Compare commits
3 Commits
4e47ce80fd
...
67a570ceac
| Author | SHA1 | Date | |
|---|---|---|---|
|
67a570ceac | ||
|
|
966b59ff20 | ||
|
|
b87c37b149 |
@@ -27,7 +27,7 @@ async def login(
|
|||||||
session: sessionDep,
|
session: sessionDep,
|
||||||
credential: Annotated[OAuth2PasswordRequestForm, Depends()],
|
credential: Annotated[OAuth2PasswordRequestForm, Depends()],
|
||||||
response: Response,
|
response: Response,
|
||||||
fingerprint: str = Form(),
|
fingerprint: str = Form(min_length=5),
|
||||||
):
|
):
|
||||||
result = await AuthService(session).login(
|
result = await AuthService(session).login(
|
||||||
credential.username, credential.password, fingerprint=fingerprint
|
credential.username, credential.password, fingerprint=fingerprint
|
||||||
@@ -38,7 +38,7 @@ async def login(
|
|||||||
httponly=True,
|
httponly=True,
|
||||||
samesite="lax",
|
samesite="lax",
|
||||||
path=settings.api.v1_login_url,
|
path=settings.api.v1_login_url,
|
||||||
max_age=60 * 60 * 24 * 7,
|
max_age=60 * 60 * 24 * settings.refresh_token.expire_days,
|
||||||
)
|
)
|
||||||
return result
|
return result
|
||||||
|
|
||||||
|
|||||||
@@ -47,7 +47,9 @@ class Settings(BaseSettings):
|
|||||||
db: DbSettings = DbSettings()
|
db: DbSettings = DbSettings()
|
||||||
access_token: AccessToken
|
access_token: AccessToken
|
||||||
refresh_token: RefreshToken
|
refresh_token: RefreshToken
|
||||||
model_config = SettingsConfigDict(env_file=".env", env_file_encoding="utf-8", env_nested_delimiter='__')
|
model_config = SettingsConfigDict(
|
||||||
|
env_file=".env", env_file_encoding="utf-8", env_nested_delimiter="__"
|
||||||
|
)
|
||||||
|
|
||||||
|
|
||||||
settings = Settings() # type: ignore
|
settings = Settings() # type: ignore
|
||||||
|
|||||||
@@ -5,14 +5,15 @@ Revises: b879d3502c37
|
|||||||
Create Date: 2025-09-21 20:16:48.289050
|
Create Date: 2025-09-21 20:16:48.289050
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
from typing import Sequence, Union
|
from typing import Sequence, Union
|
||||||
|
|
||||||
import sqlalchemy as sa
|
import sqlalchemy as sa
|
||||||
from alembic import op
|
from alembic import op
|
||||||
|
|
||||||
# revision identifiers, used by Alembic.
|
# revision identifiers, used by Alembic.
|
||||||
revision: str = '5821f37941a8'
|
revision: str = "5821f37941a8"
|
||||||
down_revision: Union[str, None] = 'b879d3502c37'
|
down_revision: Union[str, None] = "b879d3502c37"
|
||||||
branch_labels: Union[str, Sequence[str], None] = None
|
branch_labels: Union[str, Sequence[str], None] = None
|
||||||
depends_on: Union[str, Sequence[str], None] = None
|
depends_on: Union[str, Sequence[str], None] = None
|
||||||
|
|
||||||
@@ -20,14 +21,25 @@ depends_on: Union[str, Sequence[str], None] = None
|
|||||||
def upgrade() -> None:
|
def upgrade() -> None:
|
||||||
"""Upgrade schema."""
|
"""Upgrade schema."""
|
||||||
# ### commands auto generated by Alembic - please adjust! ###
|
# ### commands auto generated by Alembic - please adjust! ###
|
||||||
op.add_column('refresh_tokens', sa.Column('fingerprint', sa.String(length=255), nullable=False))
|
op.add_column(
|
||||||
op.add_column('refresh_tokens', sa.Column('expired_at', sa.TIMESTAMP(timezone=True), server_default=sa.text("(datetime('now', '+7 days'))"), nullable=False))
|
"refresh_tokens",
|
||||||
|
sa.Column("fingerprint", sa.String(length=255), nullable=False),
|
||||||
|
)
|
||||||
|
op.add_column(
|
||||||
|
"refresh_tokens",
|
||||||
|
sa.Column(
|
||||||
|
"expired_at",
|
||||||
|
sa.TIMESTAMP(timezone=True),
|
||||||
|
server_default=sa.text("(datetime('now', '+7 days'))"),
|
||||||
|
nullable=False,
|
||||||
|
),
|
||||||
|
)
|
||||||
# ### end Alembic commands ###
|
# ### end Alembic commands ###
|
||||||
|
|
||||||
|
|
||||||
def downgrade() -> None:
|
def downgrade() -> None:
|
||||||
"""Downgrade schema."""
|
"""Downgrade schema."""
