Index: app/auth.py =================================================================== --- app/auth.py (revision 70aba49ec03cf9e478928b913f9fe0b3d4007ee8) +++ app/auth.py (revision bf146dbe953045005649aafc304a7525d19e5f42) @@ -3,8 +3,4 @@ from fastapi import HTTPException, status from passlib.hash import bcrypt -from dotenv import load_dotenv -import os - -load_dotenv() def hash_password(password: str) -> str: @@ -15,16 +11,25 @@ def is_admin(email: str) -> bool: - return email in {os.getenv('AUTH_ADMIN_EMAILS')} + return email in ["admin@fein.com"] def create_access_token(data: dict): to_encode = data.copy() - expire = datetime.utcnow() + timedelta(minutes= {os.getenv('AUTH_ACCESS_TOKEN_EXPIRE_MINUTES')}) + expire = datetime.utcnow() + timedelta(minutes= 30) to_encode.update({"exp": expire}) - encoded_jwt = jwt.encode(to_encode, {os.getenv('AUTH_SECRET_KEY')}, algorithm={os.getenv('AUTH_ALGORITHM')}) + + # Ensure `sub` is a string + if "sub" in to_encode and not isinstance(to_encode["sub"], str): + to_encode["sub"] = str(to_encode["sub"]) + + # Add other claims (e.g., email) + if "email" in to_encode and not isinstance(to_encode["email"], str): + raise ValueError("Email must be a string") + + encoded_jwt = jwt.encode(to_encode, "A1B2C3D4E5F6G7H8I9J0K", algorithm="HS256") return encoded_jwt def decode_access_token(token: str): try: - payload = jwt.decode(token, {os.getenv('AUTH_SECRET_KEY')}, algorithms=[{os.getenv('AUTH_ALGORITHM')}]) + payload = jwt.decode(token, "A1B2C3D4E5F6G7H8I9J0K", algorithms=["HS256"]) return payload except jwt.ExpiredSignatureError: Index: app/database.py =================================================================== --- app/database.py (revision 70aba49ec03cf9e478928b913f9fe0b3d4007ee8) +++ app/database.py (revision bf146dbe953045005649aafc304a7525d19e5f42) @@ -4,5 +4,5 @@ # Database URL -DATABASE_URL = "postgresql://vasilaki:{os.getenv('DB_PASSWORD')}@db:5432/fein1" +DATABASE_URL = "postgresql://vasilaki:adminpassword@db:5432/fein1" # Create the database engine Index: app/main.py =================================================================== --- app/main.py (revision 70aba49ec03cf9e478928b913f9fe0b3d4007ee8) +++ app/main.py (revision bf146dbe953045005649aafc304a7525d19e5f42) @@ -90,14 +90,21 @@ # Dependency to get the current user def get_current_user(token: str = Depends(oauth2_scheme), db: Session = Depends(get_db)): - payload = decode_access_token(token) - user_id = payload.get("sub") - if user_id is None: - raise HTTPException(status_code=401, detail="Invalid authentication credentials") - - user = db.query(User).filter(User.user_id == user_id).first() - if not user: - raise HTTPException(status_code=401, detail="Invalid authentication credentials") - - return user + """ + Retrieves the current user based on the access token. + """ + try: + payload = decode_access_token(token) + user_id = payload.get("sub") + if not user_id: + raise HTTPException(status_code=401, detail="Invalid authentication credentials", headers={"WWW-Authenticate": "Bearer"},) + + user = db.query(User).filter(User.user_id == user_id).first() + if not user: + raise HTTPException(status_code=401, detail="Invalid authentication credentials", headers={"WWW-Authenticate": "Bearer"},) + + return user + except Exception as e: + print(f"Error decoding token or fetching user: {e}") + raise HTTPException(status_code=401, detail="Invalid authentication credentials", headers={"WWW-Authenticate": "Bearer"},) # Routes @@ -125,5 +132,5 @@ # Return access token - access_token = create_access_token({"sub": new_user.user_id}) + access_token = create_access_token({"sub": new_user.user_id, "email": new_user.email}) return {"access_token": access_token, "token_type": "bearer"} @@ -136,5 +143,5 @@ # Return access token - access_token = create_access_token({"sub": user.user_id}) + access_token = create_access_token({"sub": user.user_id, "email": user.email}) return {"access_token": access_token, "token_type": "bearer"} @@ -147,6 +154,6 @@ @app.post("/accounts/", response_model=TransactionAccountResponse) -def create_account(account: TransactionAccountCreate, db: Session = Depends(get_db)): - new_account = TransactionAccount(account_name=account.account_name, balance=account.balance) +def create_account(account: TransactionAccountCreate, user: User = Depends(get_current_user), db: Session = Depends(get_db)): + new_account = TransactionAccount(account_name=account.account_name, balance=account.balance, user_id=user.user_id) db.add(new_account) db.commit() Index: cli/cli_app.py =================================================================== --- cli/cli_app.py (revision 70aba49ec03cf9e478928b913f9fe0b3d4007ee8) +++ cli/cli_app.py (revision bf146dbe953045005649aafc304a7525d19e5f42) @@ -1,26 +1,34 @@ import requests -from app.auth import is_admin +import jwt +from app.auth import is_admin, decode_access_token BASE_URL = "http://localhost:8000" +access_token = None # Global variable for the access token def main_menu(): - print("\nMain Menu") - print("1. Register") - print("2. Login") - print("3. Exit") - choice = input("Choose an option: ") - - if choice == "1": - register() - elif choice == "2": - token = login() - if token: - user_menu(token) - elif choice == "3": - print("Exiting...") - else: - print("Invalid choice. Please try again.") + """Displays the main menu for registration and login.""" + global access_token + while True: + print("\nMain Menu") + print("1. Register") + print("2. Login") + print("3. Exit") + choice = input("Choose an option: ") + + if choice == "1": + register() + elif choice == "2": + token = login() + if token: + access_token = token + handle_menu_after_login() + elif choice == "3": + print("Exiting...") + break + else: + print("Invalid choice. Please try again.") def register(): + """Handles user registration.""" print("\nRegister") user_name = input("Enter your username: ") @@ -39,11 +47,12 @@ print("Registration failed. Please try again.") print(f"Error: {response.json().get('detail', 'Unknown error')}") - + def login(): + """Handles user login and returns the access token.""" print("\nLog in") email = input("Enter your email: ") password = input("Enter your password: ") - response = requests.get(f"{BASE_URL}/auth/login/", json={ + response = requests.post(f"{BASE_URL}/auth/login/", json={ "email": email, "password": password @@ -52,5 +61,5 @@ if response.status_code == 200: data = response.json() - print("Log in successful.") + print(f"Log in successful. Access Token: {data['access_token']}") return data["access_token"] else: @@ -58,6 +67,36 @@ return None - -def admin_menu(user_id): +def handle_menu_after_login(): + """Routes the user to the appropriate menu based on their role.""" + global access_token + # Decode the JWT to extract user information + try: + payload = decode_access_token(access_token) + user_id = payload.get("sub") # Extract user_id from the token + email = payload.get("email") # Extract email from the token + + if not user_id or not email: + raise ValueError("Token is missing required fields.") + + print(f"User ID from token: {user_id}, Email: {email}") + + # Check if the user is an admin + if is_admin(email): + admin_menu() + else: + user_menu() + except jwt.ExpiredSignatureError: + print("Session expired. Please log in again.") + access_token = None + except ValueError as e: + print(f"Token validation error: {str(e)}. Logging out.") + access_token = None + except Exception as e: + print(f"An error occurred: {str(e)}. Logging out.") + access_token = None + +def admin_menu(): + """Displays the admin menu.""" + global access_token while True: print("\nAdmin Menu") @@ -70,4 +109,5 @@ elif choice == "2": print("Logging out...") + access_token = None break else: @@ -75,6 +115,8 @@ def admin_view_all_accounts(): + """Fetches and displays all transaction accounts for admin users.""" + headers = {"Authorization": f"Bearer {access_token}"} print("\nAll Transaction Accounts") - response = requests.get(f"{BASE_URL}/admin/accounts/") + response = requests.get(f"{BASE_URL}/admin/accounts/", headers=headers) if response.status_code == 200: @@ -86,5 +128,7 @@ print(f"Error: {response.json().get('detail', 'Unknown error')}") -def user_menu(token): +def user_menu(): + """Displays the user menu.""" + global access_token while True: print("\nUser Menu") @@ -127,4 +171,5 @@ elif choice == "12": print("Logging out...") + access_token = None break else: @@ -132,4 +177,5 @@ def add_transaction_account(): + headers = {"Authorization": f"Bearer {access_token}"} print("\nAdd Transaction Account") account_name = input("Enter account name: ") @@ -139,5 +185,5 @@ "account_name": account_name, "balance": balance - }) + }, headers=headers) if response.status_code == 200: @@ -147,7 +193,8 @@ print(f"Error: {response.json().get('detail', 'Unknown error')}") -def view_transaction_accounts(user_id): +def view_transaction_accounts(): + headers = {"Authorization": f"Bearer {access_token}"} print("\nTransaction Accounts") - response = requests.get(f"{BASE_URL}/accounts/", params={"user_id": user_id}) + response = requests.get(f"{BASE_URL}/accounts/", headers=headers) if response.status_code == 200: