I was able to build from a sample Starlette example a piece of code that gets Basic Auth username and password, reads a header, and grabs the json body. But it only does so if I use "GET" instead of post, and I have not been able to figure out how to change the accepted method to POST. (The application I am trying to host for only uses POST. Is it a simple thing to get the POST method to work, or is this a rewrite?
from starlette.applications import Starlette
from starlette.authentication import requires
from starlette.authentication import (
AuthCredentials, AuthenticationBackend, AuthenticationError, SimpleUser
)
from starlette.middleware import Middleware
from starlette.middleware.authentication import AuthenticationMiddleware
from starlette.responses import (PlainTextResponse, JSONResponse)
from starlette.routing import Route
import base64
import binascii
class BasicAuthBackend(AuthenticationBackend):
async def authenticate(self, conn):
if "Authorization" not in conn.headers:
return
auth = conn.headers["Authorization"]
try:
scheme, credentials = auth.split()
if scheme.lower() != 'basic':
return
decoded = base64.b64decode(credentials).decode("ascii")
except (ValueError, UnicodeDecodeError, binascii.Error) as exc:
raise AuthenticationError('Invalid basic auth credentials')
username, _, password = decoded.partition(":")
global my_user
global my_pass
my_user = username
my_pass = password
# TODO: You'd want to verify the username and password here.
return AuthCredentials(["authenticated"]), SimpleUser(username)
async def homepage(request):
if request.user.is_authenticated:
body = await request.json()
return JSONResponse({"user": my_user, "password": my_pass, "header": request.headers['client_id']}, body )
return PlainTextResponse('Hello, you')
routes = [
Route("/testpath", endpoint=homepage)
]
middleware = [
Middleware(AuthenticationMiddleware, backend=BasicAuthBackend())
]
app = Starlette(debug=True, routes=routes, middleware=middleware)
You need mention that your route accepts POST method.
async def homepage(request):
if request.user.is_authenticated:
body = await request.json()
return JSONResponse({"user": my_user, "password": my_pass, "header": request.headers['client_id']})
return PlainTextResponse('Hello, you')
routes = [
Route("/testpath", endpoint=homepage, methods=["POST"])
]
Related
I use fastapi to build my web-server.
I need to know the ip address of client so I follow this guildline https://fastapi.tiangolo.com/advanced/using-request-directly/
This is my router function
from fastapi import Request
...
#router.post("/login")
async def login(id: str, password: str, request: Request):
My client do like this
import requests
...
response = requests.post(my_url, json={"id": id, "password": password})
But client gets this message:
{"detail":[{"loc":["query","dn"],"msg":"field required","type":"value_error.missing"},{"loc":["query","password"],"msg":"field required","type":"value_error.missing"}]}
Server gives this message:
"POST /jobs/login HTTP/1.1" 422 Unprocessable Entity
So I think the Request field is needed or the transmitted data format is wrong..
Is there any solution for this?
You'll have to explicitly tell FastAPI that you want to retrieve each parameter from the JSON body if you haven't defined a Pydantic input schema.
from fastapi import Request, FastAPI, APIRouter, Body
app = FastAPI()
router = APIRouter()
#router.post("/login")
async def login(request: Request, id: str = Body(...), password: str = Body(...)):
print(id, password)
app.include_router(router)
To define a schema for a login request, create a Pydantic class that inherits from BaseModel:
from fastapi import Request, FastAPI, APIRouter, Body
from pydantic import BaseModel
class LoginSchema(BaseModel):
id: str
password: str
app = FastAPI()
router = APIRouter()
#router.post("/login-schema")
async def login(request: Request, login: LoginSchema):
print(login.id, login.password)
app.include_router(router)
I think I found out what is the issue and why you get 422 Unprocessable Entity Error.
async def login(id: str, password: str, request: Request):
id and password are query parameters but you are trying to pass JSON data instead of query parameters.
response = requests.post(my_url, json={"id": id, "password": password})
If you want this code to work you should pass id and password as query parameters
import requests
my_url = "http://127.0.0.1:8000/login"
id = "1"
password = "hello"
params = {'id': id, 'password': password}
response = requests.post(my_url, params=params)
here is the whole code.
main.py
from fastapi import Request, FastAPI
app = FastAPI()
#app.post("/login")
async def login(id: str, password: str, request: Request):
ip = request.client.host
return {
"id":id,
"password": password,
"host": ip
}
test.py
import requests
my_url = "http://127.0.0.1:8000/login"
id = "1"
password = "hello"
params = {'id': id, 'password': password}
response = requests.post(my_url, params=params)
I am trying to setup pytest with httpx.AsyncClient and sqlalchemy AsyncSession with FastAPI. Everything practically mimics the tests in FastAPI Fullstack repo, except for async stuff.
