Marius Mutu
8c0346e41f
- InviteToken model with unique token for each invite
- POST /users/invite - create invite by email with role (admin/mecanic)
- POST /auth/accept-invite - accept invite, set password, return JWT
- GET /users - list all users in tenant
- DELETE /users/{id} - deactivate user (cannot deactivate owner)
- Alembic migration for invites table
- 25 passing tests (auth + sync + orders + pdf + portal + invoices + users)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
81 lines
2.7 KiB
Python
81 lines
2.7 KiB
Python
from fastapi import APIRouter, Depends, HTTPException
|
|
from sqlalchemy import select
|
|
from sqlalchemy.ext.asyncio import AsyncSession
|
|
|
|
from app.auth import schemas, service
|
|
from app.db.session import get_db
|
|
from app.deps import get_current_user
|
|
from app.users.schemas import AcceptInviteRequest
|
|
from app.users.service import accept_invite
|
|
|
|
router = APIRouter()
|
|
|
|
|
|
@router.post("/register", response_model=schemas.TokenResponse)
|
|
async def register(
|
|
data: schemas.RegisterRequest, db: AsyncSession = Depends(get_db)
|
|
):
|
|
user, tenant = await service.register(
|
|
db, data.email, data.password, data.tenant_name, data.telefon
|
|
)
|
|
return schemas.TokenResponse(
|
|
access_token=service.create_token(user.id, tenant.id, tenant.plan),
|
|
tenant_id=tenant.id,
|
|
plan=tenant.plan,
|
|
)
|
|
|
|
|
|
@router.post("/login", response_model=schemas.TokenResponse)
|
|
async def login(data: schemas.LoginRequest, db: AsyncSession = Depends(get_db)):
|
|
user, tenant = await service.authenticate(db, data.email, data.password)
|
|
if not user:
|
|
raise HTTPException(status_code=401, detail="Credentiale invalide")
|
|
return schemas.TokenResponse(
|
|
access_token=service.create_token(user.id, tenant.id, tenant.plan),
|
|
tenant_id=tenant.id,
|
|
plan=tenant.plan,
|
|
)
|
|
|
|
|
|
@router.get("/me", response_model=schemas.UserResponse)
|
|
async def me(
|
|
current_user: dict = Depends(get_current_user),
|
|
db: AsyncSession = Depends(get_db),
|
|
):
|
|
from sqlalchemy import select
|
|
from app.db.models.user import User
|
|
from app.db.models.tenant import Tenant
|
|
|
|
r = await db.execute(select(User).where(User.id == current_user["sub"]))
|
|
user = r.scalar_one_or_none()
|
|
if not user:
|
|
raise HTTPException(status_code=404, detail="User not found")
|
|
r = await db.execute(select(Tenant).where(Tenant.id == user.tenant_id))
|
|
tenant = r.scalar_one()
|
|
return schemas.UserResponse(
|
|
id=user.id,
|
|
email=user.email,
|
|
tenant_id=user.tenant_id,
|
|
plan=tenant.plan,
|
|
rol=user.rol,
|
|
)
|
|
|
|
|
|
@router.post("/accept-invite", response_model=schemas.TokenResponse)
|
|
async def accept_invite_endpoint(
|
|
data: AcceptInviteRequest, db: AsyncSession = Depends(get_db)
|
|
):
|
|
try:
|
|
user = await accept_invite(db, data.token, data.password)
|
|
from app.db.models.tenant import Tenant
|
|
|
|
r = await db.execute(select(Tenant).where(Tenant.id == user.tenant_id))
|
|
tenant = r.scalar_one()
|
|
return schemas.TokenResponse(
|
|
access_token=service.create_token(user.id, tenant.id, tenant.plan),
|
|
tenant_id=tenant.id,
|
|
plan=tenant.plan,
|
|
)
|
|
except ValueError as e:
|
|
raise HTTPException(status_code=422, detail=str(e))
|