cloud-api/src/user/router.py

"""
Router endpoints for the user module

Endpoints:
 - [GET](/user/self/claims): [OIDC claims]: Returns all OIDC claims associated with the currently logged-in user.
 - [GET](/user/self/db): [OIDC claims]: Returns details about the currently logged-in user from the hub db.
 - [GET](/user/): [super admin]: Returns user(id) details.
 - [DELETE](/user/): [super admin]: Removes a User(id) from the hub database.
"""

from fastapi import APIRouter, status, BackgroundTasks

from src.auth.exceptions import UnauthorizedException
from src.organisation.exceptions import OrgNotFoundException
from src.user.schemas import (
	UserResponse,
	OIDCClaims,
	UserPostInvitationRequest,
	UserPostInvitationAcceptRequest,
)
from src.user.dependencies import (
	user_model_claims_dependency,
	user_model_query_dependency,
)
from src.user.service import send_invitation
from src.organisation.models import Organisation as Org

from src.auth.dependencies import (
	super_admin_dependency,
	org_model_root_claim_body_dependency,
)
from src.auth.service import claims_dependency
from src.database import db_dependency
from src.utils import decode_jwt

router = APIRouter(
	prefix="/user",
	tags=["User"],
)


@router.get(
	"/self/claims",
	summary="Get current user OIDC claims.",
	response_model=OIDCClaims,
	status_code=status.HTTP_200_OK,
	responses={
		status.HTTP_200_OK: {"description": "Successful retrieval from database"},
	},
)
async def current_user_claims(user: claims_dependency):
	"""
	Returns the full OIDC claims associated with the currently logged-in user.
	"""
	user["allowed_origins"] = user.get("allowed-origins", [])
	return user


@router.get(
	"/self/db",
	summary="Get current user hub details.",
	response_model=UserResponse,
	status_code=status.HTTP_200_OK,
	responses={
		status.HTTP_404_NOT_FOUND: {"description": "User not found"},
		status.HTTP_200_OK: {"description": "Successful retrieval from database"},
	},
)
async def current_user(user_model: user_model_claims_dependency):
	"""
	Returns the database details associated with the currently logged-in user.
	"""
	return user_model


@router.get(
	"/",
	summary="Get user hub details by ID.",
	response_model=UserResponse,
	status_code=status.HTTP_200_OK,
	responses={
		status.HTTP_404_NOT_FOUND: {"description": "User not found"},
		status.HTTP_200_OK: {"description": "Successful retrieval from database"},
	},
)
async def get_user_by_id(
	user_model: user_model_query_dependency, su: super_admin_dependency
):
	"""
	Returns the database details associated with the provided user ID.
	"""
	return user_model


@router.delete(
	"/",
	summary="Delete user from hub by ID.",
	status_code=status.HTTP_204_NO_CONTENT,
	responses={
		status.HTTP_204_NO_CONTENT: {"description": "User deleted"},
		status.HTTP_404_NOT_FOUND: {"description": "User not found"},
	},
)
async def delete_user_by_id(
	db: db_dependency,
	user_model: user_model_query_dependency,
	su: super_admin_dependency,
):
	"""
	Deletes the user with the provided ID from the database. This will not remove them from OIDC, and they will be automatically readded on next login.
	"""
	db.delete(user_model)
	db.commit()


@router.post(
	"/invitation",
	summary="Send an email invitation for a user to join an org",
	status_code=status.HTTP_200_OK,
)
async def invitation(
	background_tasks: BackgroundTasks,
	org_model: org_model_root_claim_body_dependency,
	request_model: UserPostInvitationRequest,
):
	org_id = org_model.id
	org_name = org_model.name
	user_email = request_model.user_email

	background_tasks.add_task(
		send_invitation, org_id=org_id, org_name=org_name, user_email=user_email
	)

	return "Invitation sent"


@router.post(
	"/invitation/accept",
	summary="Accept email invitation to join an org",
	status_code=status.HTTP_200_OK,
)
async def accept_invitation(
	db: db_dependency,
	user_model: user_model_claims_dependency,
	request_model: UserPostInvitationAcceptRequest,
):
	email_claims = await decode_jwt(request_model.jwt)
	claimed_email = email_claims["user_email"]

	if user_model.email != claimed_email:
		raise UnauthorizedException("The logged in user and email do not match.")

