Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feat: Various changes and updates #433

Merged
merged 28 commits into from
Dec 10, 2024
Merged

Feat: Various changes and updates #433

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
28 commits
Select commit Hold shift + click to select a range
ca30ee7
Fix shell loading default
tarsil Nov 14, 2024
cf3c87d
Fix linting
tarsil Nov 14, 2024
daa8983
Add O2Auth for OpenAPI and security in general
tarsil Nov 15, 2024
216d783
Add new tests for OAuth and add Security
tarsil Nov 15, 2024
81b9add
Add extra test
tarsil Nov 15, 2024
5ba0433
Implement security dependency for OAuth and OpenId
tarsil Nov 17, 2024
7b9b7ba
Update param_functions.py
tarsil Nov 17, 2024
d245b94
Change signature.py
tarsil Nov 17, 2024
1dc3cd5
Update test_security_oauth2_optional_desc.py
tarsil Nov 17, 2024
884de68
Merge branch 'main' into feat/oauth
tarsil Nov 17, 2024
e94ac3b
Fix optional data payload encoding validation
tarsil Nov 18, 2024
2af226b
Add extra test for union with different payload data
tarsil Nov 18, 2024
9213a2d
Add new API tests
tarsil Nov 18, 2024
bc42466
Update internal ignore security params in the query
tarsil Nov 18, 2024
fcc3366
Add tests for basic
tarsil Nov 18, 2024
a44fec2
Add digest tests
tarsil Nov 18, 2024
2016d5e
Add new security docs section
tarsil Nov 18, 2024
a62ed10
Update internal docs
tarsil Nov 18, 2024
dc85ef9
Add extra openid test
tarsil Nov 19, 2024
c3be28b
Merge branch 'main' into feat/oauth
tarsil Nov 29, 2024
ef8b75d
Docs update
tarsil Dec 9, 2024
2b3d043
Merge branch 'feat/oauth' of github.com:dymmond/esmerald into feat/oauth
tarsil Dec 9, 2024
315103c
Update lilya
tarsil Dec 9, 2024
8d74a71
Fix pydantic versions
tarsil Dec 9, 2024
e29d9f4
Fix pydantic versions
tarsil Dec 9, 2024
735c092
Add docs for simple fake auth
tarsil Dec 9, 2024
e091c33
Merge branch 'main' into feat/oauth
tarsil Dec 9, 2024
6a8cd2e
Simple security docs
tarsil Dec 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Add docs for simple fake auth
  • Loading branch information
@tarsil
tarsil committed Dec 9, 2024
commit 735c0929ac78ccc73e9d89e983698360cf5f3bca
59 changes: 58 additions & 1 deletion docs/en/docs/security/simple-oauth2.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ Both dependencies will raise an HTTP error if the user doesn't exist or if the u

With this update, the endpoint will only return a user if the user exists, is authenticated correctly, and is active.

```python hl_lines="54-62 65-70"
```python hl_lines="54-65"
{!> ../../../docs_src/security/post.py !}
```

Expand All @@ -183,3 +183,60 @@ With this update, the endpoint will only return a user if the user exists, is au
While you can technically omit this header and it will still function, including it ensures compliance with the specification. Additionally, some tools may expect and use this header, either now or in the future, which could be helpful for you or your users.

That's the advantage of following standards.

## Go ahead and test it

Open the OpenAPI documentation and check it out: [http://localhost:8000/docs/swagger](http://localhost:8000/docs/swagger).

### Authenticate

Click the **Authorize** button and use the following credentials:

* **User**: `janedoe`
* **Password**: `secret`.

<img src="https://res.cloudinary.com/dymmond/image/upload/v1733758942/esmerald/security/authorize_jimv3t.png" alt="Authorize">

After pressing the authenticate, you should be able to see something like this:

<img src="https://res.cloudinary.com/dymmond/image/upload/v1733759042/esmerald/security/done_mgpwvt.png" alt="Done">

### Get the data

Now it is time to test and get the data using the `GET` method provided in the examples `/users/me`.

You will get a payload similar to this:

```json
{
"username": "johndoe",
"email": "[email protected]",
"full_name": "John Doe",
"disabled": false,
"hashed_password": "fakehashedsecret"
}
```

<img src="https://res.cloudinary.com/dymmond/image/upload/v1733759233/esmerald/security/payload_eaxlaf.png" alt="Payload">

Now, if you logout by clicking in the logout icon, you should receive a 401.

<img src="https://res.cloudinary.com/dymmond/image/upload/v1733759352/esmerald/security/not_auth_nwd72q.png" alt="Not authenticated">


## Inactive users

Now you can try with an inactive user and see what happens.

* **User**: `peter`
* **Password**: `secret2`.

You should have an error like this:

```json
{
"detail": "Inactive user"
}
```

As you can see, we have now implemented a simple and yet effective authentication.
Loading
Loading