tliu93
8da1f13e60
- GET /api/session (user + csrf_token, 401 when unauthenticated) - POST /api/auth/login (sets HttpOnly session cookie; 401 on bad creds; no CSRF) - POST /api/auth/logout (session+CSRF; revokes session, clears cookie; 204) - POST /api/auth/password (session+CSRF; reuses change_password; 400 on failure; 204) - reuses app/services/auth.py and shared require_session/require_csrf deps - register router in app/main.py; regenerate openapi/ - tests/test_api_session.py
25 lines
412 B
Python
25 lines
412 B
Python
from __future__ import annotations
|
|
|
|
from pydantic import BaseModel
|
|
|
|
|
|
class SessionUser(BaseModel):
|
|
username: str
|
|
force_password_change: bool
|
|
|
|
|
|
class SessionResponse(BaseModel):
|
|
user: SessionUser
|
|
csrf_token: str
|
|
|
|
|
|
class LoginRequest(BaseModel):
|
|
username: str
|
|
password: str
|
|
|
|
|
|
class PasswordChangeRequest(BaseModel):
|
|
current_password: str
|
|
new_password: str
|
|
confirm_password: str
|