Merge pull request #44 from bkmetzler/auto_error

Implement `auto_error` flag - Resolves #43

Author: JonasKs

.github/workflows/testing.yaml

@@ -28,7 +28,7 @@ jobs:
       fail-fast: false
       matrix:
         python-version: [ "3.9", "3.10" ]
-        fastapi-version: [ "0.68.0", "0.70.0" ]
+        fastapi-version: [ "0.68.0", "0.70.0", "0.71.0" ]
     steps:
       - name: Check out repository
         uses: actions/checkout@v2

.pre-commit-config.yaml

@@ -41,6 +41,13 @@ repos:
     hooks:
       - id: isort
   - repo: https://github.com/pre-commit/mirrors-mypy
-    rev: v0.910
+    rev: "v0.930"
     hooks:
       - id: mypy
+        exclude: "test_*"
+        additional_dependencies:
+          [
+            fastapi,
+            pydantic,
+            starlette,
+          ]

demo_project/api/api_v1/api.py

@@ -1,5 +1,7 @@
-from demo_project.api.api_v1.endpoints import hello_world
+from demo_project.api.api_v1.endpoints import hello_world, hello_world_multi_auth
 from fastapi import APIRouter
 
-api_router = APIRouter(tags=['hello'])
-api_router.include_router(hello_world.router)
+api_router_azure_auth = APIRouter(tags=['hello'])
+api_router_azure_auth.include_router(hello_world.router)
+api_router_multi_auth = APIRouter(tags=['hello'])
+api_router_multi_auth.include_router(hello_world_multi_auth.router)

demo_project/api/api_v1/endpoints/hello_world_multi_auth.py

@@ -0,0 +1,26 @@
+from typing import Union
+
+from demo_project.api.dependencies import multi_auth
+from demo_project.schemas.hello_world import TokenType
+from fastapi import APIRouter, Depends, Request
+
+from fastapi_azure_auth.user import User
+
+router = APIRouter()
+
+
+@router.get(
+    '/hello-multi-auth',
+    response_model=TokenType,
+    summary='Say hello with an API key',
+    name='hello_world_api_key',
+    operation_id='helloWorldApiKey',
+)
+async def world(request: Request, auth: Union[str, User] = Depends(multi_auth)) -> dict[str, bool]:
+    """
+    Wonder how this auth is done?
+    """
+    if isinstance(auth, str):
+        # An API key was used
+        return {'api_key': True, 'azure_auth': False}
+    return {'api_key': False, 'azure_auth': True}

demo_project/api/dependencies.py

@@ -1,11 +1,12 @@
 import logging
 from datetime import datetime, timedelta
-from typing import Optional
+from typing import Optional, Union
 
 from demo_project.core.config import settings
 from fastapi import Depends
+from fastapi.security.api_key import APIKeyHeader
 
-from fastapi_azure_auth import SingleTenantAzureAuthorizationCodeBearer
+from fastapi_azure_auth import MultiTenantAzureAuthorizationCodeBearer, SingleTenantAzureAuthorizationCodeBearer
 from fastapi_azure_auth.exceptions import InvalidAuth
 from fastapi_azure_auth.user import User
 
@@ -49,10 +50,40 @@ async def __call__(self, tid: str) -> str:
             # logic to find your allowed tenants and it's issuers here
             # (This example cache in memory for 1 hour)
             self.tid_to_iss = {
-                'intility_tenant': 'intility_tenant',
+                'intility_tenant_id': 'https://login.microsoftonline.com/intility_tenant/v2.0',
             }
         try:
             return self.tid_to_iss[tid]
         except Exception as error:
             log.exception('`iss` not found for `tid` %s. Error %s', tid, error)
             raise InvalidAuth('You must be an Intility customer to access this resource')
+
+
+issuer_fetcher = IssuerFetcher()
+
+azure_scheme_auto_error_false = MultiTenantAzureAuthorizationCodeBearer(
+    app_client_id=settings.APP_CLIENT_ID,
+    scopes={
+        f'api://{settings.APP_CLIENT_ID}/user_impersonation': 'User impersonation',
+    },
+    validate_iss=True,
+    iss_callable=issuer_fetcher,
+    auto_error=False,
+)
+
+
+api_key_auth_auto_error_false = APIKeyHeader(name='TEST-API-KEY', auto_error=False)
+
+
+async def multi_auth(
+    azure_auth: Optional[User] = Depends(azure_scheme_auto_error_false),
+    api_key: Optional[str] = Depends(api_key_auth_auto_error_false),
+) -> Union[User, str]:
+    """
+    Example implementation.
+    """
+    if azure_auth:
+        return azure_auth
+    if api_key == 'JonasIsCool':
+        return api_key
+    raise InvalidAuth('You must either provide a valid bearer token or API key')

