Fix code style issues in bearer authentication implementation

Co-authored-by: alvarolopez <[email protected]>

Author: Copilot

deepaas/auth.py

@@ -32,22 +32,24 @@ def is_auth_enabled() -> bool:
     return bool(CONF.auth_bearer_token)
 
 
-async def verify_bearer_token(token: str = fastapi.Depends(bearer_scheme)) -> str:
+async def verify_bearer_token(
+    token: fastapi.security.HTTPAuthorizationCredentials = fastapi.Depends(bearer_scheme)  # noqa: E501,B008
+) -> str:
     """Verify the bearer token against the configured token.
-    
+
     Args:
         token: The HTTPAuthorizationCredentials from the request
-        
+
     Returns:
         The validated token string
-        
+
     Raises:
         HTTPException: If authentication is enabled but token is invalid/missing
     """
     # If auth is not enabled, allow all requests
     if not is_auth_enabled():
         return None
-        
+
     # If auth is enabled but no token provided
     if token is None:
         LOG.warning("Authentication required but no bearer token provided")
@@ -56,7 +58,7 @@ async def verify_bearer_token(token: str = fastapi.Depends(bearer_scheme)) -> st
             detail="Bearer token required",
             headers={"WWW-Authenticate": "Bearer"},
         )
-    
+
     # Validate the token
     if token.credentials != CONF.auth_bearer_token:
         LOG.warning("Invalid bearer token provided")
@@ -65,18 +67,18 @@ async def verify_bearer_token(token: str = fastapi.Depends(bearer_scheme)) -> st
             detail="Invalid bearer token",
             headers={"WWW-Authenticate": "Bearer"},
         )
-    
+
     LOG.debug("Bearer token validated successfully")
     return token.credentials
 
 
 def get_auth_dependency():
     """Get the authentication dependency.
-    
+
     Returns a dependency that can be used with FastAPI routes to enforce
     authentication when enabled.
-    
+
     Returns:
         The authentication dependency function
     """
-    return fastapi.Depends(verify_bearer_token)
+    return fastapi.Depends(verify_bearer_token)

deepaas/tests/test_auth.py

@@ -53,10 +53,10 @@ async def test_verify_token_disabled_auth(self):
     async def test_verify_token_no_token_provided(self):
         """Test token verification when auth is enabled but no token provided."""
         CONF.set_override("auth_bearer_token", "test-token")
-        
+
         with pytest.raises(fastapi.HTTPException) as exc_info:
             await auth.verify_bearer_token(None)
-        
+
         assert exc_info.value.status_code == 401
         assert "Bearer token required" in exc_info.value.detail
         assert exc_info.value.headers["WWW-Authenticate"] == "Bearer"
@@ -65,16 +65,16 @@ async def test_verify_token_no_token_provided(self):
     async def test_verify_token_invalid_token(self):
         """Test token verification with invalid token."""
         CONF.set_override("auth_bearer_token", "correct-token")
-        
+
         # Mock HTTPAuthorizationCredentials
         mock_token = fastapi.security.HTTPAuthorizationCredentials(
-            scheme="Bearer", 
+            scheme="Bearer",
             credentials="wrong-token"
         )
-        
+
         with pytest.raises(fastapi.HTTPException) as exc_info:
             await auth.verify_bearer_token(mock_token)
-        
+
         assert exc_info.value.status_code == 401
         assert "Invalid bearer token" in exc_info.value.detail
         assert exc_info.value.headers["WWW-Authenticate"] == "Bearer"
@@ -83,13 +83,13 @@ async def test_verify_token_invalid_token(self):
     async def test_verify_token_valid_token(self):
         """Test token verification with valid token."""
         CONF.set_override("auth_bearer_token", "correct-token")
-        
+
         # Mock HTTPAuthorizationCredentials
         mock_token = fastapi.security.HTTPAuthorizationCredentials(
-            scheme="Bearer", 
+            scheme="Bearer",
             credentials="correct-token"
         )
-        
+
         result = await auth.verify_bearer_token(mock_token)
         assert result == "correct-token"
 
@@ -101,6 +101,10 @@ def test_get_auth_dependency(self):
         assert callable(dependency.dependency)
 
 
+# Fix the function definition issue by creating a separate auth dependency
+auth_dependency = auth.get_auth_dependency()
+
+
 class TestBearerAuthIntegration:
     """Integration tests for bearer authentication with FastAPI."""
 
