From 518aee5df87666969323fd977a5336fb9a1e354d Mon Sep 17 00:00:00 2001
From: Automated Action <action@example.com>
Date: Thu, 5 Jun 2025 10:03:02 +0000
Subject: [PATCH] Fix email/username confusion in authentication system

---
 README.md                    |  4 ++--
 app/api/deps.py              | 12 ++++++------
 app/api/v1/endpoints/auth.py |  6 +++++-
 3 files changed, 13 insertions(+), 9 deletions(-)

diff --git a/README.md b/README.md
index 394fb8e..9d49a11 100644
--- a/README.md
+++ b/README.md
@@ -123,8 +123,8 @@ Once the application is running, you can access the API documentation at:
 
 ### Authentication
 
-- `POST /api/v1/auth/register` - Register a new user
-- `POST /api/v1/auth/login` - Login and get access token
+- `POST /api/v1/auth/register` - Register a new user with email and password
+- `POST /api/v1/auth/login` - Login with email (provided in the username field) and password to get access token
 
 ### Users
 
diff --git a/app/api/deps.py b/app/api/deps.py
index b2bc0c3..949ce4b 100644
--- a/app/api/deps.py
+++ b/app/api/deps.py
@@ -25,14 +25,14 @@ def get_current_user(
     except (jwt.JWTError, ValidationError):
         raise HTTPException(
             status_code=status.HTTP_403_FORBIDDEN,
-            detail="Could not validate credentials",
+            detail="Could not validate credentials. Please log in again.",
         )
     
     user = db.query(User).filter(User.id == token_data.sub).first()
     if not user:
-        raise HTTPException(status_code=404, detail="User not found")
+        raise HTTPException(status_code=404, detail="User not found. Please register or login with a valid account.")
     if not user.is_active:
-        raise HTTPException(status_code=400, detail="Inactive user")
+        raise HTTPException(status_code=400, detail="Inactive user. Please contact support.")
     
     return user
 
@@ -44,7 +44,7 @@ def get_current_active_user(
     Get current active user.
     """
     if not current_user.is_active:
-        raise HTTPException(status_code=400, detail="Inactive user")
+        raise HTTPException(status_code=400, detail="Inactive user. Please contact support.")
     return current_user
 
 
@@ -55,9 +55,9 @@ def get_current_active_admin(
     Get current active admin user.
     """
     if not current_user.is_active:
-        raise HTTPException(status_code=400, detail="Inactive user")
+        raise HTTPException(status_code=400, detail="Inactive user. Please contact support.")
     if not current_user.is_admin:
         raise HTTPException(
-            status_code=403, detail="The user doesn't have enough privileges"
+            status_code=403, detail="Admin privileges required. You do not have sufficient permissions."
         )
     return current_user
\ No newline at end of file
diff --git a/app/api/v1/endpoints/auth.py b/app/api/v1/endpoints/auth.py
index 9244bb2..7ef0fe6 100644
--- a/app/api/v1/endpoints/auth.py
+++ b/app/api/v1/endpoints/auth.py
@@ -21,8 +21,12 @@ def login_access_token(
 ) -> Any:
     """
     OAuth2 compatible token login, get an access token for future requests.
+    
+    Note: For OAuth2 compatibility, the email address should be provided in the username field.
     """
-    user = db.query(User).filter(User.email == form_data.username).first()
+    # The username field in the OAuth2 form contains the user's email
+    email = form_data.username
+    user = db.query(User).filter(User.email == email).first()
     if not user or not verify_password(form_data.password, user.hashed_password):
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,