From f291234c1406bd72b1c39fddefde76e87d105ce3 Mon Sep 17 00:00:00 2001 From: bonamin Date: Mon, 1 Jun 2026 00:49:09 +0300 Subject: [PATCH] fix: switch manager auth from OAuth2PasswordBearer to HTTPBearer MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit OAuth2PasswordBearer caused Swagger UI to show a username/password/ client_id form instead of a simple token input, making the docs unusable for testing. HTTPBearer shows a plain 'Bearer token' field, consistent with how the local_backend handles auth. No runtime behaviour change — token extraction is identical. Co-Authored-By: Claude Sonnet 4.6 --- cloud_backend/routers/manager_auth.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/cloud_backend/routers/manager_auth.py b/cloud_backend/routers/manager_auth.py index bdd6dc8..e267a9d 100644 --- a/cloud_backend/routers/manager_auth.py +++ b/cloud_backend/routers/manager_auth.py @@ -1,6 +1,6 @@ from datetime import datetime, timedelta, timezone from fastapi import APIRouter, Depends, HTTPException, status -from fastapi.security import OAuth2PasswordBearer +from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials from jose import jwt, JWTError from passlib.context import CryptContext from sqlalchemy.orm import Session @@ -17,16 +17,16 @@ from schemas.manager import ( router = APIRouter() _pwd = CryptContext(schemes=["bcrypt"], deprecated="auto") -_manager_oauth2 = OAuth2PasswordBearer(tokenUrl="/api/manager/login") +_bearer = HTTPBearer() ALGORITHM = "HS256" # ── Shared dependency: decode manager JWT ───────────────────────────────────── -def _get_current_manager(token: str = Depends(_manager_oauth2), db: Session = Depends(get_db)) -> ManagerAccount: +def _get_current_manager(credentials: HTTPAuthorizationCredentials = Depends(_bearer), db: Session = Depends(get_db)) -> ManagerAccount: try: - payload = jwt.decode(token, settings.MANAGER_JWT_SECRET, algorithms=[ALGORITHM]) + payload = jwt.decode(credentials.credentials, settings.MANAGER_JWT_SECRET, algorithms=[ALGORITHM]) manager_id = int(payload.get("sub", 0)) except (JWTError, ValueError): raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token")