From: Andrew <amacfie@sent.com>
Date: Sun, 14 Jun 2020 15:54:46 +0000 (-0400)
Subject: 🐛 Fix testing security scopes when using dependency overrides (#1549)
X-Git-Tag: 0.58.0~9
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7dd881334d6bdd582a2529b0ed5d05b0484f969a;p=thirdparty%2Ffastapi%2Ffastapi.git

🐛 Fix testing security scopes when using dependency overrides (#1549)

Co-authored-by: Sebastián Ramírez <tiangolo@gmail.com>
---

diff --git a/fastapi/dependencies/utils.py b/fastapi/dependencies/utils.py
index 4939773552..e7896f4910 100644
--- a/fastapi/dependencies/utils.py
+++ b/fastapi/dependencies/utils.py
@@ -500,6 +500,7 @@ async def solve_dependencies(
                 name=sub_dependant.name,
                 security_scopes=sub_dependant.security_scopes,
             )
+            use_sub_dependant.security_scopes = sub_dependant.security_scopes
 
         solved_result = await solve_dependencies(
             request=request,
diff --git a/tests/test_dependency_security_overrides.py b/tests/test_dependency_security_overrides.py
new file mode 100644
index 0000000000..b89d82db43
--- /dev/null
+++ b/tests/test_dependency_security_overrides.py
@@ -0,0 +1,65 @@
+from typing import List, Tuple
+
+from fastapi import Depends, FastAPI, Security
+from fastapi.security import SecurityScopes
+from fastapi.testclient import TestClient
+
+app = FastAPI()
+
+
+def get_user(required_scopes: SecurityScopes):
+    return "john", required_scopes.scopes
+
+
+def get_user_override(required_scopes: SecurityScopes):
+    return "alice", required_scopes.scopes
+
+
+def get_data():
+    return [1, 2, 3]
+
+
+def get_data_override():
+    return [3, 4, 5]
+
+
+@app.get("/user")
+def read_user(
+    user_data: Tuple[str, List[str]] = Security(get_user, scopes=["foo", "bar"]),
+    data: List[int] = Depends(get_data),
+):
+    return {"user": user_data[0], "scopes": user_data[1], "data": data}
+
+
+client = TestClient(app)
+
+
+def test_normal():
+    response = client.get("/user")
+    assert response.json() == {
+        "user": "john",
+        "scopes": ["foo", "bar"],
+        "data": [1, 2, 3],
+    }
+
+
+def test_override_data():
+    app.dependency_overrides[get_data] = get_data_override
+    response = client.get("/user")
+    assert response.json() == {
+        "user": "john",
+        "scopes": ["foo", "bar"],
+        "data": [3, 4, 5],
+    }
+    app.dependency_overrides = {}
+
+
+def test_override_security():
+    app.dependency_overrides[get_user] = get_user_override
+    response = client.get("/user")
+    assert response.json() == {
+        "user": "alice",
+        "scopes": ["foo", "bar"],
+        "data": [1, 2, 3],
+    }
+    app.dependency_overrides = {}