Get user by email for security/authentication purposes. Returns None if user doesn't exist (rather than throwing an exception) to allow the caller to handle the "user not found" case appropriately and prevent email enumeration vulnerabilities.
(request: Request, db_session: AsyncSession, email: str)
| 719 | |
| 720 | |
| 721 | async def security_get_user(request: Request, db_session: AsyncSession, email: str) -> User | None: |
| 722 | """ |
| 723 | Get user by email for security/authentication purposes. |
| 724 | |
| 725 | Returns None if user doesn't exist (rather than throwing an exception) |
| 726 | to allow the caller to handle the "user not found" case appropriately |
| 727 | and prevent email enumeration vulnerabilities. |
| 728 | """ |
| 729 | # Check if user exists |
| 730 | statement = select(User).where(User.email == email) |
| 731 | user = (await db_session.execute(statement)).scalars().first() |
| 732 | |
| 733 | if not user: |
| 734 | return None |
| 735 | |
| 736 | user = User(**user.model_dump()) |
| 737 | |
| 738 | return user |
| 739 | |
| 740 | |
| 741 | ## 🔒 RBAC Utils ## |