mirror of
https://github.com/fastapi-users/fastapi-users.git
synced 2025-08-14 18:58:10 +08:00
373157c284
* Add routes for user activation (#403) * Add routes for user activation Generate a token after creating the user in register route, passing to `activation_callback`, if `activation_callback` supplied Create new `/activate` route that will verify the token and activate the user Add new error codes to `fastapi_users/router/common.py` Update documentation Add tests Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk> * Rework routes for user activation * Separate verification logic and token generation into `/fastapi_users/router/verify.py`, with per-route callbacks for custom behaviour * Return register router to original state * Added `is_verified` property to user models * Added `requires_verification` argument to `get_users_router`and `get_auth_router` * Additional dependencies added for verification in `fastapi_users/authentication/__init__.py` * Update tests for new behaviour * Update `README.md` to describe a workaround for possible problems during testing, by exceeding ulimit file descriptor limit Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk> * Restored docs to original state. * All other modifications reqested added Kebab-case on request-verify-token SECRET now used as test string Other minor changes Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk> * Embed token in body in verify route * Reorganize checks in verify route and add unit test * Ignore coverage on Protocol classes * Tweak verify_user function to take full user in parameter * Improve unit tests structure regarding parametrized test client * Make after_verification_request optional to be more consistent with other routers * Tweak status codes on verify routes * Write documentation for verification feature * Add not released warning on verify docs Co-authored-by: Edd Salkield <edd@salkield.uk> Co-authored-by: Mark Todd <markpeter.todd@hotmail.co.uk>
108 lines
3.7 KiB
Python
108 lines
3.7 KiB
Python
from typing import Any, Callable, Dict, Optional, Type, cast
|
|
|
|
from fastapi import APIRouter, Depends, HTTPException, Request, status
|
|
from pydantic import UUID4
|
|
|
|
from fastapi_users import models
|
|
from fastapi_users.authentication import Authenticator
|
|
from fastapi_users.db import BaseUserDatabase
|
|
from fastapi_users.password import get_password_hash
|
|
from fastapi_users.router.common import run_handler
|
|
|
|
|
|
def get_users_router(
|
|
user_db: BaseUserDatabase[models.BaseUserDB],
|
|
user_model: Type[models.BaseUser],
|
|
user_update_model: Type[models.BaseUserUpdate],
|
|
user_db_model: Type[models.BaseUserDB],
|
|
authenticator: Authenticator,
|
|
after_update: Optional[Callable[[models.UD, Dict[str, Any], Request], None]] = None,
|
|
requires_verification: bool = False,
|
|
) -> APIRouter:
|
|
"""Generate a router with the authentication routes."""
|
|
router = APIRouter()
|
|
|
|
if requires_verification:
|
|
get_current_active_user = authenticator.get_current_verified_user
|
|
get_current_superuser = authenticator.get_current_verified_superuser
|
|
else:
|
|
get_current_active_user = authenticator.get_current_active_user
|
|
get_current_superuser = authenticator.get_current_superuser
|
|
|
|
async def _get_or_404(id: UUID4) -> models.BaseUserDB:
|
|
user = await user_db.get(id)
|
|
if user is None:
|
|
raise HTTPException(status_code=status.HTTP_404_NOT_FOUND)
|
|
return user
|
|
|
|
async def _update_user(
|
|
user: models.BaseUserDB, update_dict: Dict[str, Any], request: Request
|
|
):
|
|
for field in update_dict:
|
|
if field == "password":
|
|
hashed_password = get_password_hash(update_dict[field])
|
|
user.hashed_password = hashed_password
|
|
else:
|
|
setattr(user, field, update_dict[field])
|
|
updated_user = await user_db.update(user)
|
|
if after_update:
|
|
await run_handler(after_update, updated_user, update_dict, request)
|
|
return updated_user
|
|
|
|
@router.get("/me", response_model=user_model)
|
|
async def me(
|
|
user: user_db_model = Depends(get_current_active_user), # type: ignore
|
|
):
|
|
return user
|
|
|
|
@router.patch("/me", response_model=user_model)
|
|
async def update_me(
|
|
request: Request,
|
|
updated_user: user_update_model, # type: ignore
|
|
user: user_db_model = Depends(get_current_active_user), # type: ignore
|
|
):
|
|
updated_user = cast(
|
|
models.BaseUserUpdate,
|
|
updated_user,
|
|
) # Prevent mypy complain
|
|
updated_user_data = updated_user.create_update_dict()
|
|
updated_user = await _update_user(user, updated_user_data, request)
|
|
|
|
return updated_user
|
|
|
|
@router.get(
|
|
"/{id}",
|
|
response_model=user_model,
|
|
dependencies=[Depends(get_current_superuser)],
|
|
)
|
|
async def get_user(id: UUID4):
|
|
return await _get_or_404(id)
|
|
|
|
@router.patch(
|
|
"/{id}",
|
|
response_model=user_model,
|
|
dependencies=[Depends(get_current_superuser)],
|
|
)
|
|
async def update_user(
|
|
id: UUID4, updated_user: user_update_model, request: Request # type: ignore
|
|
):
|
|
updated_user = cast(
|
|
models.BaseUserUpdate,
|
|
updated_user,
|
|
) # Prevent mypy complain
|
|
user = await _get_or_404(id)
|
|
updated_user_data = updated_user.create_update_dict_superuser()
|
|
return await _update_user(user, updated_user_data, request)
|
|
|
|
@router.delete(
|
|
"/{id}",
|
|
status_code=status.HTTP_204_NO_CONTENT,
|
|
dependencies=[Depends(get_current_superuser)],
|
|
)
|
|
async def delete_user(id: UUID4):
|
|
user = await _get_or_404(id)
|
|
await user_db.delete(user)
|
|
return None
|
|
|
|
return router
|