Make password auth optional based on environment variable

rragundez · rragundez · commit e5946f9b111f · 2025-11-25T15:51:57.000+08:00
diff --git a/src/app/api/v1/login.py b/src/app/api/v1/login.py
@@ -1,4 +1,3 @@
-from datetime import timedelta
 from typing import Annotated
 
 from fastapi import APIRouter, Depends, Request, Response
@@ -10,7 +9,6 @@
 from ...core.exceptions.http_exceptions import UnauthorizedException
 from ...core.schemas import Token
 from ...core.security import (
-    ACCESS_TOKEN_EXPIRE_MINUTES,
     TokenType,
     authenticate_user,
     create_access_token,
@@ -21,27 +19,25 @@
 router = APIRouter(tags=["login"])
 
 
-@router.post("/login", response_model=Token)
-async def login_for_access_token(
-    response: Response,
-    form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
-    db: Annotated[AsyncSession, Depends(async_get_db)],
-) -> dict[str, str]:
-    user = await authenticate_user(username_or_email=form_data.username, password=form_data.password, db=db)
-    if not user:
-        raise UnauthorizedException("Wrong username, email or password.")
-
-    access_token_expires = timedelta(minutes=ACCESS_TOKEN_EXPIRE_MINUTES)
-    access_token = await create_access_token(data={"sub": user["username"]}, expires_delta=access_token_expires)
-
-    refresh_token = await create_refresh_token(data={"sub": user["username"]})
-    max_age = settings.REFRESH_TOKEN_EXPIRE_DAYS * 24 * 60 * 60
-
-    response.set_cookie(
-        key="refresh_token", value=refresh_token, httponly=True, secure=True, samesite="lax", max_age=max_age
-    )
-
-    return {"access_token": access_token, "token_type": "bearer"}
+if settings.ENABLE_PASSWORD_AUTH:
+
+    @router.post("/login", response_model=Token)
+    async def login_with_password(
+        response: Response,
+        form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
+        db: Annotated[AsyncSession, Depends(async_get_db)],
+    ) -> dict[str, str]:
+        user = await authenticate_user(username_or_email=form_data.username, password=form_data.password, db=db)
+        if not user:
+            raise UnauthorizedException("Wrong username, email or password.")
+
+        access_token = await create_access_token(data={"sub": user["username"]})
+        refresh_token = await create_refresh_token(data={"sub": user["username"]})
+        max_age = settings.REFRESH_TOKEN_EXPIRE_DAYS * 24 * 60 * 60
+        response.set_cookie(
+            key="refresh_token", value=refresh_token, httponly=True, secure=True, samesite="lax", max_age=max_age
+        )
+        return {"access_token": access_token, "token_type": "bearer"}
 
 
 @router.post("/refresh")
diff --git a/src/app/core/config.py b/src/app/core/config.py
@@ -142,7 +142,7 @@ class CORSSettings(BaseSettings):
 
 
 class AuthSettings(BaseSettings):
-    ENABLE_LOCAL_AUTH: bool = True
+    ENABLE_PASSWORD_AUTH: bool = True
     GOOGLE_CLIENT_ID: str | None = None
     GOOGLE_CLIENT_SECRET: str | None = None
     MICROSOFT_CLIENT_ID: str | None = None
