373157c284
* Add routes for user activation (#403) * Add routes for user activation Generate a token after creating the user in register route, passing to `activation_callback`, if `activation_callback` supplied Create new `/activate` route that will verify the token and activate the user Add new error codes to `fastapi_users/router/common.py` Update documentation Add tests Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk> * Rework routes for user activation * Separate verification logic and token generation into `/fastapi_users/router/verify.py`, with per-route callbacks for custom behaviour * Return register router to original state * Added `is_verified` property to user models * Added `requires_verification` argument to `get_users_router`and `get_auth_router` * Additional dependencies added for verification in `fastapi_users/authentication/__init__.py` * Update tests for new behaviour * Update `README.md` to describe a workaround for possible problems during testing, by exceeding ulimit file descriptor limit Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk> * Restored docs to original state. * All other modifications reqested added Kebab-case on request-verify-token SECRET now used as test string Other minor changes Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk> * Embed token in body in verify route * Reorganize checks in verify route and add unit test * Ignore coverage on Protocol classes * Tweak verify_user function to take full user in parameter * Improve unit tests structure regarding parametrized test client * Make after_verification_request optional to be more consistent with other routers * Tweak status codes on verify routes * Write documentation for verification feature * Add not released warning on verify docs Co-authored-by: Edd Salkield <edd@salkield.uk> Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk>
4.8 KiB
Dependency callables
FastAPI Users provides dependency callables to easily inject users in your routes. They are available from your FastAPIUsers instance.
!!! tip For more information about how to make an authenticated request to your API, check the documentation of your Authentication method.
get_current_user
Get the current user (active or not). Will throw a 401 Unauthorized if missing or wrong credentials.
@app.get("/protected-route")
def protected_route(user: User = Depends(fastapi_users.get_current_user)):
return f"Hello, {user.email}"
get_current_active_user
Get the current active user. Will throw a 401 Unauthorized if missing or wrong credentials or if the user is not active.
@app.get("/protected-route")
def protected_route(user: User = Depends(fastapi_users.get_current_active_user)):
return f"Hello, {user.email}"
get_current_verified_user
Get the current active and verified user. Will throw a 401 Unauthorized if missing or wrong credentials or if the user is not active and verified.
@app.get("/protected-route")
def protected_route(user: User = Depends(fastapi_users.get_current_verified_user)):
return f"Hello, {user.email}"
get_current_superuser
Get the current superuser. Will throw a 401 Unauthorized if missing or wrong credentials or if the user is not active. Will throw a 403 Forbidden if the user is not a superuser.
@app.get("/protected-route")
def protected_route(user: User = Depends(fastapi_users.get_current_superuser)):
return f"Hello, {user.email}"
get_current_verified_superuser
Get the current verified superuser. Will throw a 401 Unauthorized if missing or wrong credentials or if the user is not active and verified. Will throw a 403 Forbidden if the user is not a superuser.
@app.get("/protected-route")
def protected_route(user: User = Depends(fastapi_users.get_current_verified_superuser)):
return f"Hello, {user.email}"
get_optional_current_user
Get the current user (active or not). Will return None if missing or wrong credentials. It can be useful if you wish to change the behaviour of your endpoint if a user is logged in or not.
@app.get("/optional-user-route")
def optional_user_route(user: Optional[User] = Depends(fastapi_users.get_optional_current_user)):
if user:
return f"Hello, {user.email}"
else:
return "Hello, anonymous"
get_optional_current_active_user
Get the current active user. Will return None if missing or wrong credentials or if the user is not active. It can be useful if you wish to change the behaviour of your endpoint if a user is logged in or not.
@app.get("/optional-user-route")
def optional_user_route(user: User = Depends(fastapi_users.get_optional_current_active_user)):
if user:
return f"Hello, {user.email}"
else:
return "Hello, anonymous"
get_optional_current_verified_user
Get the current active and verified user. Will return None if missing or wrong credentials or if the user is not active and verified. It can be useful if you wish to change the behaviour of your endpoint if a user is logged in or not.
@app.get("/optional-user-route")
def optional_user_route(user: User = Depends(fastapi_users.get_optional_current_verified_user)):
if user:
return f"Hello, {user.email}"
else:
return "Hello, anonymous"
get_optional_current_superuser
Get the current superuser. Will return None if missing or wrong credentials or if the user is not active. It can be useful if you wish to change the behaviour of your endpoint if a user is logged in or not.
@app.get("/optional-user-route")
def optional_user_route(user: User = Depends(fastapi_users.get_optional_current_superuser)):
if user:
return f"Hello, {user.email}"
else:
return "Hello, anonymous"
get_optional_current_verified_superuser
Get the current active and verified superuser. Will return None if missing or wrong credentials or if the user is not active and verified. It can be useful if you wish to change the behaviour of your endpoint if a user is logged in or not.
@app.get("/optional-user-route")
def optional_user_route(user: User = Depends(fastapi_users.get_optional_current_verified_superuser)):
if user:
return f"Hello, {user.email}"
else:
return "Hello, anonymous"
In path operation
If you don't need the user in the route logic, you can use this syntax:
@app.get("/protected-route", dependencies=[Depends(fastapi_users.get_current_superuser)])
def protected_route():
return "Hello, some user."
You can read more about this in FastAPI docs.