(
request: Request,
settings: Settings = Depends(get_settings),
db: AsyncSession = Depends(get_db),
redis=Depends(get_redis_client),
)
| 140 | |
| 141 | @router.api_route("/login", methods=["GET", "POST"], name="auth_login") |
| 142 | async def auth_login( |
| 143 | request: Request, |
| 144 | settings: Settings = Depends(get_settings), |
| 145 | db: AsyncSession = Depends(get_db), |
| 146 | redis=Depends(get_redis_client), |
| 147 | ): |
| 148 | try: |
| 149 | current_user = await get_current_user(request, db, settings) |
| 150 | if current_user: |
| 151 | return RedirectResponse("/", status_code=303) |
| 152 | except HTTPException: |
| 153 | pass |
| 154 | |
| 155 | form: Any = await EmailLoginForm.from_formdata(request) |
| 156 | |
| 157 | if request.method == "POST" and await form.validate_on_submit(): |
| 158 | email = form.email.data |
| 159 | if not await is_email_allowed(email, db): |
| 160 | await notify_denied( |
| 161 | email, |
| 162 | "email", |
| 163 | request, |
| 164 | settings.access_denied_webhook, |
| 165 | ) |
| 166 | flash(request, _(settings.access_denied_message), "error") |
| 167 | return RedirectResponseX( |
| 168 | request.url_for("auth_login"), |
| 169 | status_code=303, |
| 170 | request=request, |
| 171 | ) |
| 172 | expires_at = utc_now() + timedelta(seconds=settings.magic_link_ttl_seconds) |
| 173 | jti = secrets.token_urlsafe(32) |
| 174 | token_payload = { |
| 175 | "email": email, |
| 176 | "exp": int(expires_at.timestamp()), |
| 177 | "iat": int(utc_now().timestamp()), |
| 178 | "type": "email_login", |
| 179 | "jti": jti, |
| 180 | } |
| 181 | magic_token = jwt.encode({"alg": "HS256"}, token_payload, settings.secret_key) |
| 182 | magic_token_str = ( |
| 183 | magic_token.decode("utf-8") |
| 184 | if isinstance(magic_token, bytes) |
| 185 | else magic_token |
| 186 | ) |
| 187 | |
| 188 | verify_link = str( |
| 189 | request.url_for("auth_email_verify").include_query_params( |
| 190 | token=magic_token_str |
| 191 | ) |
| 192 | ) |
| 193 | |
| 194 | try: |
| 195 | await redis.setex( |
| 196 | f"magic_link:email_login:{jti}", |
| 197 | settings.magic_link_ttl_seconds, |
| 198 | "1", |
| 199 | ) |
nothing calls this directly
no test coverage detected