Return 403 instead of 401 when a user is known (#705)

* return 403 instead of 401 if user is known * return 403 for unverified users * updated docs
2025-11-02 12:21:53 +08:00 · 2021-09-04 18:11:48 +02:00
parent 7527902e9d
commit e59fb2c9b9
5 changed files with 28 additions and 33 deletions
--- a/tests/test_fastapi_users.py
+++ b/tests/test_fastapi_users.py
@ -191,7 +191,7 @@ class TestGetCurrentVerifiedUser:
            "/current-verified-user",
            headers={"Authorization": f"Bearer {user.id}"},
        )
-        assert response.status_code == status.HTTP_401_UNAUTHORIZED
+        assert response.status_code == status.HTTP_403_FORBIDDEN

    async def test_valid_token_verified_user(
        self, test_app_client: httpx.AsyncClient, verified_user: UserDB
@ -253,7 +253,7 @@ class TestGetCurrentVerifiedSuperuser:
            "/current-verified-superuser",
            headers={"Authorization": f"Bearer {user.id}"},
        )
-        assert response.status_code == status.HTTP_401_UNAUTHORIZED
+        assert response.status_code == status.HTTP_403_FORBIDDEN

    async def test_valid_token_verified_user(
        self, test_app_client: httpx.AsyncClient, verified_user: UserDB
@ -271,7 +271,7 @@ class TestGetCurrentVerifiedSuperuser:
            "/current-verified-superuser",
            headers={"Authorization": f"Bearer {superuser.id}"},
        )
-        assert response.status_code == status.HTTP_401_UNAUTHORIZED
+        assert response.status_code == status.HTTP_403_FORBIDDEN

    async def test_valid_token_verified_superuser(
        self, test_app_client: httpx.AsyncClient, verified_superuser: UserDB