REFACTOR API gateway fix 6

2025-07-26 21:48:53 +02:00
parent 7d5c8bc9a4
commit de3bd5e541
5 changed files with 66 additions and 74 deletions
--- a/services/auth/app/services/auth_service.py
+++ b/services/auth/app/services/auth_service.py
@@ -26,10 +26,7 @@ class AuthService:
        full_name: str,
        db: AsyncSession
    ) -> Dict[str, Any]:
-        """
-        Register new user and return tokens directly (NEW METHOD)
-        Follows industry best practices for immediate authentication
-        """
+        """Register new user and return tokens directly - COMPLETELY FIXED"""
        try:
            # Check if user already exists
            result = await db.execute(select(User).where(User.email == email))
@@ -48,48 +45,46 @@ class AuthService:
                hashed_password=hashed_password,
                full_name=full_name,
                is_active=True,
-                is_verified=False,  # Will be verified via email
+                is_verified=False,
                created_at=datetime.now(timezone.utc)
            )
            
            db.add(new_user)
            await db.flush()  # Get user ID without committing
            
-            # Generate tokens immediately (shorter lifespan for unverified users)
-            access_token = SecurityManager.create_access_token(
-                user_data={
-                    "user_id": str(new_user.id),
-                    "email": new_user.email,
-                    "full_name": new_user.full_name,
-                    "is_verified": new_user.is_verified
-                }
-            )
+            # ✅ FIX 2: Create complete user_data for token generation
+            complete_user_data = {
+                "user_id": str(new_user.id),
+                "email": new_user.email,
+                "full_name": new_user.full_name,
+                "is_verified": new_user.is_verified
+            }
            
-            refresh_token_value = SecurityManager.create_refresh_token(
-                user_data={"user_id": str(new_user.id)}
-            )
+            # Generate tokens with complete user data
+            access_token = SecurityManager.create_access_token(user_data=complete_user_data)
+            
+            # ✅ FIX 3: Pass complete user data for refresh token too
+            refresh_token_value = SecurityManager.create_refresh_token(user_data=complete_user_data)
            
            # Store refresh token in database
            refresh_token = RefreshToken(
                user_id=new_user.id,
                token=refresh_token_value,
-                expires_at=datetime.now(timezone.utc) + timedelta(days=7),  # Shorter for new users
+                expires_at=datetime.now(timezone.utc) + timedelta(days=7),
                is_revoked=False
            )
            
            db.add(refresh_token)
            await db.commit()
            
-            # Publish registration event (async)
+            # Publish registration event
            try:
-                await publish_user_registered(
-                    {
+                await publish_user_registered({
                    "user_id": str(new_user.id),
                    "email": new_user.email,
                    "full_name": new_user.full_name,
                    "registered_at": new_user.created_at.isoformat()
-                    }
-                )
+                })
            except Exception as e:
                logger.warning(f"Failed to publish registration event: {e}")