From 08c0d7a9ec99dceeee0174da6b34f42a13457c0a Mon Sep 17 00:00:00 2001 From: Anuraag Jain Date: Sat, 30 Dec 2023 13:00:21 +0200 Subject: [PATCH] fix: merge conflicts --- backend/apps/web/routers/auths.py | 14 ++++++++------ backend/apps/web/routers/users.py | 31 +++++++++++-------------------- 2 files changed, 19 insertions(+), 26 deletions(-) diff --git a/backend/apps/web/routers/auths.py b/backend/apps/web/routers/auths.py index 34dab9b2..7ff645dc 100644 --- a/backend/apps/web/routers/auths.py +++ b/backend/apps/web/routers/auths.py @@ -23,6 +23,7 @@ from utils.utils import ( get_password_hash, get_current_user, create_token, + verify_auth_token, ) from utils.misc import get_gravatar_url from constants import ERROR_MESSAGES @@ -35,7 +36,7 @@ router = APIRouter() ############################ -@router.get("/", response_model=UserResponse) +@router.get("/", response_model=UserResponse, dependencies=[Depends(verify_auth_token)]) async def get_session_user(user=Depends(get_current_user)): return { "id": user.id, @@ -51,11 +52,12 @@ async def get_session_user(user=Depends(get_current_user)): ############################ -@router.post("/update/password", response_model=bool) -async def update_password(form_data: UpdatePasswordForm, cred=Depends(bearer_scheme)): - token = cred.credentials - session_user = Users.get_user_by_token(token) - +@router.post( + "/update/password", response_model=bool, dependencies=[Depends(verify_auth_token)] +) +async def update_password( + form_data: UpdatePasswordForm, session_user=Depends(get_current_user) +): if session_user: user = Auths.authenticate_user(session_user.email, form_data.password) diff --git a/backend/apps/web/routers/users.py b/backend/apps/web/routers/users.py index 2c33c158..950b23fa 100644 --- a/backend/apps/web/routers/users.py +++ b/backend/apps/web/routers/users.py @@ -62,34 +62,25 @@ async def update_user_role( @router.delete("/{user_id}", response_model=bool) -async def delete_user_by_id(user_id: str, cred=Depends(bearer_scheme)): - token = cred.credentials - user = Users.get_user_by_token(token) +async def delete_user_by_id(user_id: str, user=Depends(get_current_user)): + if user.role == "admin": + if user.id != user_id: + result = Auths.delete_auth_by_id(user_id) - if user: - if user.role == "admin": - if user.id != user_id: - result = Auths.delete_auth_by_id(user_id) - - if result: - return True - else: - raise HTTPException( - status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, - detail=ERROR_MESSAGES.DELETE_USER_ERROR, - ) + if result: + return True else: raise HTTPException( - status_code=status.HTTP_403_FORBIDDEN, - detail=ERROR_MESSAGES.ACTION_PROHIBITED, + status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, + detail=ERROR_MESSAGES.DELETE_USER_ERROR, ) else: raise HTTPException( status_code=status.HTTP_403_FORBIDDEN, - detail=ERROR_MESSAGES.ACCESS_PROHIBITED, + detail=ERROR_MESSAGES.ACTION_PROHIBITED, ) else: raise HTTPException( - status_code=status.HTTP_401_UNAUTHORIZED, - detail=ERROR_MESSAGES.INVALID_TOKEN, + status_code=status.HTTP_403_FORBIDDEN, + detail=ERROR_MESSAGES.ACCESS_PROHIBITED, )