fix: setting cookie on the response (#242)

Co-authored-by: Raphaël Bournhonesque <[email protected]>
openfoodfacts · Mar 27, 2024 · 2969abe · 2969abe
1 parent a2a121c
commit 2969abe
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/app/routers/auth.py b/app/routers/auth.py
@@ -6,6 +6,7 @@
 from fastapi import APIRouter, Depends, HTTPException, Query, status
 from fastapi.security import OAuth2PasswordRequestForm
 from sqlalchemy.orm import Session
+from starlette.responses import JSONResponse
 
 from app import crud, schemas
 from app.auth import oauth2_scheme
@@ -92,12 +93,13 @@ def authentication(
         session, *_ = crud.create_session(db, user_id=user_id, token=token)
         session = crud.update_session_last_used_field(db, session=session)
         # set the cookie if requested
+        final_response = JSONResponse({"access_token": token, "token_type": "bearer"})
         if set_cookie:
             # Don't add httponly=True or secure=True as it's still in
             # development phase, but it should be added once the front-end
             # is ready
-            response.cookies.update({"opsession": token})
-        return {"access_token": token, "token_type": "bearer"}
+            final_response.set_cookie({"opsession": token})
+        return final_response
     elif response.status_code == 403:
         time.sleep(2)  # prevents brute-force
         raise HTTPException(