Committing the work

src/auth.py

@@ -100,6 +100,26 @@ async def get_verified_device(
         raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Device is not active.")
     return device_orm
 
+
+async def authenticate_user(
+    username: str,
+    password: str,
+    db: SQLAlchemySessionType = Depends(get_db)
+) -> models.User: # Returns ORM User model
+    """
+    Authenticates a user by username and password.
+    Returns the ORM User model if successful, raises HTTPException otherwise.
+    """
+    user_orm = await run_in_threadpool(crud.get_user_by_username, db, username)
+    
+    if not user_orm or not user_orm.is_active:
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials or inactive user.")
+    
+    if not crud.verify_password(password, user_orm.hashed_password):
+        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect password.")
+    
+    return user_orm # Return the ORM User model
+
 # Tag-based authentication (User/Student Authentication via RFID tag)
 async def authenticate_tag_user_or_student( # Renamed for clarity
     tag_id: str = Header(..., alias="X-User-Tag-ID", description="RFID Tag ID of the user or student"),

src/routers/admin.py

@@ -8,13 +8,13 @@ from sqlalchemy.orm import Session
 from datetime import datetime, timedelta
 
 from src import crud, models
-from src.auth import get_current_active_admin_user, get_current_active_user
+from src.auth import get_current_active_admin_user_from_token, get_current_active_user
 from src.database import get_db
 
 router = APIRouter(
     prefix="/api/admin",
     tags=["Admin"],
-    dependencies=[Depends(get_current_active_admin_user)]
+    dependencies=[Depends(get_current_active_admin_user_from_token)]
 )
 
 @router.post("/prepare-tag-link", status_code=status.HTTP_202_ACCEPTED, response_model=dict)
@@ -57,7 +57,7 @@ async def prepare_device_for_tag_linking(
 async def delete_user_endpoint(
     username: str,
     db: Session = Depends(get_db),
-    current_admin: models.User = Depends(get_current_active_admin_user)
+    current_admin: models.User = Depends(get_current_active_admin_user_from_token)
 ):
     """
     Admin: Permanently deletes a user (staff or other admin).

src/routers/clearance.py

@@ -7,13 +7,13 @@ from fastapi.concurrency import run_in_threadpool
 
 from src import crud, models
 from src.database import get_db
-from src.auth import get_current_active_staff_user
+from src.auth import get_current_active_user, get_current_active_staff_user_from_token
 from src.utils import format_student_clearance_details
 
 router = APIRouter(
     prefix="/api/clearance",
     tags=["Clearance"],
-    dependencies=[Depends(get_current_active_staff_user)]
+    dependencies=[Depends(get_current_active_staff_user_from_token)]
 )
 
 class ClearanceUpdatePayload(models.BaseModel):
@@ -25,7 +25,7 @@ async def update_student_clearance(
     student_id_str: str,
     payload: ClearanceUpdatePayload,
     db: Session = Depends(get_db),
-    current_user: models.User = Depends(get_current_active_staff_user)
+    current_user: models.User = Depends(get_current_active_staff_user_from_token)
 ):
     """
     Staff/Admin: Update a student's clearance status for their department.
@@ -45,7 +45,7 @@ async def reset_student_clearance(
     student_id_str: str,
     department_str: str,
     db: Session = Depends(get_db),
-    current_user: models.User = Depends(get_current_active_staff_user)
+    current_user: models.User = Depends(get_current_active_staff_user_from_token)
 ):
     """
     Staff/Admin: Reset a student's clearance status for a department.

src/routers/token.py

@@ -8,7 +8,7 @@ from datetime import timedelta
 
 from src import models
 from src.database import get_db
-from src.auth import authenticate_user, create_access_token
+from src.auth import create_access_token, authenticate_tag_user_or_student as authenticate_user
 from src.config import settings
 
 router = APIRouter(

src/routers/users.py

@@ -7,14 +7,14 @@ from typing import List
 
 from src import crud, models
 from src.database import get_db
-from src.auth import get_current_active_user, get_current_active_admin_user
+from src.auth import get_current_active_user, get_current_active_admin_user_from_token
 
 router = APIRouter(
     prefix="/api/users",
     tags=["Users"],
 )
 
-@router.post("/", response_model=models.UserResponse, status_code=status.HTTP_201_CREATED, dependencies=[Depends(get_current_active_admin_user)])
+@router.post("/", response_model=models.UserResponse, status_code=status.HTTP_201_CREATED, dependencies=[Depends(get_current_active_admin_user_from_token)])
 async def create_new_user(user: models.UserCreate, db: Session = Depends(get_db)):
     """
     Admin: Create a new user (staff or admin).
@@ -24,7 +24,7 @@ async def create_new_user(user: models.UserCreate, db: Session = Depends(get_db)
     except HTTPException as e:
         raise e
 
-@router.get("/", response_model=List[models.UserResponse], dependencies=[Depends(get_current_active_admin_user)])
+@router.get("/", response_model=List[models.UserResponse], dependencies=[Depends(get_current_active_admin_user_from_token)])
 async def read_users(skip: int = 0, limit: int = 100, db: Session = Depends(get_db)):
     """
     Admin: Retrieve a list of all users.