feat: accept phone + password in /user/verify webhook
- Accept phone as an alternative to username for user lookup - On first auth when user has no password set, save the provided password and activate the account (same logic as /user/create) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
mguschin
@@ -198,23 +198,30 @@ async def user_verify(request: Request, db: Session = Depends(get_db)):
|
|||||||
|
|
||||||
evotor_user_id: str = body.get("userId", "")
|
evotor_user_id: str = body.get("userId", "")
|
||||||
username: str = body.get("username", "").strip()
|
username: str = body.get("username", "").strip()
|
||||||
|
phone: str = body.get("phone", "").strip()
|
||||||
password: str = body.get("password", "")
|
password: str = body.get("password", "")
|
||||||
|
|
||||||
if not username or not password:
|
login = username or phone
|
||||||
return JSONResponse({"error": "username and password required"}, status_code=400)
|
if not login or not password:
|
||||||
|
return JSONResponse({"error": "username/phone and password required"}, status_code=400)
|
||||||
|
|
||||||
# username is email or phone
|
# match by email, username, or phone
|
||||||
user = db.query(User).filter(
|
user = db.query(User).filter(
|
||||||
or_(User.email == username, User.phone == username)
|
or_(User.email == login, User.phone == login)
|
||||||
).first()
|
).first()
|
||||||
|
|
||||||
if not user or not user.password_hash:
|
if not user:
|
||||||
return JSONResponse({"error": "Неверные данные"}, status_code=401)
|
return JSONResponse({"error": "Неверные данные"}, status_code=401)
|
||||||
|
|
||||||
if user.status == UserStatusEnum.suspended:
|
if user.status == UserStatusEnum.suspended:
|
||||||
return JSONResponse({"error": "Аккаунт заблокирован"}, status_code=403)
|
return JSONResponse({"error": "Аккаунт заблокирован"}, status_code=403)
|
||||||
|
|
||||||
if not verify_password(password, user.password_hash):
|
if not user.password_hash:
|
||||||
|
# First auth with password — save it and activate the account
|
||||||
|
user.password_hash = hash_password(password)
|
||||||
|
if user.status == UserStatusEnum.pending:
|
||||||
|
user.status = UserStatusEnum.active
|
||||||
|
elif not verify_password(password, user.password_hash):
|
||||||
return JSONResponse({"error": "Неверные данные"}, status_code=401)
|
return JSONResponse({"error": "Неверные данные"}, status_code=401)
|
||||||
|
|
||||||
# Get or create connection to retrieve api_token
|
# Get or create connection to retrieve api_token
|
||||||
|
|||||||
Reference in New Issue
Block a user