def login_to_app(response: Response, credentials: HTTPBasicCredentials = Depends(HTTPBasic())): if credentials.username in app.users and credentials.password == app.users[credentials.username]: session_token = sha256(bytes(f"{credentials.username}{credentials.password}{app.secret}", encoding='utf8')).hexdigest() app.tokens[session_token] = credentials.username response.set_cookie(key="session_token", value=session_token) print(session_token) response.status_code = 307 response.headers['Location'] = "/welcome" return response else: raise HTTPException(status_code=401, detail="Niepoprawny login lub hasło")
def __init__(self, *args, **kwargs): super().__init__(*args, **kwargs) # self.counter: int = 0 self.patients: Dict[int, PatientModel] = {} self.security = HTTPBasic(auto_error=False) self.secret_key = SECRET_KEY self.API_KEY = SESSION_TOKEN self.cookie_sec = APIKeyCookie(name=self.API_KEY, auto_error=False) self.templates = Jinja2Templates(directory="templates") self.user = {'login': '******', 'password': '******'}
def basic_authentication(credentials: HTTPBasicCredentials = Depends(HTTPBasic())) -> str: correct_username = secrets.compare_digest("jes", credentials.username) # reduce the risk of timing attacks bd_hashed_password = bcrypt.hashpw(b"pass", bcrypt.gensalt()) correct_password = bcrypt.checkpw(credentials.password.encode('utf-8'), bd_hashed_password) print('token:', secrets.token_urlsafe(16)) # secrets.token_hex(16) print('pass:', bd_hashed_password) # secrets.token_hex(16) if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect user or password", ) return credentials.username
def path_login(response: Response, credentials: HTTPBasicCredentials = Depends(HTTPBasic())): Valid_username = secrets.compare_digest(credentials.username, 'trudnY') Valid_password = secrets.compare_digest(credentials.password, 'PaC13Nt') if not (Valid_username and Valid_password): raise HTTPException(status_code=401, detail='Invalid login or password') session_token = sha256( bytes(f'{credentials.username}{credentials.password}{app.secret_key}', encoding='utf8')).hexdigest() app.session_tokens.append(session_token) response.set_cookie(key='session_token', value=session_token) response.headers["Location"] = '/welcome' response.status_code = status.HTTP_302_FOUND
def get_current_user(response: Response, credentials: HTTPBasicCredentials = Depends(HTTPBasic())): correct_username = secrets.compare_digest(credentials.username, "trudnY") correct_password = secrets.compare_digest(credentials.password, "PaC13Nt") if not (correct_username and correct_password): raise HTTPException(status_code=401, detail="Incorrect email or password") session_token = sha256( bytes(f"{credentials.username}{credentials.password}{app.secret_key}", encoding='utf8')).hexdigest() app.session_tokens.append(session_token) response.set_cookie(key="session_token", value=session_token) response.headers["Location"] = "/welcome" response.status_code = status.HTTP_302_FOUND
def login(response: Response, credentials: HTTPBasicCredentials = Depends(HTTPBasic())): if credentials.username in app.users and app.users[ credentials.username] == credentials.password: session_token = sha256( bytes(f"{credentials.username}{credentials.password}{app.secret}", encoding="utf8")).hexdigest() response.set_cookie(key="session_token", value=session_token) app.session_tokens.append(session_token) response.status_code = 302 response.headers["Location"] = '/welcome' print(session_token) return response else: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED)
def basic_auth(credentials: HTTPBasicCredentials = Depends(HTTPBasic())) -> str: correct_username = compare_digest( credentials.username, str(os.getenv("BASIC_AUTH_USERNAME", "test_username")) ) correct_password = compare_digest( credentials.password, str(os.getenv("BASIC_AUTH_PASSWORD", "plunge-germane-tribal-pillar")), ) if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect username or password", headers={"WWW-Authenticate": "Basic"}, ) return credentials.username
async def authenticate_user( request: Request, credentials: HTTPBasicCredentials = Depends(HTTPBasic()) ) -> str: """ [Method for authenticating user credentials.] Args: request (Request): [API request object.] credentials (HTTPBasicCredentials, optional): [User credentials.]. Defaults to Depends( HTTPBasic()). Raises: HTTPException: [Incorrect password.] HTTPException: [Inactive user.] HTTPException: [Unauthorized user.] Returns: str: [Username for user.] """ IP = request.client.host _username = credentials.username password = credentials.password query = users.select().where(users.c.username == _username) user = await users_database.fetch_one(query) if user: if user['active']: user_salt = user['salt'] user_password = user['password'] if verify_hash(password + user_salt, user_password): return _username else: logger.warning( 'Failed authentication attempt was made with incorrect ' f'password for user {_username} with IP address {IP}.') raise HTTPException(status_code=401, detail="Incorrect password.") else: logger.warning( 'Failed authentication attempt was made for inactive ' f'user {_username} with IP address {IP}.') raise HTTPException(status_code=401, detail=f"User {_username} is inactive.") else: logger.warning( 'Failed authentication attempt was made for unauthorized ' f'user {_username} with IP address {IP}.') raise HTTPException(status_code=401, detail=f"Unauthorized user {_username}.")