	org_model = db.get(Org, email_claims["org_id"])
	if org_model is None:
		raise OrgNotFoundException()

	org_model.user_rel.append(user_model)
	db.commit()

	return "Invitation accepted"
Initial commit 2026-04-06 12:41:49 +01:00			`"""`
docs: user docstrings Issue: #13 2026-05-28 14:55:44 +01:00			`Router endpoints for the user module`
Initial commit 2026-04-06 12:41:49 +01:00
			`Endpoints:`
docs: user docstrings Issue: #13 2026-05-28 14:55:44 +01:00			`- [GET](/user/self/claims): [OIDC claims]: Returns all OIDC claims associated with the currently logged-in user.`
			`- [GET](/user/self/db): [OIDC claims]: Returns details about the currently logged-in user from the hub db.`
			`- [GET](/user/): [super admin]: Returns user(id) details.`
			`- [DELETE](/user/): [super admin]: Removes a User(id) from the hub database.`
Initial commit 2026-04-06 12:41:49 +01:00			`"""`
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00
feat: sensical user invitation Users can now be invited to an org by email. "Email" for now is "print to stdout" Resolves #12 2026-06-09 12:22:36 +01:00			`from fastapi import APIRouter, status, BackgroundTasks`
Initial commit 2026-04-06 12:41:49 +01:00
fix: pycharm import error 2026-06-09 14:47:37 +01:00			`from src.auth.exceptions import UnauthorizedException`
			`from src.organisation.exceptions import OrgNotFoundException`
feat: sensical user invitation Users can now be invited to an org by email. "Email" for now is "print to stdout" Resolves #12 2026-06-09 12:22:36 +01:00			`from src.user.schemas import (`
			`UserResponse,`
			`OIDCClaims,`
			`UserPostInvitationRequest,`
			`UserPostInvitationAcceptRequest,`
			`)`
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00			`from src.user.dependencies import (`
			`user_model_claims_dependency,`
			`user_model_query_dependency,`
			`)`
feat: sensical user invitation Users can now be invited to an org by email. "Email" for now is "print to stdout" Resolves #12 2026-06-09 12:22:36 +01:00			`from src.user.service import send_invitation`
			`from src.organisation.models import Organisation as Org`
Initial commit 2026-04-06 12:41:49 +01:00
feat: sensical user invitation Users can now be invited to an org by email. "Email" for now is "print to stdout" Resolves #12 2026-06-09 12:22:36 +01:00			`from src.auth.dependencies import (`
			`super_admin_dependency,`
			`org_model_root_claim_body_dependency,`
			`)`
Initial commit 2026-04-06 12:41:49 +01:00			`from src.auth.service import claims_dependency`
			`from src.database import db_dependency`
feat: sensical user invitation Users can now be invited to an org by email. "Email" for now is "print to stdout" Resolves #12 2026-06-09 12:22:36 +01:00			`from src.utils import decode_jwt`
Initial commit 2026-04-06 12:41:49 +01:00
			`router = APIRouter(`
			`prefix="/user",`
docs: user module In-line and Swagger docs improvements on the User module and endpoints 2026-05-20 15:23:40 +01:00			`tags=["User"],`
Initial commit 2026-04-06 12:41:49 +01:00			`)`


minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00			`@router.get(`
			`"/self/claims",`
			`summary="Get current user OIDC claims.",`
			`response_model=OIDCClaims,`
			`status_code=status.HTTP_200_OK,`
			`responses={`
			`status.HTTP_200_OK: {"description": "Successful retrieval from database"},`
			`},`
			`)`
Initial commit 2026-04-06 12:41:49 +01:00			`async def current_user_claims(user: claims_dependency):`
docs: user module In-line and Swagger docs improvements on the User module and endpoints 2026-05-20 15:23:40 +01:00			`"""`
			`Returns the full OIDC claims associated with the currently logged-in user.`
			`"""`
			`user["allowed_origins"] = user.get("allowed-origins", [])`
Initial commit 2026-04-06 12:41:49 +01:00			`return user`


minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00			`@router.get(`
			`"/self/db",`
			`summary="Get current user hub details.",`
			`response_model=UserResponse,`
			`status_code=status.HTTP_200_OK,`
			`responses={`
			`status.HTTP_404_NOT_FOUND: {"description": "User not found"},`
			`status.HTTP_200_OK: {"description": "Successful retrieval from database"},`
			`},`
			`)`
feat: user dependencies In addition to the by-query and by-body db fetch dependencies. Users also have a by-claim dependency. Issue #6 2026-05-27 13:27:24 +01:00			`async def current_user(user_model: user_model_claims_dependency):`
docs: user module In-line and Swagger docs improvements on the User module and endpoints 2026-05-20 15:23:40 +01:00			`"""`
			`Returns the database details associated with the currently logged-in user.`
			`"""`
Initial commit 2026-04-06 12:41:49 +01:00			`return user_model`


minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00			`@router.get(`
			`"/",`
			`summary="Get user hub details by ID.",`
			`response_model=UserResponse,`
			`status_code=status.HTTP_200_OK,`
			`responses={`
			`status.HTTP_404_NOT_FOUND: {"description": "User not found"},`
			`status.HTTP_200_OK: {"description": "Successful retrieval from database"},`
			`},`
			`)`
			`async def get_user_by_id(`
			`user_model: user_model_query_dependency, su: super_admin_dependency`
			`):`
docs: user module In-line and Swagger docs improvements on the User module and endpoints 2026-05-20 15:23:40 +01:00			`"""`
			`Returns the database details associated with the provided user ID.`
			`"""`
Initial commit 2026-04-06 12:41:49 +01:00			`return user_model`


minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00			`@router.delete(`
			`"/",`
			`summary="Delete user from hub by ID.",`
			`status_code=status.HTTP_204_NO_CONTENT,`
			`responses={`
			`status.HTTP_204_NO_CONTENT: {"description": "User deleted"},`
			`status.HTTP_404_NOT_FOUND: {"description": "User not found"},`
			`},`
			`)`
			`async def delete_user_by_id(`
			`db: db_dependency,`
feat: delete endpoint queries Delete endpoints do not fully support bodies. Queries used instead. Tests added. Resolves #20 2026-06-09 09:09:41 +01:00			`user_model: user_model_query_dependency,`
minor: ruff formatter All changes are either: - Correcting tabs - Adding/removing line breaks - Adding trailing commas 2026-06-08 15:31:37 +01:00			`su: super_admin_dependency,`
			`):`
docs: user module In-line and Swagger docs improvements on the User module and endpoints 2026-05-20 15:23:40 +01:00			`"""`
			`Deletes the user with the provided ID from the database. This will not remove them from OIDC, and they will be automatically readded on next login.`
			`"""`
Initial commit 2026-04-06 12:41:49 +01:00			`db.delete(user_model)`
			`db.commit()`
feat: sensical user invitation Users can now be invited to an org by email. "Email" for now is "print to stdout" Resolves #12 2026-06-09 12:22:36 +01:00

			`@router.post(`
			`"/invitation",`
			`summary="Send an email invitation for a user to join an org",`
			`status_code=status.HTTP_200_OK,`
			`)`
			`async def invitation(`
			`background_tasks: BackgroundTasks,`
			`org_model: org_model_root_claim_body_dependency,`
			`request_model: UserPostInvitationRequest,`
			`):`
			`org_id = org_model.id`
			`org_name = org_model.name`
			`user_email = request_model.user_email`

			`background_tasks.add_task(`
			`send_invitation, org_id=org_id, org_name=org_name, user_email=user_email`
			`)`

			`return "Invitation sent"`


			`@router.post(`
			`"/invitation/accept",`
			`summary="Accept email invitation to join an org",`
			`status_code=status.HTTP_200_OK,`
			`)`
			`async def accept_invitation(`
			`db: db_dependency,`
			`user_model: user_model_claims_dependency,`
			`request_model: UserPostInvitationAcceptRequest,`
			`):`
			`email_claims = await decode_jwt(request_model.jwt)`
			`claimed_email = email_claims["user_email"]`

			`if user_model.email != claimed_email:`
			`raise UnauthorizedException("The logged in user and email do not match.")`

			`org_model = db.get(Org, email_claims["org_id"])`
			`if org_model is None:`
			`raise OrgNotFoundException()`

			`org_model.user_rel.append(user_model)`
			`db.commit()`

			`return "Invitation accepted"`