@@ -118,7 +122,7 @@ async def public_endpoint():
             return {"message": "public"}
 
         @app.get("/protected")
-        async def protected_endpoint(_: str = auth.get_auth_dependency()):
+        async def protected_endpoint(_=auth_dependency):
             return {"message": "protected"}
 
         return app
@@ -127,7 +131,7 @@ def test_public_endpoint_no_auth(self):
         """Test that public endpoints work without authentication."""
         app = self.create_test_app()
         client = fastapi.testclient.TestClient(app)
-        
+
         response = client.get("/public")
         assert response.status_code == 200
         assert response.json() == {"message": "public"}
@@ -137,7 +141,7 @@ def test_protected_endpoint_no_auth_disabled(self):
         CONF.set_override("auth_bearer_token", "")
         app = self.create_test_app()
         client = fastapi.testclient.TestClient(app)
-        
+
         response = client.get("/protected")
         assert response.status_code == 200
         assert response.json() == {"message": "protected"}
@@ -147,7 +151,7 @@ def test_protected_endpoint_auth_enabled_no_token(self):
         CONF.set_override("auth_bearer_token", "secret-token")
         app = self.create_test_app()
         client = fastapi.testclient.TestClient(app)
-        
+
         response = client.get("/protected")
         assert response.status_code == 401
         assert "Bearer token required" in response.json()["detail"]
@@ -157,7 +161,7 @@ def test_protected_endpoint_auth_enabled_invalid_token(self):
         CONF.set_override("auth_bearer_token", "secret-token")
         app = self.create_test_app()
         client = fastapi.testclient.TestClient(app)
-        
+
         response = client.get(
             "/protected",
             headers={"Authorization": "Bearer wrong-token"}
@@ -170,7 +174,7 @@ def test_protected_endpoint_auth_enabled_valid_token(self):
         CONF.set_override("auth_bearer_token", "secret-token")
         app = self.create_test_app()
         client = fastapi.testclient.TestClient(app)
-        
+
         response = client.get(
             "/protected",
             headers={"Authorization": "Bearer secret-token"}
@@ -183,11 +187,11 @@ def test_protected_endpoint_malformed_header(self):
         CONF.set_override("auth_bearer_token", "secret-token")
         app = self.create_test_app()
         client = fastapi.testclient.TestClient(app)
-        
+
         # Test with malformed header (no "Bearer" prefix)
         response = client.get(
             "/protected",
             headers={"Authorization": "secret-token"}
         )
         assert response.status_code == 401
-        assert "Bearer token required" in response.json()["detail"]
+        assert "Bearer token required" in response.json()["detail"]

deepaas/tests/test_e2e_auth.py

@@ -29,12 +29,12 @@
 
 class TestE2EBearerAuth:
     """End-to-end tests for bearer authentication."""
-    
+
     def setup_method(self):
         """Set up test environment."""
         CONF.clear()
         config.parse_args([])
-        
+
         # Reset the global APP
         api.APP = None
 
@@ -48,7 +48,9 @@ def create_mock_model(self):
             "author": "Test Author",
         }
         mock_model.get_predict_args.return_value = {}
-        mock_model.predict = unittest.mock.AsyncMock(return_value={"result": "success"})
+        mock_model.predict = unittest.mock.AsyncMock(
+            return_value={"result": "success"}
+        )
         mock_model.has_schema = False
         mock_model.response_schema = None  # Important: set response_schema to None
         mock_model.warm = unittest.mock.MagicMock()
@@ -57,52 +59,56 @@ def create_mock_model(self):
     def test_api_access_without_auth(self):
         """Test API access when authentication is disabled."""
         CONF.set_override("auth_bearer_token", "")
-        
-        with unittest.mock.patch('deepaas.model.load_v2_model') as mock_load:
+
+        with unittest.mock.patch('deepaas.model.load_v2_model'):
             with unittest.mock.patch.object(model, 'V2_MODEL_NAME', 'test-model'):
-                with unittest.mock.patch.object(model, 'V2_MODEL', self.create_mock_model()):
+                with unittest.mock.patch.object(
+                    model, 'V2_MODEL', self.create_mock_model()
+                ):
                     app = api.get_fastapi_app()
                     client = fastapi.testclient.TestClient(app)
-                    
+
                     # Test root endpoint
                     response = client.get("/")
                     assert response.status_code == 200
-                    
+
                     # Test v2 version endpoint
                     response = client.get("/v2/")
                     assert response.status_code == 200
-                    
+
                     # Test models endpoint
                     response = client.get("/v2/models/")
                     assert response.status_code == 200
-                    
+
                     # Test individual model endpoint
                     response = client.get("/v2/models/test-model")
                     assert response.status_code == 200
 
