fix: switch manager auth from OAuth2PasswordBearer to HTTPBearer
OAuth2PasswordBearer caused Swagger UI to show a username/password/ client_id form instead of a simple token input, making the docs unusable for testing. HTTPBearer shows a plain 'Bearer token' field, consistent with how the local_backend handles auth. No runtime behaviour change — token extraction is identical. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1,6 +1,6 @@
|
|||||||
from datetime import datetime, timedelta, timezone
|
from datetime import datetime, timedelta, timezone
|
||||||
from fastapi import APIRouter, Depends, HTTPException, status
|
from fastapi import APIRouter, Depends, HTTPException, status
|
||||||
from fastapi.security import OAuth2PasswordBearer
|
from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
|
||||||
from jose import jwt, JWTError
|
from jose import jwt, JWTError
|
||||||
from passlib.context import CryptContext
|
from passlib.context import CryptContext
|
||||||
from sqlalchemy.orm import Session
|
from sqlalchemy.orm import Session
|
||||||
@@ -17,16 +17,16 @@ from schemas.manager import (
|
|||||||
|
|
||||||
router = APIRouter()
|
router = APIRouter()
|
||||||
_pwd = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
_pwd = CryptContext(schemes=["bcrypt"], deprecated="auto")
|
||||||
_manager_oauth2 = OAuth2PasswordBearer(tokenUrl="/api/manager/login")
|
_bearer = HTTPBearer()
|
||||||
|
|
||||||
ALGORITHM = "HS256"
|
ALGORITHM = "HS256"
|
||||||
|
|
||||||
|
|
||||||
# ── Shared dependency: decode manager JWT ─────────────────────────────────────
|
# ── Shared dependency: decode manager JWT ─────────────────────────────────────
|
||||||
|
|
||||||
def _get_current_manager(token: str = Depends(_manager_oauth2), db: Session = Depends(get_db)) -> ManagerAccount:
|
def _get_current_manager(credentials: HTTPAuthorizationCredentials = Depends(_bearer), db: Session = Depends(get_db)) -> ManagerAccount:
|
||||||
try:
|
try:
|
||||||
payload = jwt.decode(token, settings.MANAGER_JWT_SECRET, algorithms=[ALGORITHM])
|
payload = jwt.decode(credentials.credentials, settings.MANAGER_JWT_SECRET, algorithms=[ALGORITHM])
|
||||||
manager_id = int(payload.get("sub", 0))
|
manager_id = int(payload.get("sub", 0))
|
||||||
except (JWTError, ValueError):
|
except (JWTError, ValueError):
|
||||||
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token")
|
raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token")
|
||||||
|
|||||||
Reference in New Issue
Block a user