|
||||||
# ### commands auto generated by Alembic - please adjust! ###
|
# ### commands auto generated by Alembic - please adjust! ###
|
||||||
op.drop_column('refresh_tokens', 'expired_at')
|
op.drop_column("refresh_tokens", "expired_at")
|
||||||
op.drop_column('refresh_tokens', 'fingerprint')
|
op.drop_column("refresh_tokens", "fingerprint")
|
||||||
# ### end Alembic commands ###
|
# ### end Alembic commands ###
|
||||||
|
|||||||
@@ -15,5 +15,7 @@ class RefreshTokensORM(Base):
|
|||||||
fingerprint: Mapped[str] = mapped_column(String(255), nullable=False)
|
fingerprint: Mapped[str] = mapped_column(String(255), nullable=False)
|
||||||
expired_at: Mapped[datetime] = mapped_column(
|
expired_at: Mapped[datetime] = mapped_column(
|
||||||
TIMESTAMP(timezone=True),
|
TIMESTAMP(timezone=True),
|
||||||
server_default=text(f"datetime('now', '+{settings.refresh_token.expire_days} days')"),
|
server_default=text(
|
||||||
|
f"datetime('now', '+{settings.refresh_token.expire_days} days')"
|
||||||
|
),
|
||||||
)
|
)
|
||||||
|
|||||||
@@ -25,7 +25,7 @@ class AuthService(BaseService):
|
|||||||
await self.session.auth.create_one({
|
await self.session.auth.create_one({
|
||||||
"token": refresh_token,
|
"token": refresh_token,
|
||||||
"user_id": user_data.id,
|
"user_id": user_data.id,
|
||||||
"fingerprint": fingerprint
|
"fingerprint": fingerprint,
|
||||||
})
|
})
|
||||||
return {
|
return {
|
||||||
"access_token": access_token,
|
"access_token": access_token,
|
||||||
@@ -34,28 +34,27 @@ class AuthService(BaseService):
|
|||||||
}
|
}
|
||||||
|
|
||||||
async def login(self, username: str, password: str, fingerprint: str) -> dict:
|
async def login(self, username: str, password: str, fingerprint: str) -> dict:
|
||||||
|
login_exception = HTTPException(
|
||||||
|
status_code=401,
|
||||||
|
detail="Incorrect username or password",
|
||||||
|
)
|
||||||
result = await self.session.user.get_one_or_none(username=username)
|
result = await self.session.user.get_one_or_none(username=username)
|
||||||
if result is None:
|
if result is None:
|
||||||
raise HTTPException(
|
raise login_exception
|
||||||
status_code=401,
|
|
||||||
detail="Incorrect username or password",
|
|
||||||
)
|
|
||||||
user = UserWithHashedPass.model_validate(result)
|
user = UserWithHashedPass.model_validate(result)
|
||||||
token_data = TokenData.model_validate(user.model_dump())
|
token_data = TokenData.model_validate(user.model_dump())
|
||||||
verify = AuthManager.verify_password(
|
verify = AuthManager.verify_password(
|
||||||
plain_password=password, hashed_password=user.hashed_password
|
plain_password=password, hashed_password=user.hashed_password
|
||||||
)
|
)
|
||||||
if not verify or user.is_active is False:
|
if not verify or user.is_active is False:
|
||||||
raise HTTPException(
|
raise login_exception
|
||||||
status_code=401,
|
|
||||||
detail="Incorrect username or password",
|
|
||||||
)
|
|
||||||
tokens = await self._tokens_create(token_data, fingerprint)
|
tokens = await self._tokens_create(token_data, fingerprint)
|
||||||
await self.session.commit()
|
await self.session.commit()
|
||||||
print(tokens)
|
|
||||||
return tokens
|
return tokens
|
||||||
|
|
||||||
async def refresh_tokens(self, refresh_token: str, user_data: TokenData, fingerprint: str) -> dict:
|
async def refresh_tokens(
|
||||||
|
self, refresh_token: str, user_data: TokenData, fingerprint: str
|
||||||
|
) -> dict:
|
||||||
token_record = await self.session.auth.get_one_or_none(token=refresh_token)
|
token_record = await self.session.auth.get_one_or_none(token=refresh_token)
|
||||||
if not token_record or token_record.user_id != user_data.id:
|
if not token_record or token_record.user_id != user_data.id:
|
||||||
raise HTTPException(status_code=401, detail="Invalid refresh token")
|
raise HTTPException(status_code=401, detail="Invalid refresh token")
|
||||||
|
|||||||
@@ -1,3 +1,4 @@
|
|||||||
|
import pytest
|
||||||
from httpx import AsyncClient
|
from httpx import AsyncClient
|
||||||
|
|
||||||
from src.core.settings import settings
|
from src.core.settings import settings
|
||||||
@@ -15,14 +16,30 @@ async def test_registration(ac):
|
|||||||
assert result.json()["is_active"]
|
assert result.json()["is_active"]
|
||||||
|
|
||||||
|
|
||||||
async def test_login(ac: AsyncClient):
|
@pytest.mark.parametrize(
|
||||||
|
"fingerprint, username,password,expected_status",
|
||||||
|
[("string", "kot", "P@ssw0rd", 200), ("", "kot", "P@ssw0rd", 422)],
|
||||||
|
)
|
||||||
|
async def test_login(
|
||||||
|
ac: AsyncClient,
|
||||||
|
fingerprint: str,
|
||||||
|
username: str,
|
||||||
|
password: str,
|
||||||
|
expected_status: int,
|
||||||
|
):
|
||||||
result = await ac.post(
|
result = await ac.post(
|
||||||
f"{settings.api.v1_login_url}/login",
|
f"{settings.api.v1_login_url}/login",
|
||||||
data={
|
data={
|
||||||
|
"fingerprint": fingerprint,
|
||||||
"grant_type": "password",
|
"grant_type": "password",
|
||||||
"username": "kot",
|
"username": username,
|
||||||
"password": "P@ssw0rd",
|
"password": password,
|
||||||
},
|
},
|
||||||
)
|
)
|
||||||
assert result.status_code == 200
|
assert result.status_code == expected_status
|
||||||
assert result.json().get("access_token")
|
if expected_status == 200:
|
||||||
|
assert result.json().get("access_token") is not None
|
||||||
|
else:
|
||||||
|
json_response = result.json()
|
||||||
|
if expected_status == 422:
|
||||||
|
assert "detail" in json_response
|
||||||
|
|||||||
Reference in New Issue
Block a user