32 lines
1.3 KiB
Python
32 lines
1.3 KiB
Python
from fastapi import APIRouter, Depends, HTTPException
|
|
from sqlalchemy.orm import Session
|
|
from .. import database, models, schemas, auth_utils
|
|
|
|
router = APIRouter(tags=["SSO"])
|
|
|
|
@router.post("/verify", response_model=schemas.SSOVerifyResponse)
|
|
async def verify_user(request: schemas.SSOVerifyRequest, db: Session = Depends(database.get_db)):
|
|
# 1. Validate API Key
|
|
app = db.query(models.Application).filter(models.Application.api_key == request.api_key).first()
|
|
if not app:
|
|
raise HTTPException(status_code=403, detail="Invalid API Key")
|
|
|
|
# 2. Validate User Credentials
|
|
user = db.query(models.User).filter(models.User.username == request.username).first()
|
|
if not user or not auth_utils.verify_password(request.password, user.hashed_password):
|
|
return {"authorized": False, "message": "Invalid username or password"}
|
|
|
|
if not user.is_active:
|
|
return {"authorized": False, "message": "User account is inactive"}
|
|
|
|
# 3. Check Assignment
|
|
assignment = db.query(models.UserApplication).filter(
|
|
models.UserApplication.user_id == user.id,
|
|
models.UserApplication.application_id == app.id
|
|
).first()
|
|
|
|
if not assignment:
|
|
return {"authorized": False, "message": "User not authorized for this application"}
|
|
|
|
return {"authorized": True, "message": "Authorized", "user": user}
|