From 2969abe25b765bc1c38e78d64d6d879089b2a290 Mon Sep 17 00:00:00 2001 From: "Artur H. Lange" Date: Wed, 27 Mar 2024 14:17:54 +0100 Subject: [PATCH] fix: setting cookie on the response (#242) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Raphaƫl Bournhonesque --- app/routers/auth.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/app/routers/auth.py b/app/routers/auth.py index b053c9b5..460d0a46 100644 --- a/app/routers/auth.py +++ b/app/routers/auth.py @@ -6,6 +6,7 @@ from fastapi import APIRouter, Depends, HTTPException, Query, status from fastapi.security import OAuth2PasswordRequestForm from sqlalchemy.orm import Session +from starlette.responses import JSONResponse from app import crud, schemas from app.auth import oauth2_scheme @@ -92,12 +93,13 @@ def authentication( session, *_ = crud.create_session(db, user_id=user_id, token=token) session = crud.update_session_last_used_field(db, session=session) # set the cookie if requested + final_response = JSONResponse({"access_token": token, "token_type": "bearer"}) if set_cookie: # Don't add httponly=True or secure=True as it's still in # development phase, but it should be added once the front-end # is ready - response.cookies.update({"opsession": token}) - return {"access_token": token, "token_type": "bearer"} + final_response.set_cookie({"opsession": token}) + return final_response elif response.status_code == 403: time.sleep(2) # prevents brute-force raise HTTPException(