def test_that_oidc_info_is_returned(app, client): security = FastAPISecurity() @app.get("/users/me") async def get_user_details(user: User = Depends(security.user_with_info)): """Return user details, regardless of whether user is authenticated or not""" return user.without_access_token() security.init_oauth2_through_oidc(dummy_oidc_url, audiences=[dummy_audience]) access_token = make_access_token(sub="test-subject") with aioresponses() as mock: mock.get( dummy_oidc_url, payload={ "userinfo_endpoint": dummy_userinfo_endpoint_url, "jwks_uri": dummy_jwks_uri, }, ) mock.get(dummy_jwks_uri, payload=dummy_jwks_response_data) mock.get(dummy_userinfo_endpoint_url, payload={"nickname": "jacobsvante"}) resp = client.get("/users/me", headers={"Authorization": f"Bearer {access_token}"}) assert resp.status_code == 200 data = resp.json() assert data["info"]["nickname"] == "jacobsvante"
def test_that_user_with_info_dependency_works_authenticated(app, client, caplog): import logging caplog.set_level(logging.DEBUG) security = FastAPISecurity() @app.get("/users/me") def get_user_info(user: User = Depends(security.user_with_info)): return user.without_access_token() security.init_oauth2_through_oidc(dummy_oidc_url, audiences=[dummy_audience]) with aioresponses() as mock: mock.get( dummy_oidc_url, payload={ "userinfo_endpoint": dummy_userinfo_endpoint_url, "jwks_uri": dummy_jwks_uri, }, ) mock.get(dummy_jwks_uri, payload=dummy_jwks_response_data) mock.get(dummy_userinfo_endpoint_url, payload={"nickname": "jacobsvante"}) token = make_access_token(sub="GMqBbybGfBQeR6NgCY4NyXKnpFzaaTAn@clients") resp = client.get("/users/me", headers={"Authorization": f"Bearer {token}"}) assert resp.status_code == 200 data = resp.json() info = data["info"] assert info["nickname"] == "jacobsvante"
def test_that_auth_can_be_enabled_through_oidc(app, client): security = FastAPISecurity() @app.get("/") def get_products(user: User = Depends(security.authenticated_user_or_401)): return [] security.init_oauth2_through_oidc(dummy_oidc_url, audiences=[dummy_audience]) access_token = make_access_token(sub="test-subject") with aioresponses() as mock: mock.get( dummy_oidc_url, payload={ "userinfo_endpoint": dummy_userinfo_endpoint_url, "jwks_uri": dummy_jwks_uri, }, ) mock.get(dummy_jwks_uri, payload=dummy_jwks_response_data) mock.get(dummy_userinfo_endpoint_url, payload={"nickname": "jacobsvante"}) unauthenticated_resp = client.get("/") assert unauthenticated_resp.status_code == 401 authenticated_resp = client.get( "/", headers={"Authorization": f"Bearer {access_token}"}) assert authenticated_resp.status_code == 200
def test_that_authenticated_user_with_info_or_401_works_as_expected(app, client): security = FastAPISecurity() @app.get("/users/me") def get_user_info( user: User = Depends(security.authenticated_user_with_info_or_401), ): return user.without_access_token() security.init_oauth2_through_oidc(dummy_oidc_url, audiences=[dummy_audience]) security.init_basic_auth([{"username": "******", "password": "******"}]) with aioresponses() as mock: mock.get( dummy_oidc_url, payload={ "userinfo_endpoint": dummy_userinfo_endpoint_url, "jwks_uri": dummy_jwks_uri, }, ) mock.get(dummy_jwks_uri, payload=dummy_jwks_response_data) mock.get(dummy_userinfo_endpoint_url, payload={"nickname": "jacobsvante"}) token = make_access_token(sub="GMqBbybGfBQeR6NgCY4NyXKnpFzaaTAn@clients") resp = client.get("/users/me", headers={"Authorization": f"Bearer {token}"}) assert resp.status_code == 200 info = resp.json()["info"] assert info["nickname"] == "jacobsvante" # Basic auth resp = client.get("/users/me", auth=("a", "b")) assert resp.status_code == 200 info = resp.json()["info"] assert info["nickname"] is None # Unauthenticated resp = client.get("/users/me") assert resp.status_code == 401 assert resp.json() == {"detail": "Could not validate credentials"}
from . import db from .models import Product from .settings import get_settings app = FastAPI() settings = get_settings() security = FastAPISecurity() if settings.basic_auth_credentials: security.init_basic_auth(settings.basic_auth_credentials) if settings.oidc_discovery_url: security.init_oauth2_through_oidc( settings.oidc_discovery_url, audiences=settings.oauth2_audiences, ) elif settings.oauth2_jwks_url: security.init_oauth2_through_jwks( settings.oauth2_jwks_url, audiences=settings.oauth2_audiences, ) security.add_permission_overrides(settings.permission_overrides or {}) logger = logging.getLogger(__name__) create_product_perm = security.user_permission("products:create") @app.get("/users/me")