No issues with CRUD unit tests. The issue arises when running API tests using AsyncClient from httpx lib.
The issue is, any request made by client only has access to the users (in my case) created before initializing (setting up) the client fixture.
My pytest conftest.py setup is like this:
from typing import Dict, Generator, Callable
import asyncio
from fastapi import FastAPI
import pytest
# from sqlalchemy.orm import Session
from sqlalchemy.ext.asyncio import AsyncSession
from httpx import AsyncClient
import os
import warnings
import sqlalchemy as sa
from alembic.config import Config
from sqlalchemy.ext.asyncio import AsyncSession
from sqlalchemy.ext.asyncio import create_async_engine
from sqlalchemy.orm import sessionmaker
async def get_test_session() -> Generator:
test_engine = create_async_engine(
settings.SQLALCHEMY_DATABASE_URI + '_test',
echo=False,
)
# expire_on_commit=False will prevent attributes from being expired
# after commit.
async_sess = sessionmaker(
test_engine, expire_on_commit=False, class_=AsyncSession
)
async with async_sess() as sess, sess.begin():
yield sess
#pytest.fixture(scope="session")
async def async_session() -> Generator:
test_engine = create_async_engine(
settings.SQLALCHEMY_DATABASE_URI + '_test',
echo=False,
pool_size=20, max_overflow=0
)
# expire_on_commit=False will prevent attributes from being expired
# after commit.
async_sess = sessionmaker(
test_engine, expire_on_commit=False, class_=AsyncSession
)
yield async_sess
#pytest.fixture(scope="session")
async def insert_initial_data(async_session:Callable):
async with async_session() as session, session.begin():
# insert first superuser - basic CRUD ops to insert data in test db
await insert_first_superuser(session)
# insert test.superuser#example.com
await insert_first_test_user(session)
# inserts test.user#example.com
#pytest.fixture(scope='session')
def app(insert_initial_data) -> FastAPI:
return FastAPI()
#pytest.fixture(scope='session')
async def client(app: FastAPI) -> Generator:
from app.api.deps import get_session
app.dependency_overrides[get_session] = get_test_session
async with AsyncClient(
app=app, base_url="http://test",
) as ac:
yield ac
# reset dependencies
app.dependency_overrides = {}
So in this case, only the superuser test.superuser#example.com and normal user test.user#example.com are available during running API tests. e.g., code below is able to fetch the access token just fine:
async def authentication_token_from_email(
client: AsyncClient, session: AsyncSession,
) -> Dict[str, str]:
"""
Return a valid token for the user with given email.
"""
email = 'test.user#example.com'
password = 'test.user.password'
user = await crud.user.get_by_email(session, email=email)
assert user is not None
data = {"username": email, "password": password}
response = await client.post(f"{settings.API_V1_STR}/auth/access-token",
data=data)
auth_token = response.cookies.get('access_token')
assert auth_token is not None
return auth_token
but, the modified code below doesn't - here I try to insert new user, and then log in to get access token.
async def authentication_token_from_email(
client: AsyncClient, session: AsyncSession,
) -> Dict[str, str]:
"""
Return a valid token for the user with given email.
If the user doesn't exist it is created first.
"""
email = random_email()
password = random_lower_string()
user = await crud.user.get_by_email(session, email=email)
if not user:
user_in_create = UserCreate(email=email,
password=password)
user = await crud.user.create(session, obj_in=user_in_create)
else:
user_in_update = UserUpdate(password=password)
user = await crud.user.update(session, db_obj=user, obj_in=user_in_update)
assert user is not None
# works fine up to this point, user inserted successfully
# now try to send http request to fetch token, and user is not found in the db
data = {"username": email, "password": password}
response = await client.post(f"{settings.API_V1_STR}/auth/access-token",
data=data)
auth_token = response.cookies.get('access_token')
# returns None.
return auth_token
What is going on here ? Appreciate any help!
