def test_that_oidc_info_is_returned(app, client):
security = FastAPISecurity()
@app.get("/users/me")
async def get_user_details(user: User = Depends(security.user_with_info)):
"""Return user details, regardless of whether user is authenticated or not"""
return user.without_access_token()
security.init_oauth2_through_oidc(dummy_oidc_url,
audiences=[dummy_audience])
access_token = make_access_token(sub="test-subject")
with aioresponses() as mock:
mock.get(
dummy_oidc_url,
payload={
"userinfo_endpoint": dummy_userinfo_endpoint_url,
"jwks_uri": dummy_jwks_uri,
},
)
mock.get(dummy_jwks_uri, payload=dummy_jwks_response_data)
mock.get(dummy_userinfo_endpoint_url,
payload={"nickname": "jacobsvante"})
resp = client.get("/users/me",
headers={"Authorization": f"Bearer {access_token}"})
assert resp.status_code == 200
data = resp.json()
assert data["info"]["nickname"] == "jacobsvante"
def test_that_user_with_info_dependency_works_authenticated(app, client, caplog):
import logging
caplog.set_level(logging.DEBUG)
security = FastAPISecurity()
@app.get("/users/me")
def get_user_info(user: User = Depends(security.user_with_info)):
return user.without_access_token()
security.init_oauth2_through_oidc(dummy_oidc_url, audiences=[dummy_audience])
with aioresponses() as mock:
mock.get(
dummy_oidc_url,
payload={
"userinfo_endpoint": dummy_userinfo_endpoint_url,
"jwks_uri": dummy_jwks_uri,
},
)
mock.get(dummy_jwks_uri, payload=dummy_jwks_response_data)
mock.get(dummy_userinfo_endpoint_url, payload={"nickname": "jacobsvante"})
token = make_access_token(sub="GMqBbybGfBQeR6NgCY4NyXKnpFzaaTAn@clients")
resp = client.get("/users/me", headers={"Authorization": f"Bearer {token}"})
assert resp.status_code == 200
data = resp.json()
info = data["info"]
assert info["nickname"] == "jacobsvante"
def test_that_auth_can_be_enabled_through_oidc(app, client):
security = FastAPISecurity()
@app.get("/")
def get_products(user: User = Depends(security.authenticated_user_or_401)):
return []
security.init_oauth2_through_oidc(dummy_oidc_url,
audiences=[dummy_audience])
access_token = make_access_token(sub="test-subject")
with aioresponses() as mock:
mock.get(
dummy_oidc_url,
payload={
"userinfo_endpoint": dummy_userinfo_endpoint_url,
"jwks_uri": dummy_jwks_uri,
},
)
mock.get(dummy_jwks_uri, payload=dummy_jwks_response_data)
mock.get(dummy_userinfo_endpoint_url,
payload={"nickname": "jacobsvante"})
unauthenticated_resp = client.get("/")
assert unauthenticated_resp.status_code == 401
authenticated_resp = client.get(
"/", headers={"Authorization": f"Bearer {access_token}"})
assert authenticated_resp.status_code == 200
def test_that_authenticated_user_with_info_or_401_works_as_expected(app, client):
security = FastAPISecurity()
@app.get("/users/me")
def get_user_info(
user: User = Depends(security.authenticated_user_with_info_or_401),
):
return user.without_access_token()
security.init_oauth2_through_oidc(dummy_oidc_url, audiences=[dummy_audience])
security.init_basic_auth([{"username": "******", "password": "******"}])
with aioresponses() as mock:
mock.get(
dummy_oidc_url,
payload={
"userinfo_endpoint": dummy_userinfo_endpoint_url,
"jwks_uri": dummy_jwks_uri,
},
)
mock.get(dummy_jwks_uri, payload=dummy_jwks_response_data)
mock.get(dummy_userinfo_endpoint_url, payload={"nickname": "jacobsvante"})
token = make_access_token(sub="GMqBbybGfBQeR6NgCY4NyXKnpFzaaTAn@clients")
resp = client.get("/users/me", headers={"Authorization": f"Bearer {token}"})
assert resp.status_code == 200
info = resp.json()["info"]
assert info["nickname"] == "jacobsvante"
# Basic auth
resp = client.get("/users/me", auth=("a", "b"))
assert resp.status_code == 200
info = resp.json()["info"]
assert info["nickname"] is None
# Unauthenticated
resp = client.get("/users/me")
assert resp.status_code == 401
assert resp.json() == {"detail": "Could not validate credentials"}
from . import db
from .models import Product
from .settings import get_settings
app = FastAPI()
settings = get_settings()
security = FastAPISecurity()
if settings.basic_auth_credentials:
security.init_basic_auth(settings.basic_auth_credentials)
if settings.oidc_discovery_url:
security.init_oauth2_through_oidc(
settings.oidc_discovery_url,
audiences=settings.oauth2_audiences,
)
elif settings.oauth2_jwks_url:
security.init_oauth2_through_jwks(
settings.oauth2_jwks_url,
audiences=settings.oauth2_audiences,
)
security.add_permission_overrides(settings.permission_overrides or {})
logger = logging.getLogger(__name__)
create_product_perm = security.user_permission("products:create")
@app.get("/users/me")