:bug: Fix HTTP Bearer security auto-error (#282)

diff --git a/fastapi/security/http.py b/fastapi/security/http.py
index f41d8d9447347889ed1970756c52250a6505d5b0..362390b7a434c66293898469e5afc96f661bf1ce 100644 (file)
--- a/fastapi/security/http.py
+++ b/fastapi/security/http.py
@@ -112,10 +112,13 @@ class HTTPBearer(HTTPBase):
             else:
                 return None
         if scheme.lower() != "bearer":
-            raise HTTPException(
-                status_code=HTTP_403_FORBIDDEN,
-                detail="Invalid authentication credentials",
-            )
+            if self.auto_error:
+                raise HTTPException(
+                    status_code=HTTP_403_FORBIDDEN,
+                    detail="Invalid authentication credentials",
+                )
+            else:
+                return None
         return HTTPAuthorizationCredentials(scheme=scheme, credentials=credentials)
 
 

diff --git a/tests/test_security_http_bearer_optional.py b/tests/test_security_http_bearer_optional.py
index 5a690c521f113f6842224365817423d2fb32e03f..d34433ec09e699f8c00f4099c11445e983b64316 100644 (file)
--- a/tests/test_security_http_bearer_optional.py
+++ b/tests/test_security_http_bearer_optional.py
@@ -64,5 +64,5 @@ def test_security_http_bearer_no_credentials():
 
 def test_security_http_bearer_incorrect_scheme_credentials():
     response = client.get("/users/me", headers={"Authorization": "Basic notreally"})
-    assert response.status_code == 403
-    assert response.json() == {"detail": "Invalid authentication credentials"}
+    assert response.status_code == 200
+    assert response.json() == {"msg": "Create an account first"}