mirror of
https://github.com/fastapi-users/fastapi-users.git
synced 2025-08-14 18:58:10 +08:00
72aa68c462
* Use a generic Protocol model for User instead of Pydantic
* Remove UserDB Pydantic schema
* Harmonize schema variable naming to avoid confusions
* Revamp OAuth account model management
* Revamp AccessToken DB strategy to adopt generic model approach
* Make ID a generic instead of forcing UUIDs
* Improve generic typing
* Improve Strategy typing
* Tweak base DB typing
* Don't set Pydantic schemas on FastAPIUsers class: pass it directly on router creation
* Add IntegerIdMixin and export related classes
* Start to revamp doc for V10
* Revamp OAuth documentation
* Fix code highlights
* Write the 9.x.x ➡️ 10.x.x migration doc
* Fix pyproject.toml
92 lines
3.3 KiB
Python
92 lines
3.3 KiB
Python
from typing import Tuple
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, Response, status
|
|
from fastapi.security import OAuth2PasswordRequestForm
|
|
|
|
from fastapi_users import models
|
|
from fastapi_users.authentication import AuthenticationBackend, Authenticator, Strategy
|
|
from fastapi_users.manager import BaseUserManager, UserManagerDependency
|
|
from fastapi_users.openapi import OpenAPIResponseType
|
|
from fastapi_users.router.common import ErrorCode, ErrorModel
|
|
|
|
|
|
def get_auth_router(
|
|
backend: AuthenticationBackend,
|
|
get_user_manager: UserManagerDependency[models.UP, models.ID],
|
|
authenticator: Authenticator,
|
|
requires_verification: bool = False,
|
|
) -> APIRouter:
|
|
"""Generate a router with login/logout routes for an authentication backend."""
|
|
router = APIRouter()
|
|
get_current_user_token = authenticator.current_user_token(
|
|
active=True, verified=requires_verification
|
|
)
|
|
|
|
login_responses: OpenAPIResponseType = {
|
|
status.HTTP_400_BAD_REQUEST: {
|
|
"model": ErrorModel,
|
|
"content": {
|
|
"application/json": {
|
|
"examples": {
|
|
ErrorCode.LOGIN_BAD_CREDENTIALS: {
|
|
"summary": "Bad credentials or the user is inactive.",
|
|
"value": {"detail": ErrorCode.LOGIN_BAD_CREDENTIALS},
|
|
},
|
|
ErrorCode.LOGIN_USER_NOT_VERIFIED: {
|
|
"summary": "The user is not verified.",
|
|
"value": {"detail": ErrorCode.LOGIN_USER_NOT_VERIFIED},
|
|
},
|
|
}
|
|
}
|
|
},
|
|
},
|
|
**backend.transport.get_openapi_login_responses_success(),
|
|
}
|
|
|
|
@router.post(
|
|
"/login",
|
|
name=f"auth:{backend.name}.login",
|
|
responses=login_responses,
|
|
)
|
|
async def login(
|
|
response: Response,
|
|
credentials: OAuth2PasswordRequestForm = Depends(),
|
|
user_manager: BaseUserManager[models.UP, models.ID] = Depends(get_user_manager),
|
|
strategy: Strategy[models.UP, models.ID] = Depends(backend.get_strategy),
|
|
):
|
|
user = await user_manager.authenticate(credentials)
|
|
|
|
if user is None or not user.is_active:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
detail=ErrorCode.LOGIN_BAD_CREDENTIALS,
|
|
)
|
|
if requires_verification and not user.is_verified:
|
|
raise HTTPException(
|
|
status_code=status.HTTP_400_BAD_REQUEST,
|
|
detail=ErrorCode.LOGIN_USER_NOT_VERIFIED,
|
|
)
|
|
return await backend.login(strategy, user, response)
|
|
|
|
logout_responses: OpenAPIResponseType = {
|
|
**{
|
|
status.HTTP_401_UNAUTHORIZED: {
|
|
"description": "Missing token or inactive user."
|
|
}
|
|
},
|
|
**backend.transport.get_openapi_logout_responses_success(),
|
|
}
|
|
|
|
@router.post(
|
|
"/logout", name=f"auth:{backend.name}.logout", responses=logout_responses
|
|
)
|
|
async def logout(
|
|
response: Response,
|
|
user_token: Tuple[models.UP, str] = Depends(get_current_user_token),
|
|
strategy: Strategy[models.UP, models.ID] = Depends(backend.get_strategy),
|
|
):
|
|
user, token = user_token
|
|
return await backend.logout(strategy, user, token, response)
|
|
|
|
return router
|