From f3c93aca16743dd06921ef78d874d2e34bfa9037 Mon Sep 17 00:00:00 2001 From: Backend IM Bot Date: Fri, 21 Mar 2025 09:53:07 +0100 Subject: [PATCH] Update code in endpoints/login-user.post.py --- endpoints/login-user.post.py | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/endpoints/login-user.post.py b/endpoints/login-user.post.py index 39ccbda..392ef67 100644 --- a/endpoints/login-user.post.py +++ b/endpoints/login-user.post.py @@ -12,40 +12,42 @@ async def login_user_handler( password: str, db: Session = Depends(get_db) ): - """Login user and set access, refresh and session cookies""" + """Demo login endpoint""" user = fake_users_db.get(username) if not user or user["password"] != password: raise HTTPException(status_code=400, detail="Invalid credentials") - - access_token = create_access_token(user["id"]) - refresh_token = create_refresh_token(user["id"]) - + + access_token = create_access_token(data={"sub": user["id"]}) + refresh_token = create_refresh_token(data={"sub": user["id"]}) + response = JSONResponse({ "message": "Login successful", - "user_id": user["id"], - "username": username + "access_token": access_token, + "refresh_token": refresh_token, + "token_type": "bearer", + "expires_in": timedelta(minutes=15) }) - + response.set_cookie( key="access_token", value=access_token, httponly=True, - max_age=1800, - expires=1800 + samesite="strict", + expires=timedelta(minutes=15) ) response.set_cookie( key="refresh_token", value=refresh_token, httponly=True, - max_age=604800, - expires=604800 + samesite="strict", + expires=timedelta(days=30) ) response.set_cookie( key="session_id", value=user["id"], httponly=True, - max_age=604800, - expires=604800 + samesite="strict", + expires=timedelta(days=30) ) - + return response \ No newline at end of file