Skip to content

[17.0][MIG] add fastapi_auth_api_key#539

Closed
henrybackman wants to merge 3 commits into
OCA:17.0from
camptocamp:17.0-mig-fastapi_auth_api_key_2
Closed

[17.0][MIG] add fastapi_auth_api_key#539
henrybackman wants to merge 3 commits into
OCA:17.0from
camptocamp:17.0-mig-fastapi_auth_api_key_2

Conversation

@henrybackman

Copy link
Copy Markdown



def authenticated_auth_api_key(
key: Annotated[str, Depends(APIKeyHeader(name="HTTP-API-KEY"))],

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

is it a real desired changed ? to avoid breaking consumer I would recomand to use same header as on previous version ie; https://github.com/OCA/rest-framework/blob/16.0/base_rest_auth_api_key/apispec/rest_method_security_plugin.py#L17

Suggested change
key: Annotated[str, Depends(APIKeyHeader(name="HTTP-API-KEY"))],
key: Annotated[str, Depends(APIKeyHeader(name="API-KEY"))],

headers={"WWW-Authenticate": "HTTP-API-KEY"},
) from error
# Ensure the api key is authorized for the current endpoint.
if auth_api_key not in endpoint.sudo().auth_api_key_group_id.auth_api_key_ids:

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As far I understand we must set an auth_api_key_group_id to make the endpoint working, is that correct?

if yes I would set the field as required or support the case there is no auth_api_key_group_id defined:

Suggested change
if auth_api_key not in endpoint.sudo().auth_api_key_group_id.auth_api_key_ids:
if endpoint.sudo().auth_api_key_group_id and auth_api_key not in endpoint.sudo().auth_api_key_group_id.auth_api_key_ids:

Comment on lines +81 to +85
# TODO enable this when we know how to filter keys based
# on endpoint's api key group.
# An exception is raised when unauthorized api key record is found
# with self.assertRaises(HTTPException) as error:
# authenticated_auth_api_key("not_authorized", self.demo_env)

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure to understand the comment, maybe it's time on uncomment ?

Suggested change
# TODO enable this when we know how to filter keys based
# on endpoint's api key group.
# An exception is raised when unauthorized api key record is found
# with self.assertRaises(HTTPException) as error:
# authenticated_auth_api_key("not_authorized", self.demo_env)
with self.assertRaises(HTTPException) as error:
authenticated_auth_api_key("not_authorized", self.demo_env, self.demo_endpoint)

@petrus-v

petrus-v commented Sep 8, 2025

Copy link
Copy Markdown
Contributor

I suppose this PR can be closed as superseded by #555

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

4 participants