demo_project/core/config.py

@@ -1,6 +1,6 @@
 from typing import List, Optional, Union
 
-from pydantic import AnyHttpUrl, BaseSettings, Field, HttpUrl, validator
+from pydantic import AnyHttpUrl, BaseSettings, Field, HttpUrl
 
 
 class AzureActiveDirectory(BaseSettings):
@@ -18,29 +18,9 @@ class Settings(AzureActiveDirectory):
     # "http://localhost:8080", "http://local.dockertoolbox.tiangolo.com"]'
     BACKEND_CORS_ORIGINS: List[Union[str, AnyHttpUrl]] = ['http://localhost:8000']
 
-    @validator('BACKEND_CORS_ORIGINS', pre=True)
-    def assemble_cors_origins(cls, value: Union[str, List[str]]) -> Union[List[str], str]:  # pragma: no cover
-        """
-        Validate cors list
-        """
-        if isinstance(value, str) and not value.startswith('['):
-            return [i.strip() for i in value.split(',')]
-        elif isinstance(value, (list, str)):
-            return value
-        raise ValueError(value)
-
     PROJECT_NAME: str = 'My Project'
     SENTRY_DSN: Optional[HttpUrl] = None
 
-    @validator('SENTRY_DSN', pre=True)
-    def sentry_dsn_can_be_blank(cls, value: str) -> Optional[str]:  # pragma: no cover
-        """
-        Validate sentry DSN
-        """
-        if not value:
-            return None
-        return value
-
     class Config:  # noqa
         env_file = 'demo_project/.env'
         env_file_encoding = 'utf-8'

demo_project/main.py

@@ -2,7 +2,7 @@
 from argparse import ArgumentParser
 
 import uvicorn
-from demo_project.api.api_v1.api import api_router
+from demo_project.api.api_v1.api import api_router_azure_auth, api_router_multi_auth
 from demo_project.api.dependencies import azure_scheme
 from demo_project.core.config import settings
 from fastapi import FastAPI, Security
@@ -44,10 +44,15 @@ async def load_config() -> None:
 
 
 app.include_router(
-    api_router,
+    api_router_azure_auth,
     prefix=settings.API_V1_STR,
     dependencies=[Security(azure_scheme, scopes=['user_impersonation'])],
 )
+app.include_router(
+    api_router_multi_auth,
+    prefix=settings.API_V1_STR,
+    # Dependencies specified on the API itself
+)
 
 
 if __name__ == '__main__':

demo_project/schemas/hello_world.py

@@ -6,3 +6,8 @@
 class HelloWorldResponse(BaseModel):
     hello: str = Field(..., description='What we\'re saying hello to')
     user: User = Field(..., description='The user object')
+
+
+class TokenType(BaseModel):
+    api_key: bool = Field(..., description='API key was used')
+    azure_auth: bool = Field(..., description='Azure auth was used')

docs/docs/settings/multi_tenant.mdx

@@ -63,3 +63,11 @@ Override OpenAPI token URL
 **Default:** `None`
 
 Override OpenAPI description
+
+-----------------
+
+### auto_error: `bool`
+**Default:** `True`
+
+Set this to False if you are using multiple authentication libraries.  This will return rather than
+throwing authentication exceptions.

docs/docs/settings/single_tenant.mdx

@@ -63,3 +63,11 @@ Override OpenAPI token URL
 **Default:** `None`
 
 Override OpenAPI description
+
+-----------------
+
+### auto_error: `bool`
+**Default:** `True`
+
+Set this to False if you are using multiple authentication libraries.  This will return rather than
+throwing authentication exceptions.