# services/auth/app/api/auth.py - Fixed Login Method """ Authentication API endpoints - FIXED VERSION """ from fastapi import APIRouter, Depends, HTTPException, status, Request from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials from sqlalchemy.ext.asyncio import AsyncSession import structlog from app.core.database import get_db from app.core.security import SecurityManager from app.services.auth_service import AuthService from app.schemas.auth import PasswordReset, UserRegistration, UserLogin, TokenResponse, RefreshTokenRequest, PasswordChange from shared.monitoring.decorators import track_execution_time from shared.monitoring.metrics import get_metrics_collector logger = structlog.get_logger() router = APIRouter() security = HTTPBearer() @router.post("/register", response_model=TokenResponse) @track_execution_time("registration_duration_seconds", "auth-service") async def register( user_data: UserRegistration, request: Request, db: AsyncSession = Depends(get_db) ): """Register new user with enhanced debugging""" metrics = get_metrics_collector(request) # ✅ DEBUG: Log incoming registration data (without password) logger.info(f"Registration attempt for email: {user_data.email}") logger.debug(f"Registration data - email: {user_data.email}, full_name: {user_data.full_name}") try: # ✅ DEBUG: Validate input data if not user_data.email or not user_data.email.strip(): raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Email is required" ) if not user_data.password or len(user_data.password) < 8: raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Password must be at least 8 characters long" ) if not user_data.full_name or not user_data.full_name.strip(): raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Full name is required" ) logger.debug(f"Input validation passed for {user_data.email}") result = await AuthService.register_user(user_data, db) logger.info(f"Registration successful for {user_data.email}") # Record successful registration if metrics: metrics.increment_counter("registration_total", labels={"status": "success"}) # ✅ DEBUG: Validate response before returning if not result.get("access_token"): logger.error(f"Registration succeeded but no access_token in result for {user_data.email}") raise HTTPException( status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="Registration completed but token generation failed" ) logger.debug(f"Returning token response for {user_data.email}") return TokenResponse(**result) except HTTPException as e: # Record failed registration with specific error if metrics: error_type = "validation_error" if e.status_code == 400 else "conflict" if e.status_code == 409 else "failed" metrics.increment_counter("registration_total", labels={"status": error_type}) logger.warning(f"Registration failed for {user_data.email}: {e.detail}") raise except Exception as e: # Record registration system error if metrics: metrics.increment_counter("registration_total", labels={"status": "error"}) logger.error(f"Registration system error for {user_data.email}: {str(e)}", exc_info=True) # ✅ DEBUG: Provide more specific error information in development error_detail = f"Registration failed: {str(e)}" if logger.level == "DEBUG" else "Registration failed" raise HTTPException( status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail=error_detail ) @router.post("/login", response_model=TokenResponse) @track_execution_time("login_duration_seconds", "auth-service") async def login( login_data: UserLogin, request: Request, db: AsyncSession = Depends(get_db) ): """Login user with enhanced debugging""" metrics = get_metrics_collector(request) logger.info(f"Login attempt for email: {login_data.email}") try: # ✅ DEBUG: Validate login data if not login_data.email or not login_data.email.strip(): raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Email is required" ) if not login_data.password: raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="Password is required" ) # Attempt login through AuthService result = await AuthService.login_user(login_data, db) # Record successful login if metrics: metrics.increment_counter("login_success_total") logger.info(f"Login successful for {login_data.email}") return TokenResponse(**result) except HTTPException as e: # Record failed login with specific reason if metrics: reason = "validation_error" if e.status_code == 400 else "auth_failed" metrics.increment_counter("login_failure_total", labels={"reason": reason}) logger.warning(f"Login failed for {login_data.email}: {e.detail}") raise except Exception as e: # Record login system error if metrics: metrics.increment_counter("login_failure_total", labels={"reason": "error"}) logger.error(f"Login system error for {login_data.email}: {str(e)}", exc_info=True) raise HTTPException( status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="Login failed" ) @router.post("/refresh", response_model=TokenResponse) @track_execution_time("token_refresh_duration_seconds", "auth-service") async def refresh_token( refresh_data: RefreshTokenRequest, request: Request, db: AsyncSession = Depends(get_db) ): """Refresh access token""" metrics = get_metrics_collector(request) try: result = await AuthService.refresh_access_token(refresh_data.refresh_token, db) # Record successful