TheLazy.Dev
Portfolio GitHub

Blog

Login problem - cant read get_current_active_user over dependency in student route.

nemsho_82acce26316

Nemsho

Posted on May 17, 2024

Login problem - cant read get_current_active_user over dependency in student route.

Hello guys. I need your help. I've been working on the school project for 1 month and have a problem with part of code when user have to login. The goal of my project is to make a fastapi app with few functionalities: login and logout, and after login app should read some data from student profiles using the mongodb. When I working over swigger user can login and cannot read data about the student profiles before it is authorized. But problem arise when I tried to do that using the login.html page because user can make cookie variable with access token information, but endpoint cant read it after redirection.
Using next library:

auth_router.py (part of code)

`@auth_router.post("/token", response_model=Token)
async def login_for_access_token(response:Response, form_data:Annotated[OAuth2PasswordRequestForm, Depends()]):

    user= get_user_data(form_data.username)
    user = authenticate_user(user,form_data.username, form_data.password)
    if not user:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Incorrect username or password",
            headers={"WWW-Authenticate": "Bearer"},
        )
    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
    access_token = create_access_token(data={"sub": user.username}, expires_delta=access_token_expires)
    response.set_cookie(key="access_token", value=f"Bearer {access_token}", httponly=True)
    return {"access_token": access_token, "token_type": "bearer"}


@auth_router.get("/", response_class=HTMLResponse)
async def login_page(request: Request):
    return templejt.TemplateResponse("login.html", {"request": request})


@auth_router.post("/", response_class=HTMLResponse)
async def login(request: Request):
    form_data = LoginForm(request)
    await form_data.create_oauth_form()
# problem occur when i tried to redirect the response to the "/student" endpoint and give that response to login_for_access_token. 
    response = RedirectResponse(url="/auth", status_code=status.HTTP_302_FOUND)
    token_response = await login_for_access_token(response, form_data)
    if "access_token" not in token_response:
        message = "Invalid username or password"
        return templejt.TemplateResponse("login.html", {"request": request, "message": message})
    return response`
Enter fullscreen mode Exit fullscreen mode

student_route.py (part of code)

# the problem is occurring in code below. can not read 
# current_user: Annotated[User, Depends(get_current_active_user)].


from routers.auth_router import get_current_active_user
import re

student_router = APIRouter(    
    prefix='/student',
    tags=['student']
    )

user_dependency=Annotated[User, Depends(get_current_active_user)]

templejt=Jinja2Templates(directory="templates")
user_dependency=Annotated[User, Depends(get_current_active_user)]
templejt=Jinja2Templates(directory="templates") 
@student_router.get("/", response_class=HTMLResponse)
async def get_all_student(request: Request, current_user: Annotated[User, Depends(get_current_active_user)]):
    print(f"Current user: {current_user.username}")
    studenti = list_serial(studenti_kolekcija.find())
    print("Lista studenata...")
    return templejt.TemplateResponse("read-student.html", {"request": request, "studenti": studenti})
Enter fullscreen mode Exit fullscreen mode

decode token for current_user:

async def get_current_user(token: str = Cookie(None)):
    print("testing token...")
    if token:
        token = token.replace("Bearer ", "")
        print(f"Token extracted from cookies: {token}")

    if not token:
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Not authenticated",
            headers={"WWW-Authenticate": "Bearer"},
        )

    credentials_exception = HTTPException(
        status_code=status.HTTP_401_UNAUTHORIZED,
        detail="Could not validate credentials",
        headers={"WWW-Authenticate": "Bearer"},
    )
    try:
        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
        username: str = payload.get("sub")
        if username is None:
            raise credentials_exception
    except JWTError:
        raise credentials_exception

    user = _get_user(username)
    if user is None:
        raise credentials_exception

    return user
Enter fullscreen mode Exit fullscreen mode
💖 💪 🙅 🚩
nemsho_82acce26316
Nemsho

Posted on May 17, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related

What was your win this week?
weeklyretro What was your win this week?

November 29, 2024

If you're a beginner, definitely check this open source guide. I've explained almost everything you need to know.
undefined If you're a beginner, definitely check this open source guide. I've explained almost everything you need to know.

November 28, 2024

Exploring Typesafe design tokens in Tailwind 4
tailwindcss Exploring Typesafe design tokens in Tailwind 4

November 29, 2024

The best way to get better at writing code is...
development The best way to get better at writing code is...

November 28, 2024

Where GitOps Meets ClickOps
devops Where GitOps Meets ClickOps

November 29, 2024