Coverage for /usr/local/lib/python3.14/site-packages/twinpad_backend/auth.py: 100%

52 statements  

« prev     ^ index     » next       coverage.py v7.14.1, created at 2026-06-08 11:07 +0000

1import os 

2from datetime import datetime, timedelta, timezone 

3from typing import Annotated 

4from secrets import token_hex 

5 

6import bcrypt 

7import jwt 

8from jwt.exceptions import InvalidTokenError 

9from fastapi import Depends, HTTPException, status 

10from fastapi.security import OAuth2PasswordBearer 

11from twinpad_backend.models import GenericMongo, User 

12 

13SECRET_KEY = os.environ.get("SECRET_KEY", token_hex(32)) 

14ALGORITHM = os.environ.get("ALGORITHM", "HS256") 

15ACCESS_TOKEN_EXPIRE_MINUTES = os.environ.get("ACCESS_TOKEN_EXPIRE_MINUTES", 24 * 60) 

16 

17 

18class Token(GenericMongo): 

19 access_token: str 

20 token_type: str 

21 

22 

23oauth2_scheme = OAuth2PasswordBearer(tokenUrl="token") 

24 

25 

26def verify_password(form_password: str, password: str): 

27 password_byte_enc = form_password.encode("utf-8") 

28 hashed_password = password.encode("utf-8") 

29 return bcrypt.checkpw(password=password_byte_enc, hashed_password=hashed_password) 

30 

31 

32def get_password_hash(form_password): 

33 pwd_bytes = form_password.encode("utf-8") 

34 salt = bcrypt.gensalt(rounds=12) 

35 return bytes.decode(bcrypt.hashpw(password=pwd_bytes, salt=salt), encoding="utf-8") 

36 

37 

38def authenticate_user(form_mail, form_password): 

39 user = User.get_one_by_attribute("email", form_mail) 

40 if not user: 

41 return False 

42 if not verify_password(form_password, user.password): 

43 return False 

44 return user 

45 

46 

47def create_access_token(data: dict, expires_delta: timedelta = timedelta(minutes=15)): 

48 to_encode = data.copy() 

49 to_encode.update({"exp": datetime.now(timezone.utc) + expires_delta}) 

50 encode_jwt = jwt.encode(to_encode, SECRET_KEY, algorithm=ALGORITHM) 

51 return encode_jwt 

52 

53 

54async def get_current_user(token: Annotated[str, Depends(oauth2_scheme)]): 

55 credentials_exception = HTTPException( 

56 status_code=status.HTTP_401_UNAUTHORIZED, 

57 detail="Could not validate credentials", 

58 headers={"WWW-Authenticate": "Bearer"}, 

59 ) 

60 try: 

61 payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM]) 

62 email: str = payload.get("sub") 

63 if email is None: 

64 raise credentials_exception 

65 except InvalidTokenError as e: 

66 raise credentials_exception from e 

67 user = User.get_one_by_attribute("email", email) 

68 if user is None: 

69 raise credentials_exception 

70 return user 

71 

72 

73async def get_current_active_user( 

74 current_user: Annotated[User, Depends(get_current_user)], 

75): 

76 if current_user.is_blocked: 

77 raise HTTPException(status_code=400, detail="Account blocked") 

78 return current_user