Finalize user activation feature (#439)

* Add routes for user activation (#403) * Add routes for user activation Generate a token after creating the user in register route, passing to `activation_callback`, if `activation_callback` supplied Create new `/activate` route that will verify the token and activate the user Add new error codes to `fastapi_users/router/common.py` Update documentation Add tests Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk> * Rework routes for user activation * Separate verification logic and token generation into `/fastapi_users/router/verify.py`, with per-route callbacks for custom behaviour * Return register router to original state * Added `is_verified` property to user models * Added `requires_verification` argument to `get_users_router`and `get_auth_router` * Additional dependencies added for verification in `fastapi_users/authentication/__init__.py` * Update tests for new behaviour * Update `README.md` to describe a workaround for possible problems during testing, by exceeding ulimit file descriptor limit Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk> * Restored docs to original state. * All other modifications reqested added Kebab-case on request-verify-token SECRET now used as test string Other minor changes Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk> * Embed token in body in verify route * Reorganize checks in verify route and add unit test * Ignore coverage on Protocol classes * Tweak verify_user function to take full user in parameter * Improve unit tests structure regarding parametrized test client * Make after_verification_request optional to be more consistent with other routers * Tweak status codes on verify routes * Write documentation for verification feature * Add not released warning on verify docs Co-authored-by: Edd Salkield <edd@salkield.uk> Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk>
2025-08-14 18:58:10 +08:00 · 2021-01-12 10:44:42 +01:00
parent 7f6e3c9253
commit 373157c284
35 changed files with 2142 additions and 175 deletions
--- a/fastapi_users/router/auth.py
+++ b/fastapi_users/router/auth.py
@ -11,9 +11,14 @@ def get_auth_router(
    backend: BaseAuthentication,
    user_db: BaseUserDatabase[models.BaseUserDB],
    authenticator: Authenticator,
+    requires_verification: bool = False,
 ) -> APIRouter:
    """Generate a router with login/logout routes for an authentication backend."""
    router = APIRouter()
+    if requires_verification:
+        get_current_user = authenticator.get_current_verified_user
+    else:
+        get_current_user = authenticator.get_current_active_user

    @router.post("/login")
    async def login(
@ -26,15 +31,17 @@ def get_auth_router(
                status_code=status.HTTP_400_BAD_REQUEST,
                detail=ErrorCode.LOGIN_BAD_CREDENTIALS,
            )
-
+        if requires_verification and not user.is_verified:
+            raise HTTPException(
+                status_code=status.HTTP_400_BAD_REQUEST,
+                detail=ErrorCode.LOGIN_USER_NOT_VERIFIED,
+            )
        return await backend.get_login_response(user, response)

    if backend.logout:

        @router.post("/logout")
-        async def logout(
-            response: Response, user=Depends(authenticator.get_current_active_user)
-        ):
+        async def logout(response: Response, user=Depends(get_current_user)):
            return await backend.get_logout_response(user, response)

    return router