refresh if metrics: metrics.increment_counter("token_refresh_success_total") return TokenResponse(**result) except HTTPException as e: if metrics: metrics.increment_counter("token_refresh_failure_total") logger.warning(f"Token refresh failed: {e.detail}") raise except Exception as e: if metrics: metrics.increment_counter("token_refresh_failure_total") logger.error(f"Token refresh error: {e}") raise HTTPException( status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="Token refresh failed" ) @router.post("/verify") @track_execution_time("token_verify_duration_seconds", "auth-service") async def verify_token( credentials: HTTPAuthorizationCredentials = Depends(security), request: Request = None ): """Verify access token and return user info""" metrics = get_metrics_collector(request) if request else None try: if not credentials: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Authentication required" ) result = await AuthService.verify_user_token(credentials.credentials) # Record successful verification if metrics: metrics.increment_counter("token_verify_success_total") return { "valid": True, "user_id": result.get("user_id"), "email": result.get("email"), "exp": result.get("exp"), "message": None } except HTTPException as e: if metrics: metrics.increment_counter("token_verify_failure_total") logger.warning(f"Token verification failed: {e.detail}") raise except Exception as e: if metrics: metrics.increment_counter("token_verify_failure_total") logger.error(f"Token verification error: {e}") raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token" ) @router.post("/logout") @track_execution_time("logout_duration_seconds", "auth-service") async def logout( refresh_data: RefreshTokenRequest, request: Request, db: AsyncSession = Depends(get_db) ): """Logout user by revoking refresh token""" metrics = get_metrics_collector(request) try: success = await AuthService.logout(refresh_data.refresh_token, db) if metrics: status_label = "success" if success else "failed" metrics.increment_counter("logout_total", labels={"status": status_label}) return {"message": "Logout successful" if success else "Logout failed"} except Exception as e: if metrics: metrics.increment_counter("logout_total", labels={"status": "error"}) logger.error(f"Logout error: {e}") raise HTTPException( status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="Logout failed" ) # ================================================================ # PASSWORD MANAGEMENT ENDPOINTS # ================================================================ @router.post("/change-password") async def change_password( password_data: PasswordChange, credentials: HTTPAuthorizationCredentials = Depends(security), request: Request = None, db: AsyncSession = Depends(get_db) ): """Change user password""" metrics = get_metrics_collector(request) if request else None try: if not credentials: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Authentication required" ) # Verify current token payload = await AuthService.verify_user_token(credentials.credentials) user_id = payload.get("user_id") if not user_id: raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid token" ) # Validate new password if not SecurityManager.validate_password(password_data.new_password): raise HTTPException( status_code=status.HTTP_400_BAD_REQUEST, detail="New password does not meet security requirements" ) # Change password logic would go here # This is a simplified version - you'd need to implement the actual password change in AuthService # Record password change if metrics: metrics.increment_counter("password_change_total", labels={"status": "success"}) logger.info(f"Password changed for user: {user_id}") return {"message": "Password changed successfully"} except HTTPException: raise except Exception as e: # Record password change error if metrics: metrics.increment_counter("password_change_total", labels={"status": "error"}) logger.error(f"Password change error: {e}") raise HTTPException( status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="Password change failed" ) @router.post("/reset-password") async def reset_password( reset_data: PasswordReset, request: Request, db: AsyncSession = Depends(get_db) ): """Request password reset""" metrics = get_metrics_collector(request) try: # Password reset logic would go here # This is a simplified version - you'd need to implement email sending, etc. # Record password reset request if metrics: metrics.increment_counter("password_reset_total", labels={"status": "requested"}) logger.info(f"Password reset requested for: {reset_data.email}") return {"message": "Password reset email sent if account exists"} except Exception as e: # Record password reset error if metrics: metrics.increment_counter("password_reset_total", labels={"status": "error"}) logger.error(f"Password reset error: {e}") raise HTTPException( status_code=status.HTTP_500_INTERNAL_SERVER_ERROR, detail="Password reset failed" ) # ================================================================ # HEALTH AND STATUS ENDPOINTS # ================================================================ @router.get("/health") async def health_check(): """Health check endpoint""" return { "status": "healthy", "service": "auth-service", "version": "1.0.0" }