app)
	result = client.post(
	"/api/predict", json={"fn_index": 0, "data": [5], "session_hash": "foo"}
	)
	assert result.status_code == 401
	def test_predict_route_not_blocked_if_queue_disabled():
	with Blocks() as demo:
	input = Textbox()
	output = Textbox()
	number = Number()
	button = Button()
	button.click(
	lambda x: f"Hello, {x}!", input, output, queue=False, api_name="not_blocked"
	)
	button.click(lambda: 42, None, number, queue=True, api_name="blocked")
	app, _, _ = demo.queue(api_open=False).launch(
	prevent_thread_lock=True, show_api=True
	)
	assert not demo.show_api
	client = TestClient(app)
	result = client.post("/api/blocked", json={"data": [], "session_hash": "foo"})
	assert result.status_code == 401
	result = client.post(
	"/api/not_blocked", json={"data": ["freddy"], "session_hash": "foo"}
	)
	assert result.status_code == 200
	assert result.json()["data"] == ["Hello, freddy!"]
	def test_predict_route_not_blocked_if_routes_open():
	with Blocks() as demo:
	input = Textbox()
	output = Textbox()
	button = Button()
	button.click(

gradio/demo/hello_login/run.py

Lines 1 to 14 in 37caa2e

	import gradio as gr
	user_db = {"admin": "admin", "foo": "bar"}
	def greet(name):
	return "Hello " + name + "!!"
	demo = gr.Interface(fn=greet, inputs="text", outputs="text")
	if __name__ == "__main__":
	demo.launch(enable_queue=False,
	auth=lambda u, p: user_db.get(u) == p,
	auth_message="This is a welcome message")

gradio/test/test_interfaces.py

Lines 1 to 67 in 37caa2e

	import io
	import sys
	import unittest.mock as mock
	from contextlib import contextmanager
	from functools import partial
	from string import capwords
	import pytest
	import requests
	from fastapi.testclient import TestClient
	import gradio
	from gradio.blocks import Blocks, get_api_info
	from gradio.components import Image, Textbox
	from gradio.interface import Interface, TabbedInterface, close_all, os
	from gradio.layouts import TabItem, Tabs
	from gradio.utils import assert_configs_are_equivalent_besides_ids
	@contextmanager
	def captured_output():
	new_out, new_err = io.StringIO(), io.StringIO()
	old_out, old_err = sys.stdout, sys.stderr
	try:
	sys.stdout, sys.stderr = new_out, new_err
	yield sys.stdout, sys.stderr
	finally:
	sys.stdout, sys.stderr = old_out, old_err
	class TestInterface:
	def test_close(self):
	io = Interface(lambda input: None, "textbox", "label")
	_, local_url, _ = io.launch(prevent_thread_lock=True)
	response = requests.get(local_url)
	assert response.status_code == 200
	io.close()
	with pytest.raises(Exception):
	response = requests.get(local_url)
	def test_close_all(self):
	interface = Interface(lambda input: None, "textbox", "label")
	interface.close = mock.MagicMock()
	close_all()
	interface.close.assert_called()
	def test_no_input_or_output(self):
	with pytest.raises(TypeError):
	Interface(lambda x: x, examples=1234)
	def test_partial_functions(self):
	def greet(name, formatter):
	return formatter(f"Hello {name}!")
	greet_upper_case = partial(greet, formatter=capwords)
	demo = Interface(fn=greet_upper_case, inputs="text", outputs="text")
	assert demo("abubakar") == "Hello Abubakar!"
	def test_input_labels_extracted_from_method(self):
	class A:
	def test(self, parameter_name):
	return parameter_name
	t = Textbox()
	Interface(A().test, t, "text")
	assert t.label == "parameter_name"

gradio/demo/blocks_hello/run.py

Lines 1 to 16 in 37caa2e

	import gradio as gr
	def welcome(name):
	return f"Welcome to Gradio, {name}!"
	with gr.Blocks() as demo:
	gr.Markdown(
	"""
	# Hello World!
	Start typing below to see the output.
	""")
	inp = gr.Textbox(placeholder="What is your name?")
	out = gr.Textbox()
	inp.change(welcome, inp, out)
	if __name__ == "__main__":

I also found the following external resources that might be helpful:

Summaries of links found in the content:

---

Step 2: 🧐 Snippet Analysis

From looking through the relevant snippets, I decided to make the following modifications:

File Path	Proposed Changes
gradio/routes.py	In the login route, modify the code to strip the username input using the strip() method before processing it.

---

Step 3: 📝 Planning

I have created a plan for writing the pull request. I am now working my plan and coding the required changes to address this issue. Here is the planned pull request:

Strip username before login and add unit test within test_post_login
sweep/strip-username-login

Description

This PR addresses the issue of spaces being kept at the beginning and end of the username's Textbox on the login page in gradio. The username input is modified to strip any leading or trailing spaces before processing it. This ensures a clean and consistent username input, improving the user experience.

Summary of Changes

• Modified the login route in gradio/routes.py to strip the username input using the strip() method before processing it.
• Added a unit test within test_post_login to verify the functionality of the username stripping.

Please review and merge this PR. Thank you!

---

Step 4: ⌨️ Coding

I have finished coding the issue. I am now reviewing it for completeness.

---

Step 5: 🔁 Code Review

Success! 🚀

---

To recreate the pull request, leave a comment prefixed with "sweep:" or edit the issue.
^{Join Our Discord}

[wwzeng1]

@abidlabs I'm going to create a separate issue, we currently read all of the non-bot issue comments so this may be noisy. Thanks for trying Sweep!

[wwzeng1]

https://github.com/gradio-app/gradio/pull/5104/files Here's the PR!

[abidlabs]

Closed by #5104