Update app.py
Browse files
app.py
CHANGED
|
@@ -111,14 +111,32 @@ async def login(form_data: OAuth2PasswordRequestForm = Depends(), db: Session =
|
|
| 111 |
raise HTTPException(status_code=400, detail="Invalid email or password")
|
| 112 |
|
| 113 |
user = authenticate_user(db, form_data.username, form_data.password)
|
| 114 |
-
if
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 115 |
raise HTTPException(
|
| 116 |
-
status_code=
|
| 117 |
-
detail="
|
| 118 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 119 |
)
|
| 120 |
-
access_token = create_access_token(data={"sub": user.email})
|
| 121 |
-
return JSONResponse(content={"access_token": access_token, "token_type": "bearer"})
|
| 122 |
|
| 123 |
@app.get("/login", response_class=HTMLResponse)
|
| 124 |
async def login(request: Request, db: Session = Depends(get_db)):
|
|
|
|
| 111 |
raise HTTPException(status_code=400, detail="Invalid email or password")
|
| 112 |
|
| 113 |
user = authenticate_user(db, form_data.username, form_data.password)
|
| 114 |
+
if user and user.is_verified: # Check if user is verified
|
| 115 |
+
access_token = create_access_token(
|
| 116 |
+
data={"sub": user.email},
|
| 117 |
+
expires_delta=timedelta(minutes=auth_views.ACCESS_TOKEN_EXPIRE_MINUTES)
|
| 118 |
+
)
|
| 119 |
+
|
| 120 |
+
# Redirect the user to the protected route with the token in the URL
|
| 121 |
+
url = app.url_path_for("get_protected") # Ensure you have a name="get_protected" in your app.get("/protected") decorator
|
| 122 |
+
#return RedirectResponse(url=f"/protected?token={access_token}", status_code=status.HTTP_303_SEE_OTHER)
|
| 123 |
+
#return RedirectResponse(f"{url}?token={access_token}")
|
| 124 |
+
|
| 125 |
+
response = RedirectResponse(f"{url}?token={access_token}", status_code=status.HTTP_303_SEE_OTHER)
|
| 126 |
+
response.set_cookie(key="access_token", value=f"Bearer {access_token}", httponly=True)
|
| 127 |
+
# response.set_cookie(key="access_token", value=access_token, httponly=True)
|
| 128 |
+
return response
|
| 129 |
+
elif user and not user.is_verified: # User is not verified
|
| 130 |
raise HTTPException(
|
| 131 |
+
status_code=400,
|
| 132 |
+
detail="You must verify your email before accessing this resource."
|
| 133 |
+
)
|
| 134 |
+
else:
|
| 135 |
+
# If authentication fails, return to the login page with an error message
|
| 136 |
+
return templates.TemplateResponse(
|
| 137 |
+
"login.html",
|
| 138 |
+
{"request": request, "error_message": "Invalid email or password"}
|
| 139 |
)
|
|
|
|
|
|
|
| 140 |
|
| 141 |
@app.get("/login", response_class=HTMLResponse)
|
| 142 |
async def login(request: Request, db: Session = Depends(get_db)):
|