Breaking changes
----------------
* Transport classes now always build full response objects instead of using the implicit FastAPI `Response` object.
* If you were not implementing your own custom transport classes, you will have nothing to do.
* If you implemented custom classes, you should adapt them so they return a `Response` object. [[Example](8959a12d56/fastapi_users/authentication/transport/bearer.py)]
* Cookie transport now returns a proper `204 No Content` response on logout, which should please OpenAPI Generators. Thanks @caniko 🎉
New features
------------
* `on_after_login` method now accepts `response` in argument, which is the `Response` object built by the transport. [[Documentation](https://fastapi-users.github.io/fastapi-users/latest/configuration/user-manager/#on_after_login)] Thanks @sorasful 🎉
Bug fixes
---------
* Fix#1166: add type hint to /users/{id} routes. Thanks @gegnew 🎉
* Fix `/verify` route returning `null` user ID with Beanie. Thanks @jankadel 🎉
* Update verify.py
When using a schema setup as proposed in the documentation like: ReadUser, CreateUser, UpdateUser and BaseUser in the combination with MongoDB / Beanie, the verify() method will not "enforce" the `user_schema` but instead will return the `BaseUser` which will cause serialisation errors as such:
```
pydantic.error_wrappers.ValidationError: 1 validation error for ReadUser
response -> id
```
because the mapping between MongoDBs internal `_id` and the Pydantic `id` does not work.
* use `from_orm`
* Revamp Transport so they always build a full Response object
* Fix linting
* Add private methods to set cookies on CookieTransport
* Change on_after_login login_return parameter to response
Improvements
------------
* Ensure the reset password token can be used only once.
* Change JWT access token structure to use standard `sub` claim instead of `user_id`.
* ⚠ Existing JWT will be invalidated
* Change verify and reset password tokens structure to use standard `sub` claim instead of `user_id`.
Improvements
------------
* Bump `httpx-oauth >=0.4,<0.11`
* With `httpx-oauth >= 0.10`, the OAuth2 client may be not able to return an email address depending on the OAuth Provider. In this case, the error `OAUTH_NOT_AVAILABLE_EMAIL` is raised during `/callback`. [[Documentation](https://fastapi-users.github.io/fastapi-users/10.2/usage/routes/#get-callback)]
* Enable Python 3.11 support in CI
New features
------------
* Trigger custom logic after user login with `on_after_login`. [[Documentation]()] Thanks @antont 🎉
Improvements
------------
* Bump dependencies:
* `email-validator >=1.1.0,<1.4`
* `pyjwt[crypto] ==2.5.0`
* Use Hatch for environment and package management
* on_after_login minimal impl.
Questions: is the spot logical for after method? Is after the internal login call.
Would before_login be needed? Maybe not, as auth is the way to do pre-login things.
Added fastapi request as a param just in case, as other callbacks had it too.
Docs addition is missing.
* tried to complete the implementation, but the test with user_manager.on_after_login.called fails though
* move on_after_login tests to right place, to TestLogin. These ones pass.
TODO: check TestCallback
* on_after_login tests to TestCallback too, for oauth. Apparently test_redirect_url_router fires the callback too, I guess that's correct, am not using oauth myself.
* fix formatting with make format
* docs for on_after_login
Co-authored-by: Toni Alatalo <toni.alatalo@gmail.com>
* Fix: LoginResponse is set to application/json, and should return response with status code 204 when body is empty.
The database backend login response is a cookie header with empty body. This causes issues when integrating the openapi schema into openapi-generator. Because the code generator expects the response to be a JSON when the status code isn't 204.
* Fix: Bump fastapi version to appropriate version for status code 204 handling.
* Build a full response for CookieTransport login_response
Co-authored-by: Can H. Tartanoglu <2947298-caniko@users.noreply.gitlab.com>
Co-authored-by: François Voron <fvoron@gmail.com>
