diff --git a/api/routers/core_dynamic.py b/api/routers/core_dynamic.py index 920c747995..0fc8f11d7e 100644 --- a/api/routers/core_dynamic.py +++ b/api/routers/core_dynamic.py @@ -20,6 +20,8 @@ public_app, app, app_apikey = get_routers() +COOKIE_PATH = "/api/refresh" + @public_app.get('/signup', tags=['signup']) async def get_all_signup(): @@ -39,7 +41,7 @@ async def signup_handler(response: JSONResponse, data: schemas.UserSignupSchema return content refresh_token = content.pop("refreshToken") refresh_token_max_age = content.pop("refreshTokenMaxAge") - response.set_cookie(key="refreshToken", value=refresh_token, path="/api/refresh", + response.set_cookie(key="refreshToken", value=refresh_token, path=COOKIE_PATH, max_age=refresh_token_max_age, secure=True, httponly=True) return content @@ -78,7 +80,7 @@ def login_user(response: JSONResponse, spot: Optional[bool] = False, data: schem spot_refresh_token = r.pop("spotRefreshToken") spot_refresh_token_max_age = r.pop("spotRefreshTokenMaxAge") - response.set_cookie(key="refreshToken", value=refresh_token, path="/api/refresh", + response.set_cookie(key="refreshToken", value=refresh_token, path=COOKIE_PATH, max_age=refresh_token_max_age, secure=True, httponly=True) if spot: response.set_cookie(key="spotRefreshToken", value=spot_refresh_token, path="/api/spot/refresh", @@ -89,7 +91,7 @@ def login_user(response: JSONResponse, spot: Optional[bool] = False, data: schem @app.get('/logout', tags=["login"]) def logout_user(response: Response, context: schemas.CurrentContext = Depends(OR_context)): users.logout(user_id=context.user_id) - response.delete_cookie(key="refreshToken", path="/api/refresh") + response.delete_cookie(key="refreshToken", path=COOKIE_PATH) response.delete_cookie(key="spotRefreshToken", path="/api/spot/refresh") return {"data": "success"} @@ -98,7 +100,7 @@ def logout_user(response: Response, context: schemas.CurrentContext = Depends(OR def refresh_login(response: JSONResponse, context: schemas.CurrentContext = Depends(OR_context)): r = users.refresh(user_id=context.user_id) content = {"jwt": r.get("jwt")} - response.set_cookie(key="refreshToken", value=r.get("refreshToken"), path="/api/refresh", + response.set_cookie(key="refreshToken", value=r.get("refreshToken"), path=COOKIE_PATH, max_age=r.pop("refreshTokenMaxAge"), secure=True, httponly=True) return content diff --git a/api/routers/subs/spot.py b/api/routers/subs/spot.py index d0c967dc61..5ec404af78 100644 --- a/api/routers/subs/spot.py +++ b/api/routers/subs/spot.py @@ -14,43 +14,10 @@ COOKIE_PATH = "/api/spot/refresh" -@public_app.post('/login') -def login_spot(response: JSONResponse, data: schemas.UserLoginSchema = Body(...)): - if helper.allow_captcha() and not captcha.is_valid(data.g_recaptcha_response): - raise HTTPException( - status_code=status.HTTP_401_UNAUTHORIZED, - detail="Invalid captcha." - ) - - r = spot.authenticate(data.email, data.password.get_secret_value()) - if r is None: - raise HTTPException( - status_code=status.HTTP_401_UNAUTHORIZED, - detail="You've entered invalid Email or Password." - ) - if "errors" in r: - raise HTTPException( - status_code=status.HTTP_401_UNAUTHORIZED, - detail=r["errors"][0] - ) - - refresh_token = r.pop("refreshToken") - refresh_token_max_age = r.pop("refreshTokenMaxAge") - content = { - 'jwt': r.pop('jwt'), - 'data': { - "user": r - } - } - response.set_cookie(key="spotRefreshToken", value=refresh_token, path=COOKIE_PATH, - max_age=refresh_token_max_age, secure=True, httponly=True) - return content - - @app.get('/logout') def logout_spot(response: Response, context: schemas.CurrentContext = Depends(OR_context)): spot.logout(user_id=context.user_id) - response.delete_cookie(key="spotRefreshToken", path="/api/refresh") + response.delete_cookie(key="spotRefreshToken", path=COOKIE_PATH) return {"data": "success"} diff --git a/ee/api/routers/core_dynamic.py b/ee/api/routers/core_dynamic.py index 02b4c626e3..e71665393b 100644 --- a/ee/api/routers/core_dynamic.py +++ b/ee/api/routers/core_dynamic.py @@ -26,6 +26,8 @@ public_app, app, app_apikey = get_routers() +COOKIE_PATH = "/api/refresh" + @public_app.get('/signup', tags=['signup']) async def get_all_signup(): @@ -45,7 +47,7 @@ async def signup_handler(response: JSONResponse, data: schemas.UserSignupSchema return content refresh_token = content.pop("refreshToken") refresh_token_max_age = content.pop("refreshTokenMaxAge") - response.set_cookie(key="refreshToken", value=refresh_token, path="/api/refresh", + response.set_cookie(key="refreshToken", value=refresh_token, path=COOKIE_PATH, max_age=refresh_token_max_age, secure=True, httponly=True) return content @@ -84,7 +86,7 @@ def login_user(response: JSONResponse, spot: Optional[bool] = False, data: schem spot_refresh_token = r.pop("spotRefreshToken") spot_refresh_token_max_age = r.pop("spotRefreshTokenMaxAge") - response.set_cookie(key="refreshToken", value=refresh_token, path="/api/refresh", + response.set_cookie(key="refreshToken", value=refresh_token, path=COOKIE_PATH, max_age=refresh_token_max_age, secure=True, httponly=True) if spot: response.set_cookie(key="spotRefreshToken", value=spot_refresh_token, path="/api/spot/refresh", @@ -95,7 +97,7 @@ def login_user(response: JSONResponse, spot: Optional[bool] = False, data: schem @app.get('/logout', tags=["login"]) def logout_user(response: Response, context: schemas.CurrentContext = Depends(OR_context)): users.logout(user_id=context.user_id) - response.delete_cookie(key="refreshToken", path="/api/refresh") + response.delete_cookie(key="refreshToken", path=COOKIE_PATH) response.delete_cookie(key="spotRefreshToken", path="/api/spot/refresh") return {"data": "success"} @@ -105,7 +107,7 @@ def refresh_login(context: schemas.CurrentContext = Depends(OR_context)): r = users.refresh(user_id=context.user_id, tenant_id=context.tenant_id) content = {"jwt": r.get("jwt")} response = JSONResponse(content=content) - response.set_cookie(key="refreshToken", value=r.get("refreshToken"), path="/api/refresh", + response.set_cookie(key="refreshToken", value=r.get("refreshToken"), path=COOKIE_PATH, max_age=r.pop("refreshTokenMaxAge"), secure=True, httponly=True) return response