class UserInventory: security = HTTPBasic() userDB = { "aslan": { "password": "******", "role": "k8s-admin", }, "cansin": { "password": "******", "role": "guest", } } @classmethod def checkAuth(cls, credentials: HTTPBasicCredentials = Depends(security)): user = cls.getUser(credentials.username) if user: correct_password = secrets.compare_digest(credentials.password, user.get("password")) if correct_password: return credentials.username raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials", headers={"WWW-Authenticate": "Basic"}, ) @classmethod def getUser(cls, user: str = None): if user: return cls.userDB.get(user) return cls.userDB @classmethod def getCurrentUser(cls, credentials: HTTPBasicCredentials = Depends(security)): user = cls.getUser(credentials.username) if not user: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="User not found", headers={"WWW-Authenticate": "Basic"}, ) return User(userName=credentials.username, password=credentials.password, role=user.get("role"))
async def basic_auth(credentials: HTTPBasicCredentials = Depends(HTTPBasic())) -> str: """Authenticate a FastAPI request with HTTP Basic auth.""" basic_auth_username = os.getenv("BASIC_AUTH_USERNAME") basic_auth_password = os.getenv("BASIC_AUTH_PASSWORD") if not (basic_auth_username and basic_auth_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Server HTTP Basic auth credentials not set", headers={"WWW-Authenticate": "Basic"}, ) correct_username = secrets.compare_digest(credentials.username, basic_auth_username) correct_password = secrets.compare_digest(credentials.password, basic_auth_password) if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="HTTP Basic auth credentials not correct", headers={"WWW-Authenticate": "Basic"}, ) return credentials.username
async def __call__( self, basic_credentials: Optional[HTTPBasicCredentials] = Depends( HTTPBasic(auto_error=False)), post_credentials: Optional[HTTPBasicCredentials] = Security( ClientIdSecretQuery(auto_error=False)), ) -> dict: credentials = post_credentials or basic_credentials if not credentials: raise HTTPException(status_code=HTTP_403_FORBIDDEN, detail="Not authenticated") client_data = await async_client_collection.find_one({ '_id': credentials.username, 'client_secret': credentials.password }) if client_data is None: raise HTTPException(status_code=HTTP_403_FORBIDDEN, detail="Not authenticated") return client_data
import secrets from typing import Optional, Union from fastapi import Depends, status from fastapi.exceptions import HTTPException from fastapi.security import HTTPBasic, HTTPBasicCredentials from passlib.context import CryptContext from ..modals.collection import Collection from ..modals.file import FileInDB from ..modals.user import UserBase, UserInDB from .db import get_conn, r auth_required = HTTPBasic() auth_optional = HTTPBasic(auto_error=False) pwd_context = CryptContext(schemes=["argon2", "bcrypt"], default="argon2", deprecated=["bcrypt"]) def process_basic_auth( credentials: HTTPBasicCredentials) -> Optional[UserBase]: with get_conn() as conn: user_information = r.table("users").get(credentials.username).run(conn) if not user_information: return None user_information_parsed = UserInDB.parse_obj(user_information) if not (secrets.compare_digest(credentials.username, user_information_parsed.username)
from fastapi import Depends, HTTPException, Security, status from fastapi.security import HTTPBasic, HTTPBasicCredentials from pydantic.types import PositiveInt from ...db.repositories.api_keys import ApiKeysRepository from ...db.repositories.users import UsersRepository from .database import get_repository # SEE https://swagger.io/docs/specification/authentication/basic-authentication/ basic_scheme = HTTPBasic() def _create_exception(): _unauthorized_headers = { "WWW-Authenticate": f'Basic realm="{basic_scheme.realm}"' if basic_scheme.realm else "Basic" } return HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid API credentials", headers=_unauthorized_headers, ) async def get_current_user_id( credentials: HTTPBasicCredentials = Security(basic_scheme), apikeys_repo: ApiKeysRepository = Depends( get_repository(ApiKeysRepository)), ) -> PositiveInt: user_id = await apikeys_repo.get_user_id(api_key=credentials.username,
import hashlib from fastapi import status, Depends, HTTPException from fastapi.security import HTTPBasic, HTTPBasicCredentials http_security = HTTPBasic() def get_password_hash(password: str) -> str: return hashlib.sha512(password.encode()).hexdigest() async def authenticate(credentials: HTTPBasicCredentials = Depends( http_security)) -> str: from app.usecases.user import UserUseCase if not await UserUseCase.authenticate_user(credentials.username, credentials.password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect email or password", headers={"WWW-Authenticate": "Basic"}, ) return credentials.username
