Basic Auth bug fix & test fixes. (#266)

**Description:** Basic Auth bug fix & test fix. `request.url.path` would return the absolute path f.e.: `/collections/test-collection` `request.scope.get("route").path` returns `/collections/{collection_id}` which is correct for matching permissions **PR Checklist:** - [x] Code is formatted and linted (run `pre-commit run --all-files`) - [x] Tests pass (run `make test`) - [x] Documentation has been updated to reflect changes, if applicable - [x] Changes are added to the changelog --------- Co-authored-by: Jonathan Healy <jonathan.d.healy@gmail.com>
stac-utils · May 30, 2024 · 009754e · 009754e
1 parent 3d85ba6
commit 009754e
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -14,6 +14,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Fixed
 
 - API sort extension tests [#264](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/264)
+- Basic auth permission fix for checking route path instead of absolute path [#266](https://github.com/stac-utils/stac-fastapi-elasticsearch-opensearch/pull/266)
 
 ## [v3.0.0a1]
 

diff --git a/stac_fastapi/core/stac_fastapi/core/basic_auth.py b/stac_fastapi/core/stac_fastapi/core/basic_auth.py
@@ -61,7 +61,7 @@ def has_access(
         )
 
     permissions = user.get("permissions", [])
-    path = request.url.path
+    path = request.scope.get("route").path
     method = request.method
 
     if permissions == "*":

diff --git a/stac_fastapi/tests/basic_auth/test_basic_auth.py b/stac_fastapi/tests/basic_auth/test_basic_auth.py
@@ -74,7 +74,7 @@ async def test_delete_resource_insufficient_permissions(app_client_basic_auth, c
 
     assert response.status_code == 403
     assert response.json() == {
-        "detail": "Insufficient permissions for [DELETE /collections/test-collection]"
+        "detail": "Insufficient permissions for [DELETE /collections/{collection_id}]"
     }