fix: use LoginRequest schema instead of query params for login endpoint

2026-02-18 23:44:58 -03:00 · 2026-02-18 23:44:58 -03:00 · b1adf39682
parent 4e44c8f7be
commit b1adf39682
2 changed files with 8 additions and 5 deletions
--- a/app/api/auth.py
+++ b/app/api/auth.py
@ -7,7 +7,7 @@ from app.core.database import get_db
 from app.core.security import verify_password, get_password_hash, create_access_token, create_refresh_token, decode_token
 from app.models.user import User
 from app.models.organization import Organization, OrganizationMember, MemberRole
-from app.schemas.user import UserCreate, UserRead, Token
+from app.schemas.user import UserCreate, UserRead, Token, LoginRequest
 from app.services.audit import AuditService
 import re

@ -86,16 +86,15 @@ async def register(

@router.post("/login", response_model=Token)
 async def login(
-    email: str,
-    password: str,
+    credentials: LoginRequest,
    request: Request,
    db: AsyncSession = Depends(get_db)
 ):
    """Login and get access token."""
-    result = await db.execute(select(User).where(User.email == email))
+    result = await db.execute(select(User).where(User.email == credentials.email))
    user = result.scalar_one_or_none()
    
-    if not user or not verify_password(password, user.hashed_password):
+    if not user or not verify_password(credentials.password, user.hashed_password):
        raise HTTPException(
            status_code=status.HTTP_401_UNAUTHORIZED,
            detail="Invalid email or password"
--- a/app/schemas/user.py
+++ b/app/schemas/user.py
@ -10,6 +10,10 @@ class UserBase(BaseModel):
 class UserCreate(UserBase):
    password: str

+class LoginRequest(BaseModel):
+    email: EmailStr
+    password: str
+
 class UserUpdate(BaseModel):
    email: Optional[EmailStr] = None
    full_name: Optional[str] = None