def get_security(sec=Security(HTTPBasic())): return sec
from fastapi import Depends, FastAPI, HTTPException, Path, Request, status from fastapi.responses import JSONResponse from fastapi.security import HTTPBasic, HTTPBasicCredentials from loguru import logger from .models import LightOperation, LightDescription, EndPoint from ..__version__ import __version__ from ..effects import rainbow, pulse, flash_lights_impressively from ..manager import LightManager, BlinkSpeed from ..manager import LightIdRangeError, ColorLookupError from ..manager import ALL_LIGHTS from ..color import rgb_to_hex # FastAPI Security Scheme busylightapi_security = HTTPBasic() class BusylightAPI(FastAPI): def __init__(self): # Set up authentication, if env. variables set dependencies = [] try: self.username = environ['BUSYLIGHT_API_USER'] self.password = environ['BUSYLIGHT_API_PASS'] dependencies.append(Depends(self.authenticate_user)) except KeyError: # Env. variables not set, so auth disabled self.username = None self.password = None
import os from fastapi import FastAPI, Depends, HTTPException from fastapi.security import HTTPBasic, HTTPBasicCredentials from starlette.responses import JSONResponse from models import Customer as MongoCustomer, Product as MongoProduct from schemas import BaseCustomer, Customer, Product API_USER = os.environ.get('API_USER', None) API_PASSWORD = os.environ.get('API_PASSWORD', None) app = FastAPI() security = HTTPBasic(realm="simple") # TODO: see future decorator options def assert_credentials(credentials: HTTPBasicCredentials = Depends(security)): if not all([credentials.username==API_USER, credentials.password==API_PASSWORD]): raise HTTPException(status_code=401, detail="Invalid credentials!") @app.get("/") def api_version(credentials: HTTPBasicCredentials = Depends(assert_credentials)): return { "version": "v1.0.0", "docs": "To see the docs access the url /docs", }
from functools import lru_cache from fakeredis import FakeRedis from fastapi import Depends from fastapi.exceptions import HTTPException from fastapi.security import HTTPBasic, HTTPBasicCredentials from redis import Redis from .schemas import User from .utils import Settings basic = HTTPBasic() @lru_cache def get_settings() -> Settings: return Settings() @lru_cache def get_redis() -> Redis: settings = get_settings() if settings.SCORETRACKER_TESTING_MODE: return FakeRedis(decode_responses=True) if settings.REDIS_URL is None: return Redis(decode_responses=True) return Redis.from_url(settings.REDIS_URL, decode_responses=True) def get_current_user( creds: HTTPBasicCredentials = Depends(basic), redis: Redis = Depends(get_redis)
UnauthorizedResponse, VpnWaitlistSchema, ) app = FastAPI( title="ConTact Management System (CTMS)", description="CTMS API (work in progress)", version="1.1.3", ) SessionLocal = None METRICS_REGISTRY = CollectorRegistry() METRICS = None get_metrics_registry = lambda: METRICS_REGISTRY get_metrics = lambda: METRICS oauth2_scheme = OAuth2ClientCredentials(tokenUrl="token") token_scheme = HTTPBasic(auto_error=False) @lru_cache() def get_settings() -> config.Settings: return config.Settings() # Initialize Sentry for each thread, unless we're in tests if "pytest" not in sys.argv[0]: # pragma: no cover init_sentry() app.add_middleware(SentryAsgiMiddleware) @app.on_event("startup") def startup_event(): # pragma: no cover
from CommonServerPython import * from CommonServerUserPython import * sample_events_to_store = deque(maxlen=20) # type: ignore[var-annotated] class Incident(BaseModel): name: Optional[str] = None type: Optional[str] = None occurred: Optional[str] = None raw_json: Optional[Dict] = None app = FastAPI(docs_url=None, redoc_url=None, openapi_url=None) basic_auth = HTTPBasic(auto_error=False) token_auth = APIKeyHeader(auto_error=False, name='Authorization') class GenericWebhookAccessFormatter(AccessFormatter): def get_user_agent(self, scope: Dict) -> str: headers = scope.get('headers', []) user_agent_header = list( filter(lambda header: header[0].decode() == 'user-agent', headers)) user_agent = '' if len(user_agent_header) == 1: user_agent = user_agent_header[0][1].decode() return user_agent def formatMessage(self, record): recordcopy = copy(record)
