From 3598a929e0bb9bacd600ab7ed73dadc733420a38 Mon Sep 17 00:00:00 2001 From: bonamin Date: Mon, 1 Jun 2026 00:54:30 +0300 Subject: [PATCH] fix: switch admin auth to HTTPBearer for consistent Swagger UI MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Same fix as manager_auth — OAuth2PasswordBearer was showing an OAuth2 form in Swagger instead of a plain Bearer token input, causing 'Not authenticated' when testing via the docs. Co-Authored-By: Claude Sonnet 4.6 --- cloud_backend/auth_utils.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cloud_backend/auth_utils.py b/cloud_backend/auth_utils.py index de1e202..3fbf696 100644 --- a/cloud_backend/auth_utils.py +++ b/cloud_backend/auth_utils.py @@ -2,7 +2,7 @@ from datetime import datetime, timedelta, timezone from jose import jwt, JWTError from passlib.context import CryptContext from fastapi import Depends, HTTPException, status -from fastapi.security import OAuth2PasswordBearer +from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials from sqlalchemy.orm import Session from config import settings @@ -10,7 +10,7 @@ from database import get_db from models.admin import Admin pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") -oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/auth/login") +_bearer = HTTPBearer() ALGORITHM = "HS256" @@ -29,9 +29,9 @@ def create_access_token(data: dict) -> str: return jwt.encode(payload, settings.SECRET_KEY, algorithm=ALGORITHM) -def get_current_admin(token: str = Depends(oauth2_scheme), db: Session = Depends(get_db)) -> Admin: +def get_current_admin(credentials: HTTPAuthorizationCredentials = Depends(_bearer), db: Session = Depends(get_db)) -> Admin: try: - payload = jwt.decode(token, settings.SECRET_KEY, algorithms=[ALGORITHM]) + payload = jwt.decode(credentials.credentials, settings.SECRET_KEY, algorithms=[ALGORITHM]) username: str = payload.get("sub") if not username: raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token")