* Revamp Transport so they always build a full Response object
* Fix linting
* Add private methods to set cookies on CookieTransport
* Change on_after_login login_return parameter to response
* Fix: LoginResponse is set to application/json, and should return response with status code 204 when body is empty.
The database backend login response is a cookie header with empty body. This causes issues when integrating the openapi schema into openapi-generator. Because the code generator expects the response to be a JSON when the status code isn't 204.
* Fix: Bump fastapi version to appropriate version for status code 204 handling.
* Build a full response for CookieTransport login_response
Co-authored-by: Can H. Tartanoglu <2947298-caniko@users.noreply.gitlab.com>
Co-authored-by: François Voron <fvoron@gmail.com>
* Use a generic Protocol model for User instead of Pydantic
* Remove UserDB Pydantic schema
* Harmonize schema variable naming to avoid confusions
* Revamp OAuth account model management
* Revamp AccessToken DB strategy to adopt generic model approach
* Make ID a generic instead of forcing UUIDs
* Improve generic typing
* Improve Strategy typing
* Tweak base DB typing
* Don't set Pydantic schemas on FastAPIUsers class: pass it directly on router creation
* Add IntegerIdMixin and export related classes
* Start to revamp doc for V10
* Revamp OAuth documentation
* Fix code highlights
* Write the 9.x.x ➡️ 10.x.x migration doc
* Fix pyproject.toml
* Implement RS256 for JWT auth
* Update docs with RS256 example
* Added ES256 tests
* Format with isort and black
* Removed example RSA key pair (so as not to tempt people to use it)
* Added pyjwt[crypto] to requirements
* Removed pycryptodome by hardcoding example keys
* Removed unnecessary Tuple import from typing
* logout response sets proper response headers
logout response is using starlette delete cookie. In starlette the samesite and secure attributes are not in the header but are needed to set the removed cookie client side. Implementing set_cookie with an empty cookie-value and a max_age of 0 will set a new expired cookie by the client.
related issue #846
* fixed linting
Co-authored-by: Pentem <martijn.pentenga@movares.nl>
* Added a failing test for the multi-oauth-router issue
* Fixed the #823 regression.
Using a regex for the backend name validation instead of an enum.
* Fixed formatting errors
* Moved the `AuthenticationBackendName` enum to `Authenticator`
This prevents an issue with OpenAPI schema generation caused by two
endpoints accepting a parameter with a duplicate name.
* Replace unused `for` index with underscore
* Use `items()` to directly unpack dictionary values
* Merge duplicate blocks in conditional
* Use `any()` instead of for loop
* Format __init__.py
* Fix#630: use relative tokenUrl as per the official recommendations
* Improve following review comments
* Fix unmatching backtick
* Improve consistency of authentication backend documentation
* Add routes for user activation (#403)
* Add routes for user activation
Generate a token after creating the user in register route, passing to `activation_callback`, if `activation_callback` supplied
Create new `/activate` route that will verify the token and activate the user
Add new error codes to `fastapi_users/router/common.py`
Update documentation
Add tests
Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk>
* Rework routes for user activation
* Separate verification logic and token generation into `/fastapi_users/router/verify.py`, with per-route callbacks for custom behaviour
* Return register router to original state
* Added `is_verified` property to user models
* Added `requires_verification` argument to `get_users_router`and `get_auth_router`
* Additional dependencies added for verification in `fastapi_users/authentication/__init__.py`
* Update tests for new behaviour
* Update `README.md` to describe a workaround for possible problems during testing, by exceeding ulimit file descriptor limit
Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk>
* Restored docs to original state.
* All other modifications reqested added
Kebab-case on request-verify-token
SECRET now used as test string
Other minor changes
Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk>
* Embed token in body in verify route
* Reorganize checks in verify route and add unit test
* Ignore coverage on Protocol classes
* Tweak verify_user function to take full user in parameter
* Improve unit tests structure regarding parametrized test client
* Make after_verification_request optional to be more consistent with other routers
* Tweak status codes on verify routes
* Write documentation for verification feature
* Add not released warning on verify docs
Co-authored-by: Edd Salkield <edd@salkield.uk>
Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk>
* Use UUID for user id and oauth account id
* Update documentation for UUID
* Tweak GUID definition of SQLAlchemy to match Tortoise ORM one
* Write migration doc
