From a45f03b92f82618f34918a3373c8f6f61189bd98 Mon Sep 17 00:00:00 2001 From: Brian Wiborg Date: Sat, 11 Oct 2025 02:20:59 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B=20Fix=20maybe=5Fauthenticated?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/ohmyapi/builtin/auth/routes.py | 26 +++++++++++++++++++++----- 1 file changed, 21 insertions(+), 5 deletions(-) diff --git a/src/ohmyapi/builtin/auth/routes.py b/src/ohmyapi/builtin/auth/routes.py index 04169c1..3d7be7f 100644 --- a/src/ohmyapi/builtin/auth/routes.py +++ b/src/ohmyapi/builtin/auth/routes.py @@ -2,14 +2,16 @@ import time from enum import Enum from typing import Any, Dict, List, Optional -import jwt -import settings -from fastapi import APIRouter, Body, Depends, Header, HTTPException, status -from fastapi.security import OAuth2PasswordBearer, OAuth2PasswordRequestForm +from fastapi import APIRouter, Body, Depends, Header, HTTPException, Request, status +from fastapi.security import OAuth2, OAuth2PasswordBearer, OAuth2PasswordRequestForm +from fastapi.security.utils import get_authorization_scheme_param from pydantic import BaseModel from ohmyapi.builtin.auth.models import Group, User +import jwt +import settings + # Router router = APIRouter(prefix="/auth", tags=["Auth"]) @@ -23,7 +25,21 @@ REFRESH_TOKEN_EXPIRE_SECONDS = getattr( settings, "JWT_REFRESH_TOKEN_EXPIRE_SECONDS", 7 * 24 * 60 * 60 ) +class OptionalOAuth2PasswordBearer(OAuth2): + def __init__(self, tokenUrl: str): + super().__init__(flows={"password": {"tokenUrl": tokenUrl}}, scheme_name="OAuth2PasswordBearer") + + async def __call__(self, request: Request) -> Optional[str]: + authorization: str = request.headers.get("Authorization") + scheme, param = get_authorization_scheme_param(authorization) + if not authorization or scheme.lower() != "bearer": + # No token provided — just return None + return None + return param + + oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/auth/login") +oauth2_optional_scheme = OptionalOAuth2PasswordBearer(tokenUrl="/auth/login") class ClaimsUser(BaseModel): @@ -122,7 +138,7 @@ async def get_current_user(token: str = Depends(oauth2_scheme)) -> User: return user -async def maybe_authenticated(token: Optional[str] = Depends(oauth2_scheme)) -> Optional[User]: +async def maybe_authenticated(token: Optional[str] = Depends(oauth2_optional_scheme)) -> Optional[User]: if token is None: return None return await get_current_user(token)