a-mayb3/Kanban_clone_backend
1
1
Fork 0
mirror of https://github.com/a-mayb3/Kanban_clone_backend.git synced 2026-03-21 18:15:37 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added cookie removal on invalid cookies

Browse source
This commit is contained in:
Marta Borgia Leiva 2026-02-02 13:08:37 +01:00
parent 192b5f9fc5
commit f9631cfe87
1 changed files with 4 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

7
routers/me.py
View file

@ -1,13 +1,10 @@
from fastapi import APIRouter, Depends, HTTPException, status, Response, Request from fastapi import APIRouter, Depends, HTTPException, status, Response, Request
from database import db_dependency from database import db_dependency
from jose import JWTError, jwt from jose import JWTError, jwt
from datetime import datetime, timedelta, timezone
import models import models
import os
from routers import auth from routers import auth
import schemas.users as user_schemas import schemas.users as user_schemas
import routers.users as user_router
router = APIRouter(prefix="/me", tags=["me"]) router = APIRouter(prefix="/me", tags=["me"])
@ -59,7 +56,7 @@ def logout(request: Request,response: Response):
response.delete_cookie(key="access_token") response.delete_cookie(key="access_token")
return {"message": "Logout successful"} return {"message": "Logout successful"}
@router.delete("/delete-me") @router.delete("/delete-me", tags=["me", "auth", "users"])
def delete_me(request: Request, db: db_dependency): def delete_me(request: Request, db: db_dependency):
"""Delete current authenticated user""" """Delete current authenticated user"""
token = request.cookies.get("access_token") token = request.cookies.get("access_token")
@ -74,6 +71,7 @@ def delete_me(request: Request, db: db_dependency):
payload = jwt.decode(token, auth.SECRET_KEY, algorithms=[auth.ALGORITHM]) payload = jwt.decode(token, auth.SECRET_KEY, algorithms=[auth.ALGORITHM])
user_id: str = str(payload.get("sub")) user_id: str = str(payload.get("sub"))
if user_id is None: if user_id is None:
request.cookies.clear() ## removing invalid auth cookie
raise HTTPException( raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED, status_code=status.HTTP_401_UNAUTHORIZED,
detail="Not logged in" detail="Not logged in"
@ -87,6 +85,7 @@ def delete_me(request: Request, db: db_dependency):
## User retrieval and deletion ## User retrieval and deletion
user = db.query(models.User).filter(models.User.id == int(user_id)).first() user = db.query(models.User).filter(models.User.id == int(user_id)).first()
if user is None: if user is None:
request.cookies.clear() ## removing invalid auth cookie
raise HTTPException( raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED, status_code=status.HTTP_401_UNAUTHORIZED,
detail="User not found" detail="User not found"