New commits

src/auth.py

@@ -8,8 +8,9 @@ from src import crud, models
 from src.database import get_db
 from typing import Optional, Dict, Any # Added Any
 from datetime import datetime, timedelta
-import jwt
 from typing import Union # For type hinting
+from jose import JWTError, jwt
+from passlib.context import CryptContext # For password hashing
 
 # JWT Configuration - Loaded from models.py (which loads from .env)
 SECRET_KEY = models.JWT_SECRET_KEY
@@ -18,6 +19,24 @@ ACCESS_TOKEN_EXPIRE_MINUTES = 30
 
 oauth2_scheme = OAuth2PasswordBearer(tokenUrl="/api/token/login") # Path to token endpoint
 
+pwd_context = CryptContext(schemes=["bcrypt"], deprecated="auto") # Password hashing context
+# Password hashing context from models.py
+
+def verify_password(plain_password: str, hashed_password: str) -> bool:
+    """
+    Verifies a plain password against a hashed password.
+    Uses the CryptContext to verify the password.
+    """
+    return pwd_context.verify(plain_password, hashed_password)
+
+def get_password_hash(password: str) -> str:
+    """
+    Hashes a password using the CryptContext.
+    This is used when creating or updating user passwords.
+    """
+    return pwd_context.hash(password)
+
+
 # --- JWT Helper Functions ---
 def create_access_token(data: dict, expires_delta: Optional[timedelta] = None) -> str:
     to_encode = data.copy()
@@ -110,15 +129,16 @@ async def authenticate_user(
     Authenticates a user by username and password.
     Returns the ORM User model if successful, raises HTTPException otherwise.
     """
-    user_orm = await run_in_threadpool(crud.get_user_by_username, db, username)
+    user = await run_in_threadpool(crud.get_user_by_username, db, username)
     
-    if not user_orm or not user_orm.is_active:
-        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Invalid credentials or inactive user.")
+    if not user:
+        return None  # User not found, return None
     
-    if not crud.verify_password(password, user_orm.hashed_password):
-        raise HTTPException(status_code=status.HTTP_401_UNAUTHORIZED, detail="Incorrect password.")
-    
-    return user_orm # Return the ORM User model
+    is_password_valid = verify_password(password, user.hashed_password)
+    if not is_password_valid:
+        return None
+
+    return user  # Return the ORM User model if password is valid
 
 # Tag-based authentication (User/Student Authentication via RFID tag)
 async def authenticate_tag_user_or_student( # Renamed for clarity

src/routers/students.py

@@ -13,9 +13,8 @@ from src.utils import format_student_clearance_details
 
 router = APIRouter(
     prefix="/api/students",
-    tags=["Students"],
-    dependencies=[Depends(get_current_active_admin_user_from_token)]
-)
+    tags=["students"],
+    )
 
 @router.post("/", response_model=models.StudentResponse, status_code=status.HTTP_201_CREATED)
 async def create_student_endpoint(