* Implement RS256 for JWT auth
* Update docs with RS256 example
* Added ES256 tests
* Format with isort and black
* Removed example RSA key pair (so as not to tempt people to use it)
* Added pyjwt[crypto] to requirements
* Removed pycryptodome by hardcoding example keys
* Removed unnecessary Tuple import from typing
* logout response sets proper response headers
logout response is using starlette delete cookie. In starlette the samesite and secure attributes are not in the header but are needed to set the removed cookie client side. Implementing set_cookie with an empty cookie-value and a max_age of 0 will set a new expired cookie by the client.
related issue #846
* fixed linting
Co-authored-by: Pentem <martijn.pentenga@movares.nl>
* Added a failing test for the multi-oauth-router issue
* Fixed the #823 regression.
Using a regex for the backend name validation instead of an enum.
* Fixed formatting errors
* Moved the `AuthenticationBackendName` enum to `Authenticator`
This prevents an issue with OpenAPI schema generation caused by two
endpoints accepting a parameter with a duplicate name.
* Replace unused `for` index with underscore
* Use `items()` to directly unpack dictionary values
* Merge duplicate blocks in conditional
* Use `any()` instead of for loop
* Format __init__.py
* Fix#630: use relative tokenUrl as per the official recommendations
* Improve following review comments
* Fix unmatching backtick
* Improve consistency of authentication backend documentation
* Add routes for user activation (#403)
* Add routes for user activation
Generate a token after creating the user in register route, passing to `activation_callback`, if `activation_callback` supplied
Create new `/activate` route that will verify the token and activate the user
Add new error codes to `fastapi_users/router/common.py`
Update documentation
Add tests
Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk>
* Rework routes for user activation
* Separate verification logic and token generation into `/fastapi_users/router/verify.py`, with per-route callbacks for custom behaviour
* Return register router to original state
* Added `is_verified` property to user models
* Added `requires_verification` argument to `get_users_router`and `get_auth_router`
* Additional dependencies added for verification in `fastapi_users/authentication/__init__.py`
* Update tests for new behaviour
* Update `README.md` to describe a workaround for possible problems during testing, by exceeding ulimit file descriptor limit
Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk>
* Restored docs to original state.
* All other modifications reqested added
Kebab-case on request-verify-token
SECRET now used as test string
Other minor changes
Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk>
* Embed token in body in verify route
* Reorganize checks in verify route and add unit test
* Ignore coverage on Protocol classes
* Tweak verify_user function to take full user in parameter
* Improve unit tests structure regarding parametrized test client
* Make after_verification_request optional to be more consistent with other routers
* Tweak status codes on verify routes
* Write documentation for verification feature
* Add not released warning on verify docs
Co-authored-by: Edd Salkield <edd@salkield.uk>
Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk>
* Use UUID for user id and oauth account id
* Update documentation for UUID
* Tweak GUID definition of SQLAlchemy to match Tortoise ORM one
* Write migration doc
* Fix#36: fix token url in auto doc
* Define OAuth scheme in authentication base with default /users/login tokenUrl
* Allow to override it through contructor argument of auth class
* Fix test coverage of BaseAuthentication
