FilesExpand file tree

 main

/

basic_auth_users.py

Copy path

BlameMore file actions

BlameMore file actions

Latest commit

 

History

History

History

88 lines (64 loc) · 2.29 KB

 main

/

basic_auth_users.py

Top

File metadata and controls

• Code
• Blame

88 lines (64 loc) · 2.29 KB

Raw

Copy raw file

Download raw file

Open symbols panel

Edit and raw actions

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

# Clase en vídeo: https://youtu.be/_y9qQZXE24A?t=14094

### Users API con autorización OAuth2 básica ###

from fastapi import APIRouter, Depends, HTTPException, status

from pydantic import BaseModel

from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm

router = APIRouter(prefix="/basicauth",

tags=["basicauth"],

responses={status.HTTP_404_NOT_FOUND: {"message": "No encontrado"}})

oauth2 = OAuth2PasswordBearer(tokenUrl="login")

class User(BaseModel):

username: str

full_name: str

email: str

disabled: bool

class UserDB(User):

password: str

users_db = {

"mouredev": {

"username": "mouredev",

"full_name": "Brais Moure",

"email": "braismoure@mourede.com",

"disabled": False,

"password": "123456"

},

"mouredev2": {

"username": "mouredev2",

"full_name": "Brais Moure 2",

"email": "braismoure2@mourede.com",

"disabled": True,

"password": "654321"

}

}

def search_user_db(username: str):

if username in users_db:

return UserDB(**users_db[username])

def search_user(username: str):

if username in users_db:

return User(**users_db[username])

async def current_user(token: str = Depends(oauth2)):

user = search_user(token)

if not user:

raise HTTPException(

status_code=status.HTTP_401_UNAUTHORIZED,

detail="Credenciales de autenticación inválidas",

headers={"WWW-Authenticate": "Bearer"})

if user.disabled:

raise HTTPException(

status_code=status.HTTP_400_BAD_REQUEST,

detail="Usuario inactivo")

return user

@router.post("/login")

async def login(form: OAuth2PasswordRequestForm = Depends()):

user_db = users_db.get(form.username)

if not user_db:

raise HTTPException(

status_code=status.HTTP_400_BAD_REQUEST, detail="El usuario no es correcto")

user = search_user_db(form.username)

if not form.password == user.password:

raise HTTPException(

status_code=status.HTTP_400_BAD_REQUEST, detail="La contraseña no es correcta")

return {"access_token": user.username, "token_type": "bearer"}

@router.get("/users/me")

async def me(user: User = Depends(current_user)):

return user