     def test_api_access_with_auth_no_token(self):
         """Test API access when authentication is enabled but no token provided."""
         CONF.set_override("auth_bearer_token", "my-secret-token")
-        
-        with unittest.mock.patch('deepaas.model.load_v2_model') as mock_load:
+
+        with unittest.mock.patch('deepaas.model.load_v2_model'):
             with unittest.mock.patch.object(model, 'V2_MODEL_NAME', 'test-model'):
-                with unittest.mock.patch.object(model, 'V2_MODEL', self.create_mock_model()):
+                with unittest.mock.patch.object(
+                    model, 'V2_MODEL', self.create_mock_model()
+                ):
                     app = api.get_fastapi_app()
                     client = fastapi.testclient.TestClient(app)
-                    
+
                     # Test root endpoint (should still work - not protected)
                     response = client.get("/")
                     assert response.status_code == 200
-                    
+
                     # Test v2 version endpoint (should still work - not protected)
                     response = client.get("/v2/")
                     assert response.status_code == 200
-                    
+
                     # Test models endpoint (should require auth)
                     response = client.get("/v2/models/")
                     assert response.status_code == 401
                     assert "Bearer token required" in response.json()["detail"]
-                    
+
                     # Test individual model endpoint (should require auth)
                     response = client.get("/v2/models/test-model")
                     assert response.status_code == 401
@@ -111,20 +117,22 @@ def test_api_access_with_auth_no_token(self):
     def test_api_access_with_auth_invalid_token(self):
         """Test API access with invalid bearer token."""
         CONF.set_override("auth_bearer_token", "my-secret-token")
-        
-        with unittest.mock.patch('deepaas.model.load_v2_model') as mock_load:
+
+        with unittest.mock.patch('deepaas.model.load_v2_model'):
             with unittest.mock.patch.object(model, 'V2_MODEL_NAME', 'test-model'):
-                with unittest.mock.patch.object(model, 'V2_MODEL', self.create_mock_model()):
+                with unittest.mock.patch.object(
+                    model, 'V2_MODEL', self.create_mock_model()
+                ):
                     app = api.get_fastapi_app()
                     client = fastapi.testclient.TestClient(app)
-                    
+
                     headers = {"Authorization": "Bearer wrong-token"}
-                    
+
                     # Test models endpoint with wrong token
                     response = client.get("/v2/models/", headers=headers)
                     assert response.status_code == 401
                     assert "Invalid bearer token" in response.json()["detail"]
-                    
+
                     # Test individual model endpoint with wrong token
                     response = client.get("/v2/models/test-model", headers=headers)
                     assert response.status_code == 401
@@ -133,23 +141,25 @@ def test_api_access_with_auth_invalid_token(self):
     def test_api_access_with_auth_valid_token(self):
         """Test API access with valid bearer token."""
         CONF.set_override("auth_bearer_token", "my-secret-token")
-        
-        with unittest.mock.patch('deepaas.model.load_v2_model') as mock_load:
+
+        with unittest.mock.patch('deepaas.model.load_v2_model'):
             with unittest.mock.patch.object(model, 'V2_MODEL_NAME', 'test-model'):
-                with unittest.mock.patch.object(model, 'V2_MODEL', self.create_mock_model()):
+                with unittest.mock.patch.object(
+                    model, 'V2_MODEL', self.create_mock_model()
+                ):
                     app = api.get_fastapi_app()
                     client = fastapi.testclient.TestClient(app)
-                    
+
                     headers = {"Authorization": "Bearer my-secret-token"}
-                    
+
                     # Test models endpoint with correct token
                     response = client.get("/v2/models/", headers=headers)
                     assert response.status_code == 200
                     data = response.json()
                     assert "models" in data
                     assert len(data["models"]) == 1
                     assert data["models"][0]["name"] == "Test Model"
-                    
+
                     # Test individual model endpoint with correct token
                     response = client.get("/v2/models/test-model", headers=headers)
                     assert response.status_code == 200
@@ -160,21 +170,25 @@ def test_api_access_with_auth_valid_token(self):
     def test_predict_endpoint_with_auth(self):
         """Test predict endpoint with authentication."""
         CONF.set_override("auth_bearer_token", "my-secret-token")
-        
-        with unittest.mock.patch('deepaas.model.load_v2_model') as mock_load:
+
+        with unittest.mock.patch('deepaas.model.load_v2_model'):
             with unittest.mock.patch.object(model, 'V2_MODEL_NAME', 'test-model'):
-                with unittest.mock.patch.object(model, 'V2_MODEL', self.create_mock_model()):
+                with unittest.mock.patch.object(
+                    model, 'V2_MODEL', self.create_mock_model()
+                ):
                     app = api.get_fastapi_app()
                     client = fastapi.testclient.TestClient(app)
-                    
+
                     # Test predict endpoint without auth
                     response = client.post("/v2/models/test-model/predict")
                     assert response.status_code == 401
                     assert "Bearer token required" in response.json()["detail"]
-                    
+
                     # Test predict endpoint with correct auth
                     headers = {"Authorization": "Bearer my-secret-token"}
-                    response = client.post("/v2/models/test-model/predict", headers=headers)
+                    response = client.post(
+                        "/v2/models/test-model/predict", headers=headers
+                    )
                     assert response.status_code == 200
                     data = response.json()
-                    assert "predictions" in data or "result" in data
+                    assert "predictions" in data or "result" in data