fix: commit semantic repair changes
This commit is contained in:
@@ -24,11 +24,13 @@ import starlette.requests
|
||||
# [/SECTION]
|
||||
|
||||
# [DEF:router:Variable]
|
||||
# @RELATION: DEPENDS_ON -> fastapi.APIRouter
|
||||
# @COMPLEXITY: 1
|
||||
# @PURPOSE: APIRouter instance for authentication routes.
|
||||
router = APIRouter(prefix="/api/auth", tags=["auth"])
|
||||
# [/DEF:router:Variable]
|
||||
|
||||
|
||||
# [DEF:login_for_access_token:Function]
|
||||
# @COMPLEXITY: 3
|
||||
# @PURPOSE: Authenticates a user and returns a JWT access token.
|
||||
@@ -38,18 +40,19 @@ router = APIRouter(prefix="/api/auth", tags=["auth"])
|
||||
# @PARAM: form_data (OAuth2PasswordRequestForm) - Login credentials.
|
||||
# @PARAM: db (Session) - Auth database session.
|
||||
# @RETURN: Token - The generated JWT token.
|
||||
# @RELATION: CALLS -> [AuthService.authenticate_user]
|
||||
# @RELATION: CALLS -> [AuthService.create_session]
|
||||
# @RELATION: CALLS -> [authenticate_user]
|
||||
# @RELATION: CALLS -> [create_session]
|
||||
@router.post("/login", response_model=Token)
|
||||
async def login_for_access_token(
|
||||
form_data: OAuth2PasswordRequestForm = Depends(),
|
||||
db: Session = Depends(get_auth_db)
|
||||
form_data: OAuth2PasswordRequestForm = Depends(), db: Session = Depends(get_auth_db)
|
||||
):
|
||||
with belief_scope("api.auth.login"):
|
||||
auth_service = AuthService(db)
|
||||
user = auth_service.authenticate_user(form_data.username, form_data.password)
|
||||
if not user:
|
||||
log_security_event("LOGIN_FAILED", form_data.username, {"reason": "Invalid credentials"})
|
||||
log_security_event(
|
||||
"LOGIN_FAILED", form_data.username, {"reason": "Invalid credentials"}
|
||||
)
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_401_UNAUTHORIZED,
|
||||
detail="Incorrect username or password",
|
||||
@@ -57,8 +60,11 @@ async def login_for_access_token(
|
||||
)
|
||||
log_security_event("LOGIN_SUCCESS", user.username, {"source": "LOCAL"})
|
||||
return auth_service.create_session(user)
|
||||
|
||||
|
||||
# [/DEF:login_for_access_token:Function]
|
||||
|
||||
|
||||
# [DEF:read_users_me:Function]
|
||||
# @COMPLEXITY: 3
|
||||
# @PURPOSE: Retrieves the profile of the currently authenticated user.
|
||||
@@ -71,8 +77,11 @@ async def login_for_access_token(
|
||||
async def read_users_me(current_user: UserSchema = Depends(get_current_user)):
|
||||
with belief_scope("api.auth.me"):
|
||||
return current_user
|
||||
|
||||
|
||||
# [/DEF:read_users_me:Function]
|
||||
|
||||
|
||||
# [DEF:logout:Function]
|
||||
# @COMPLEXITY: 3
|
||||
# @PURPOSE: Logs out the current user (placeholder for session revocation).
|
||||
@@ -87,8 +96,11 @@ async def logout(current_user: UserSchema = Depends(get_current_user)):
|
||||
# In a stateless JWT setup, client-side token deletion is primary.
|
||||
# Server-side revocation (blacklisting) can be added here if needed.
|
||||
return {"message": "Successfully logged out"}
|
||||
|
||||
|
||||
# [/DEF:logout:Function]
|
||||
|
||||
|
||||
# [DEF:login_adfs:Function]
|
||||
# @COMPLEXITY: 3
|
||||
# @PURPOSE: Initiates the ADFS OIDC login flow.
|
||||
@@ -100,34 +112,43 @@ async def login_adfs(request: starlette.requests.Request):
|
||||
if not is_adfs_configured():
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
|
||||
detail="ADFS is not configured. Please set ADFS_CLIENT_ID, ADFS_CLIENT_SECRET, and ADFS_METADATA_URL environment variables."
|
||||
detail="ADFS is not configured. Please set ADFS_CLIENT_ID, ADFS_CLIENT_SECRET, and ADFS_METADATA_URL environment variables.",
|
||||
)
|
||||
redirect_uri = request.url_for('auth_callback_adfs')
|
||||
redirect_uri = request.url_for("auth_callback_adfs")
|
||||
return await oauth.adfs.authorize_redirect(request, str(redirect_uri))
|
||||
|
||||
|
||||
# [/DEF:login_adfs:Function]
|
||||
|
||||
|
||||
# [DEF:auth_callback_adfs:Function]
|
||||
# @COMPLEXITY: 3
|
||||
# @PURPOSE: Handles the callback from ADFS after successful authentication.
|
||||
# @POST: Provisions user JIT and returns session token.
|
||||
# @RELATION: CALLS -> [AuthService.provision_adfs_user]
|
||||
# @RELATION: CALLS -> [AuthService.create_session]
|
||||
# @RELATION: CALLS -> [provision_adfs_user]
|
||||
# @RELATION: CALLS -> [create_session]
|
||||
@router.get("/callback/adfs", name="auth_callback_adfs")
|
||||
async def auth_callback_adfs(request: starlette.requests.Request, db: Session = Depends(get_auth_db)):
|
||||
async def auth_callback_adfs(
|
||||
request: starlette.requests.Request, db: Session = Depends(get_auth_db)
|
||||
):
|
||||
with belief_scope("api.auth.callback_adfs"):
|
||||
if not is_adfs_configured():
|
||||
raise HTTPException(
|
||||
status_code=status.HTTP_503_SERVICE_UNAVAILABLE,
|
||||
detail="ADFS is not configured. Please set ADFS_CLIENT_ID, ADFS_CLIENT_SECRET, and ADFS_METADATA_URL environment variables."
|
||||
detail="ADFS is not configured. Please set ADFS_CLIENT_ID, ADFS_CLIENT_SECRET, and ADFS_METADATA_URL environment variables.",
|
||||
)
|
||||
token = await oauth.adfs.authorize_access_token(request)
|
||||
user_info = token.get('userinfo')
|
||||
user_info = token.get("userinfo")
|
||||
if not user_info:
|
||||
raise HTTPException(status_code=400, detail="Failed to retrieve user info from ADFS")
|
||||
|
||||
raise HTTPException(
|
||||
status_code=400, detail="Failed to retrieve user info from ADFS"
|
||||
)
|
||||
|
||||
auth_service = AuthService(db)
|
||||
user = auth_service.provision_adfs_user(user_info)
|
||||
return auth_service.create_session(user)
|
||||
|
||||
|
||||
# [/DEF:auth_callback_adfs:Function]
|
||||
|
||||
# [/DEF:AuthApi:Module]
|
||||
# [/DEF:AuthApi:Module]
|
||||
|
||||
Reference in New Issue
Block a user