Turns out all I needed to do is, for reason I do not understand, is to define the FastAPI dependency override function inside the client fixture:
before
async def get_test_session() -> Generator:
test_engine = create_async_engine(
settings.SQLALCHEMY_DATABASE_URI + '_test',
echo=False,
)
# expire_on_commit=False will prevent attributes from being expired
# after commit.
async_sess = sessionmaker(
test_engine, expire_on_commit=False, class_=AsyncSession
)
async with async_sess() as sess, sess.begin():
yield sess
#pytest.fixture(scope='session')
async def client(app: FastAPI) -> Generator:
from app.api.deps import get_session
app.dependency_overrides[get_session] = get_test_session
async with AsyncClient(
app=app, base_url="http://test",
) as ac:
yield ac
# reset dependencies
app.dependency_overrides = {}
after
#pytest.fixture(scope="function")
async def session(async_session) -> Generator:
async with async_session() as sess, sess.begin():
yield sess
#pytest.fixture
async def client(app: FastAPI, session:AsyncSession) -> Generator:
from app.api.deps import get_session
# this needs to be defined inside this fixture
# this is generate that yields session retrieved from `session` fixture
def get_sess():
yield session
app.dependency_overrides[get_session] = get_sess
async with AsyncClient(
app=app, base_url="http://test",
) as ac:
yield ac
app.dependency_overrides = {}
I'd appreciate any explanation of this behavior. Thanks!
This is actually the first time it doesn't work, I mean I've practiced this before, but now I have no idea what's wrong.
So I am trying to implement basic function get_current_user for FastAPI , but somehow it doesn't work.
When I try in swagger Authorization works fine, but endpoint with current user simply doesn't work.
So this is part that belongs to endpoint file:
router = APIRouter(prefix='/api/v1/users')
router1 = APIRouter()
oauth2_scheme = OAuth2PasswordBearer(tokenUrl='/api-token-auth/')
#router1.post('/api-token-auth/')
async def auth(form: OAuth2PasswordRequestForm = Depends(), db: Session = Depends(get_db)):
user = await utils.get_user_by_username(form.username, db) # type: User
if not user:
raise HTTPException(status_code=400, detail="Incorrect username or password")
if not utils.validate_password(form.password, user.hashed_password):
raise HTTPException(status_code=400, detail="Incorrect username or password")
return await utils.create_token(user.id, db)
async def get_current_user(token: str = Depends(oauth2_scheme), db: Session = Depends(get_db)):
print(token)
user = await utils.get_user_by_token(token, db)
if not user:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="Invalid authentication credentials",
headers={"WWW-Authenticate": "Bearer"},
)
return user
#router.get("/me", response_model=DisplayUser)
async def read_users_me(current_user: User = Depends(get_current_user)):
return current_user
and this is function that creates token (I have checked and it is 1000% works and returns string):
async def create_token(user_id: int, db: Session):
"""Token generation"""
letters = string.ascii_lowercase
token = ''.join(random.choice(letters) for _ in range(25))
created_token = Token(
expires=datetime.now() + timedelta(weeks=2),
user_id=user_id,
token=token
)
db.add(created_token)
db.commit()
db.refresh(created_token)
token = AuthUser.from_orm(created_token)
return token.token
But when I print(token) in get_current_user function it prints undefined . And I dunno why. Am I using dependency wrong or something?
Thanks in advance!
Since it prints undefined it seems like the frontend is expecting the response in a different format (since undefined is what using an undefined object key in Javascript as a key will result in).
The OAuth2 response should have the token under access_token by default:
access_token (required) The access token string as issued by the authorization server.
token_type (required) The type of token this is, typically just the string “bearer”.