from fastapi import APIRouter, Body, Depends, HTTPException from fastapi import Header, Security from authentication.models.users import User from fastapi.security import HTTPBasic, HTTPBasicCredentials, APIKeyHeader from typing import List from starlette.responses import Response from fastapi.encoders import jsonable_encoder from authentication.interfaces.database import database import jwt from starlette.status import HTTP_400_BAD_REQUEST, HTTP_401_UNAUTHORIZED from datetime import datetime, timedelta from hashlib import sha256 from authentication.interfaces.token import verify_token router = APIRouter() security = HTTPBasic(auto_error=True) api_key = APIKeyHeader(name="x-api-key", auto_error=True) @router.post("/login", tags=["token"]) async def renew_token( response: Response, user: dict = Depends(verify_token), x_api_key: str = Header(None), ): response.headers["x-api-key"] = x_api_key return {"verified": True, "user": user["email"]} @router.put("/login", tags=["token"]) async def renew_token(response: Response, user: dict = Depends(verify_token)):
def boot_admin_server(registration_tracker: RegistrationTrackerFixture) -> Generator: boot_admin_app = FastAPI( title="Boot Admin Mock Server", description="Demonstrate Spring Boot Admin Integration with FastAPI", docs_url="/api", ) security = HTTPBasic() def get_current_username(credentials: HTTPBasicCredentials = Depends(security)) -> str: correct_username = secrets.compare_digest(credentials.username, "moo") correct_password = secrets.compare_digest(credentials.password, "haha") if not (correct_username and correct_password): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Moo haha", ) return credentials.username # pylint: disable=unused-variable @boot_admin_app.post("/register", tags=["admin-server"]) def register(registration: RegistrationRequest) -> Dict[str, str]: logging.debug("Got registration post %s, %d registrations since %s", registration, registration_tracker.count, registration_tracker.start_time) registration_tracker.registration = registration registration_tracker.count += 1 if registration_tracker.start_time is None: registration_tracker.start_time = registration.metadata["startup"] return {"id": "JB007"} # pylint: disable=unused-variable @boot_admin_app.post("/register-with-basic-auth", tags=["admin-server"]) def register_with_basic_auth( registration: RegistrationRequest, username: str = Depends(get_current_username)) -> Dict[str, str]: logging.debug("Got registration post %s from %s, %d registrations since %s", registration, username, registration_tracker.count, registration_tracker.start_time) registration_tracker.registration = registration registration_tracker.count += 1 if registration_tracker.start_time is None: registration_tracker.start_time = registration.metadata["startup"] return {"id": "JB007"} # pylint: disable=unused-argument,unused-variable @boot_admin_app.delete("/register/{registration_id}", tags=["admin-server"]) def deregister(registration_id: str) -> None: logging.debug("Got deregistration, delete %s (previous deregistration time is %s)", registration_id, registration_tracker.deregistration_time) registration_tracker.deregistration_time = datetime.now(timezone.utc) # Start the mock boot-admin server that is needed to test pyctuator's registration boot_admin_config = Config(app=boot_admin_app, port=8001, loop="asyncio") boot_admin_server = CustomServer(config=boot_admin_config) boot_admin_thread = threading.Thread(target=boot_admin_server.run) boot_admin_thread.start() while not boot_admin_server.started: time.sleep(0.01) # Yield back to pytest until the module is done yield None boot_admin_server.should_exit = True boot_admin_server.force_exit = True boot_admin_thread.join()
import logging from fastapi import APIRouter, Depends from fastapi.security import HTTPBasic, HTTPBasicCredentials from app.config import get_settings, Settings from app.core.security.utils import get_auth_mode, create_access_token from app.models.pydantic.token import Token router = APIRouter() httpbasic = HTTPBasic() log = logging.getLogger(__name__) @router.post("/token", response_model=Token) async def get_access_token( credentials: HTTPBasicCredentials = Depends(httpbasic), settings: Settings = Depends(get_settings), ): auth_mode = get_auth_mode(settings.AUTH_MODE) auth = auth_mode(credentials.username, credentials.password) await auth.aauthenticate( ) if auth_mode.concurrency == "async" else auth.authenticate() expiry, key, algorithm = ( settings.AUTH_TOKEN_EXPIRY, settings.AUTH_KEY, settings.TOKEN_ALGORITHM, )
