Fix email/username confusion in authentication system

2025-06-05 10:03:02 +00:00 · 2025-06-05 10:03:02 +00:00 · 518aee5df8
commit 518aee5df8
parent 48211efed3
3 changed files with 13 additions and 9 deletions
--- a/README.md
+++ b/README.md
@ -123,8 +123,8 @@ Once the application is running, you can access the API documentation at:

 ### Authentication

- `POST /api/v1/auth/register` - Register a new user
- `POST /api/v1/auth/login` - Login and get access token
+- `POST /api/v1/auth/register` - Register a new user with email and password
+- `POST /api/v1/auth/login` - Login with email (provided in the username field) and password to get access token

 ### Users

--- a/app/api/deps.py
+++ b/app/api/deps.py
@ -25,14 +25,14 @@ def get_current_user(
    except (jwt.JWTError, ValidationError):
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
-            detail="Could not validate credentials",
+            detail="Could not validate credentials. Please log in again.",
        )
    
    user = db.query(User).filter(User.id == token_data.sub).first()
    if not user:
-        raise HTTPException(status_code=404, detail="User not found")
+        raise HTTPException(status_code=404, detail="User not found. Please register or login with a valid account.")
    if not user.is_active:
-        raise HTTPException(status_code=400, detail="Inactive user")
+        raise HTTPException(status_code=400, detail="Inactive user. Please contact support.")
    
    return user

@ -44,7 +44,7 @@ def get_current_active_user(
    Get current active user.
    """
    if not current_user.is_active:
-        raise HTTPException(status_code=400, detail="Inactive user")
+        raise HTTPException(status_code=400, detail="Inactive user. Please contact support.")
    return current_user


@ -55,9 +55,9 @@ def get_current_active_admin(
    Get current active admin user.
    """
    if not current_user.is_active:
-        raise HTTPException(status_code=400, detail="Inactive user")
+        raise HTTPException(status_code=400, detail="Inactive user. Please contact support.")
    if not current_user.is_admin:
        raise HTTPException(
-            status_code=403, detail="The user doesn't have enough privileges"
+            status_code=403, detail="Admin privileges required. You do not have sufficient permissions."
        )
    return current_user
--- a/app/api/v1/endpoints/auth.py
+++ b/app/api/v1/endpoints/auth.py
@ -21,8 +21,12 @@ def login_access_token(
 ) -> Any:
    """
    OAuth2 compatible token login, get an access token for future requests.
+    
+    Note: For OAuth2 compatibility, the email address should be provided in the username field.
    """
-    user = db.query(User).filter(User.email == form_data.username).first()
+    # The username field in the OAuth2 form contains the user's email
+    email = form_data.username
+    user = db.query(User).filter(User.email == email).first()
    if not user or not verify_password(form_data.password, user.hashed_password):
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,