API refactor

2025-10-07 16:25:52 +09:00
parent 76d0d86211
commit 91c7e04474
1171 changed files with 81940 additions and 44117 deletions
--- a/venv/lib/python3.12/site-packages/fastapi/security/oauth2.py
+++ b/venv/lib/python3.12/site-packages/fastapi/security/oauth2.py
@@ -10,7 +10,7 @@ from starlette.requests import Request
 from starlette.status import HTTP_401_UNAUTHORIZED, HTTP_403_FORBIDDEN

 # TODO: import from typing when deprecating Python 3.9
-from typing_extensions import Annotated, Doc  # type: ignore [attr-defined]
+from typing_extensions import Annotated, Doc


 class OAuth2PasswordRequestForm:
@@ -52,9 +52,9 @@ class OAuth2PasswordRequestForm:
    ```

    Note that for OAuth2 the scope `items:read` is a single scope in an opaque string.
-    You could have custom internal logic to separate it by colon caracters (`:`) or
+    You could have custom internal logic to separate it by colon characters (`:`) or
    similar, and get the two parts `items` and `read`. Many applications do that to
-    group and organize permisions, you could do it as well in your application, just
+    group and organize permissions, you could do it as well in your application, just
    know that that it is application specific, it's not part of the specification.
    """

@@ -63,7 +63,7 @@ class OAuth2PasswordRequestForm:
        *,
        grant_type: Annotated[
            Union[str, None],
-            Form(pattern="password"),
+            Form(pattern="^password$"),
            Doc(
                """
                The OAuth2 spec says it is required and MUST be the fixed string
@@ -85,7 +85,7 @@ class OAuth2PasswordRequestForm:
        ],
        password: Annotated[
            str,
-            Form(),
+            Form(json_schema_extra={"format": "password"}),
            Doc(
                """
                `password` string. The OAuth2 spec requires the exact field name
@@ -130,7 +130,7 @@ class OAuth2PasswordRequestForm:
        ] = None,
        client_secret: Annotated[
            Union[str, None],
-            Form(),
+            Form(json_schema_extra={"format": "password"}),
            Doc(
                """
                If there's a `client_password` (and a `client_id`), they can be sent
@@ -194,9 +194,9 @@ class OAuth2PasswordRequestFormStrict(OAuth2PasswordRequestForm):
    ```

    Note that for OAuth2 the scope `items:read` is a single scope in an opaque string.
-    You could have custom internal logic to separate it by colon caracters (`:`) or
+    You could have custom internal logic to separate it by colon characters (`:`) or
    similar, and get the two parts `items` and `read`. Many applications do that to
-    group and organize permisions, you could do it as well in your application, just
+    group and organize permissions, you could do it as well in your application, just
    know that that it is application specific, it's not part of the specification.


@@ -217,7 +217,7 @@ class OAuth2PasswordRequestFormStrict(OAuth2PasswordRequestForm):
        self,
        grant_type: Annotated[
            str,
-            Form(pattern="password"),
+            Form(pattern="^password$"),
            Doc(
                """
                The OAuth2 spec says it is required and MUST be the fixed string
@@ -353,7 +353,7 @@ class OAuth2(SecurityBase):
            bool,
            Doc(
                """
-                By default, if no HTTP Auhtorization header is provided, required for
+                By default, if no HTTP Authorization header is provided, required for
                OAuth2 authentication, it will automatically cancel the request and
                send the client an error.

@@ -441,7 +441,7 @@ class OAuth2PasswordBearer(OAuth2):
            bool,
            Doc(
                """
-                By default, if no HTTP Auhtorization header is provided, required for
+                By default, if no HTTP Authorization header is provided, required for
                OAuth2 authentication, it will automatically cancel the request and
                send the client an error.

@@ -457,11 +457,26 @@ class OAuth2PasswordBearer(OAuth2):
                """
            ),
        ] = True,
+        refreshUrl: Annotated[
+            Optional[str],
+            Doc(
+                """
+                The URL to refresh the token and obtain a new one.
+                """
+            ),
+        ] = None,
    ):
        if not scopes:
            scopes = {}
        flows = OAuthFlowsModel(
-            password=cast(Any, {"tokenUrl": tokenUrl, "scopes": scopes})
+            password=cast(
+                Any,
+                {
+                    "tokenUrl": tokenUrl,
+                    "refreshUrl": refreshUrl,
+                    "scopes": scopes,
+                },
+            )
        )
        super().__init__(
            flows=flows,
@@ -543,7 +558,7 @@ class OAuth2AuthorizationCodeBearer(OAuth2):
            bool,
            Doc(
                """
-                By default, if no HTTP Auhtorization header is provided, required for
+                By default, if no HTTP Authorization header is provided, required for
                OAuth2 authentication, it will automatically cancel the request and
                send the client an error.