from fastapi import Depends, HTTPException, status from fastapi.security import HTTPBasic, HTTPBasicCredentials from configparser import ConfigParser security_scheme = HTTPBasic() def check_credentials( credentials: HTTPBasicCredentials = Depends(security_scheme)): valid_login = False login_information = ConfigParser() login_information.read('config.ini') login_information = login_information['CREDENTIALS'] if credentials.username in login_information: if login_information[credentials.username] == credentials.password: valid_login = True if not valid_login: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect email or password", headers={"WWW-Authenticate": "Basic"}, ) else: return credentials.username
from database.Influx import Influx from classes.IcicleSpyPackage import IcicleSpyPackage if __name__ == '__main__': parser = argparse.ArgumentParser() parser.add_argument('--port', type=int, default=8000) parser.add_argument('--config', type=str, required=True) args = parser.parse_args() print(args) cfg = json.loads(open(args.config, 'r').read()) app = FastAPI() user_security = HTTPBasic() device_auth = DeviceAuth(cfg['device_security']['login'], cfg['device_security']['password']) device_security = HTTPBasic() influx_db = Influx(host=cfg['influx']['url'], token=cfg['influx']['token'], org=cfg['influx']['org'], bucket=cfg['influx']['bucket']) mysql_db = MySQL(host=cfg['mysql']['host'], port=cfg['mysql']['port'], user=cfg['mysql']['user'], password=cfg['mysql']['password'])
from fastapi import FastAPI, File, UploadFile, Form, Depends, HTTPException, status from fastapi.responses import HTMLResponse from uuid import uuid4 from utils.file import dump_uploaded_file ## --------------- Authentication --------------- ## PRODUCTION_MODE = True import secrets from fastapi.security import HTTPBasic, HTTPBasicCredentials if PRODUCTION_MODE: security = Depends(HTTPBasic()) # TODO: Use DB for authentication with open('credentials.json') as f: CREDENTIALS = json.load(f) else: security = None def authenticate(credentials: HTTPBasicCredentials = security): if not PRODUCTION_MODE: return True if credentials.username in CREDENTIALS and secrets.compare_digest( credentials.password, CREDENTIALS[credentials.username]): return True # Authenticated!
from base64 import b64encode from typing import Optional from fastapi import FastAPI, Security from fastapi.security import HTTPBasic, HTTPBasicCredentials from fastapi.testclient import TestClient from requests.auth import HTTPBasicAuth app = FastAPI() security = HTTPBasic(auto_error=False) @app.get("/users/me") def read_current_user( credentials: Optional[HTTPBasicCredentials] = Security(security)): if credentials is None: return {"msg": "Create an account first"} return {"username": credentials.username, "password": credentials.password} client = TestClient(app) openapi_schema = { "openapi": "3.0.2", "info": { "title": "FastAPI", "version": "0.1.0" }, "paths": { "/users/me": {
from fastapi import Depends, FastAPI, HTTPException from fastapi.security import HTTPBasic, HTTPBasicCredentials from pydantic import BaseModel from http import HTTPStatus from .cipher import RSA_Logic from passlib.context import CryptContext app = FastAPI() # API's instance security = HTTPBasic() # Security instance ''' Cipher parameters ''' public, private = RSA_Logic.generate_keys() # RSA keys generator pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") # password hash method ''' API models ''' ciph_db = [] # Basic database used to encoding and decoding users_db = { # Basic database with one user used to authentication "hubertkniola": { "username": "******", "hashed_password": pwd_context.hash('password'), # 'password' in hash "disabled": False, } }
# intercept everything at the root logger logging.root.handlers = [handler] logging.root.setLevel(logging.DEBUG) # remove every other logger's handlers # and propagate to root logger for name in logging.root.manager.loggerDict.keys(): logging.getLogger(name).handlers = [] logging.getLogger(name).propagate = True logger = logging.getLogger(__name__) app = FastAPI() security = HTTPBasic() @dataclasses.dataclass class Config: username: str password: str use_security: bool save_dir: Path url: str config: Config def get_ip():
from base64 import b64encode from fastapi import FastAPI, Security from fastapi.security import HTTPBasic, HTTPBasicCredentials from fastapi.testclient import TestClient from requests.auth import HTTPBasicAuth app = FastAPI() security = HTTPBasic(realm="simple", description="HTTPBasic scheme") @app.get("/users/me") def read_current_user(credentials: HTTPBasicCredentials = Security(security)): return {"username": credentials.username, "password": credentials.password} client = TestClient(app) openapi_schema = { "openapi": "3.0.2", "info": { "title": "FastAPI", "version": "0.1.0" }, "paths": { "/users/me": { "get": { "responses": { "200": { "description": "Successful Response",