Merge pull request #61 from igorbenav/logout-deleted-user

Now deleted users are logged out

Author: igorbenav

src/app/api/v1/logout.py

@@ -4,12 +4,10 @@
 
 from fastapi import APIRouter, Depends
 from sqlalchemy.ext.asyncio import AsyncSession
-from jose import jwt, JWTError
+from jose import JWTError
 
-from app.core.security import oauth2_scheme, SECRET_KEY, ALGORITHM
+from app.core.security import oauth2_scheme, blacklist_token
 from app.core.db.database import async_get_db
-from app.core.db.crud_token_blacklist import crud_token_blacklist
-from app.core.schemas import TokenBlacklistCreate
 from app.core.exceptions.http_exceptions import UnauthorizedException
 
 router = APIRouter(tags=["login"])
@@ -20,14 +18,7 @@ async def logout(
     db: AsyncSession = Depends(async_get_db)
 ) -> Dict[str, str]:
     try:
-        payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
-        expires_at = datetime.fromtimestamp(payload.get("exp"))
-        await crud_token_blacklist.create(
-            db, 
-            object=TokenBlacklistCreate(
-                **{"token": token, "expires_at": expires_at}
-            )
-        )
+        await blacklist_token(token=token, db=db)
         return {"message": "Logged out successfully"}
 
     except JWTError:

src/app/api/v1/users.py

@@ -1,6 +1,6 @@
 from typing import Annotated, Union, Dict, Any
 
-from fastapi import Depends, HTTPException
+from fastapi import Depends
 from sqlalchemy.ext.asyncio import AsyncSession
 from fastapi import Request
 import fastapi
@@ -9,7 +9,7 @@
 from app.core.exceptions.http_exceptions import DuplicateValueException, NotFoundException, ForbiddenException
 from app.api.paginated import PaginatedListResponse, paginated_response, compute_offset
 from app.core.db.database import async_get_db
-from app.core.security import get_password_hash
+from app.core.security import get_password_hash, blacklist_token, oauth2_scheme
 from app.crud.crud_users import crud_users
 from app.crud.crud_tier import crud_tiers
 from app.crud.crud_rate_limit import crud_rate_limits
@@ -116,9 +116,10 @@ async def patch_user(
 @router.delete("/user/{username}")
 async def erase_user(
     request: Request, 
-    username: str, 
+    username: str,
     current_user: Annotated[UserRead, Depends(get_current_user)],
-    db: Annotated[AsyncSession, Depends(async_get_db)]
+    db: Annotated[AsyncSession, Depends(async_get_db)],
+    token: str = Depends(oauth2_scheme)
 ) -> Dict[str, str]:
     db_user = await crud_users.get(db=db, schema_to_select=UserRead, username=username)
     if not db_user:
@@ -128,20 +129,23 @@ async def erase_user(
         raise ForbiddenException()
 
     await crud_users.delete(db=db, db_row=db_user, username=username)
+    await blacklist_token(token=token, db=db)
     return {"message": "User deleted"}
 
 
 @router.delete("/db_user/{username}", dependencies=[Depends(get_current_superuser)])
 async def erase_db_user(
     request: Request, 
     username: str,
-    db: Annotated[AsyncSession, Depends(async_get_db)]
+    db: Annotated[AsyncSession, Depends(async_get_db)],
+    token: str = Depends(oauth2_scheme)
 ) -> Dict[str, str]:
     db_user = await crud_users.exists(db=db, username=username)
     if not db_user:
         raise NotFoundException("User not found")
 
     db_user = await crud_users.db_delete(db=db, username=username)
+    await blacklist_token(token=token, db=db)
     return {"message": "User deleted from the database"}
 
 

src/app/core/security.py

@@ -7,7 +7,7 @@
 from fastapi.security import OAuth2PasswordBearer
 
 from app.core.config import settings
-from app.core.schemas import TokenData
+from app.core.schemas import TokenData, TokenBlacklistCreate
 from app.core.db.crud_token_blacklist import crud_token_blacklist
 from app.crud.crud_users import crud_users
 
@@ -79,3 +79,13 @@ async def verify_token(token: str, db: AsyncSession) -> TokenData | None:
 
     except JWTError:
         return None
+
+async def blacklist_token(token: str, db: AsyncSession) -> None:
+    payload = jwt.decode(token, SECRET_KEY, algorithms=[ALGORITHM])
+    expires_at = datetime.fromtimestamp(payload.get("exp"))
+    await crud_token_blacklist.create(
+        db,
+        object=TokenBlacklistCreate(
+            **{"token": token, "expires_at": expires_at}
+        )
+    )

src/app/crud/crud_base.py

@@ -90,8 +90,9 @@ async def get(
         result: Row = db_row.first()
         if result is not None:
             out: dict = dict(result._mapping)
+            return out
 
-        return out
+        return None
 
     async def exists(
             self,