Example response from the above link:
{
"access_token":"MTQ0NjJkZmQ5OTM2NDE1ZTZjNGZmZjI3",
"token_type":"bearer",
"expires_in":3600,
"refresh_token":"IwOGYzYTlmM2YxOTQ5MGE3YmNmMDFkNTVk",
"scope":"create"
}
In your "create_token(user.id, db)" ensure the returned token contains these two values.
{
"access_token":"",
"token_type":"bearer"
}
Here is my code so far, I want to inject AuthJWT as dependancy:
from starlette.graphql import GraphQLApp
from starlette.requests import Request as Rq
from fastapi_jwt_auth import AuthJWT
graphql_app = GraphQLApp(schema=graphene.Schema(query=Query, mutation=Mutation))
#router.post("/gql")
async def graph(request: Rq, Authorize: AuthJWT = Depends() ):
request.state.authorize = Authorize
return await graphql_app.handle_graphql(request=request)
app.include_router(router)
Its working fine with post request on insomnia ide but I am unable to see the graphiql ide in the browser in "localhost:8000/gql" url
It gives error: "GET /gql HTTP/1.1" 405 Method Not Allowed
How can I get the graphiql ide?
Is it possible to get the ide by Custom Request and APIRoute class? https://fastapi.tiangolo.com/advanced/custom-request-and-route/
Answer by #IndominusByte
import graphene
from fastapi import FastAPI, Request, Depends
from fastapi_jwt_auth import AuthJWT
from starlette.graphql import GraphQLApp
from starlette.datastructures import URL
from pydantic import BaseModel
class Settings(BaseModel):
authjwt_secret_key: str = "secret"
#AuthJWT.load_config
def get_config():
return Settings()
class Query(graphene.ObjectType):
hello = graphene.String(name=graphene.String(default_value="stranger"))
def resolve_hello(self, info, name):
authorize = info.context['request'].state.authorize
access_token = authorize.create_access_token(subject=name)
return "Hello " + name + "access_token" + access_token
app = FastAPI()
graphql_app = GraphQLApp(schema=graphene.Schema(query=Query))
# graphiql ide path here
#app.get('/')
async def graphiql(request: Request):
request._url = URL('/gql')
return await graphql_app.handle_graphiql(request=request)
# use the path for frontend request
#app.post('/gql')
async def graphql(request: Request, authorize: AuthJWT = Depends()):
request.state.authorize = authorize
return await graphql_app.handle_graphql(request=request)
https://github.com/IndominusByte/fastapi-jwt-auth/issues/28
Im making a unit test in a rest controller and this is the return:
return ResponseEntity.status(HttpStatus.OK).body(result);
Im getting this error:
Required request body is missing
This is my current test:
def "Signup"() {
given:
UserDto userDto = new UserDto(id: 1, password: "password123", username: "username123")
def personDto = new PersonDto(id: 1, user : userDto)
when: "signup url is hit"
def response = mockMvc.perform(post('/person/signup'))
then:
personService.signup(userDto) >> personDto
response.andExpect(status().isOk())
}
Any idea how to mock .body or how to add a body in the request. Thanks ::)
Add another expectation like:
response.andExpect(content().string(containsString('blah')))
Reference:
MockMvcResultMatchers.content()
ContentResultMatchers.string(org.hamcrest.Matcher<? super String> matcher)
import static groovyx.net.http.ContentType.JSON
import groovyx.net.http.RESTClient
import groovy.util.slurpersupport.GPathResult
import static groovyx.net.http.ContentType.URLENC
def accountId = "yourAccountId" // this is the number after http://basecamp.com when logged into the basecamp website e.g. http://basecamp.com/1234567
def userName = "basecampUserName"
def password = "basecampPassword"
def basecamp = new RESTClient( "https://basecamp.com/${accountId}/api/v1/".toString() )
basecamp.auth.basic userName, password
def response = basecamp.get(
path: "projects.json",
headers: ["User-Agent": "My basecamp application (myemail#domain.com)"]
)
println response.data.toString(2) // or you can return this value and do whatever you want
// post with body
def 'test post method'(){
given:
restClient .headers.Accept = 'application/json'
when:
def resp = restClient .post(path: 'path(ex:/api/list/',
query:[param1:'param1value',param2:'param2value'],
body: 'your json',
contentType:'application/json'
)
then:
resp.status == 200
}
}