[FEATURE] FastAPI Users Integration #5
Description
about: Replace custom auth with FastAPI Users while preserving RBAC
labels: enhancement, help wanted
assignees: ''
What
Integrate FastAPI Users for JWT auth, registration, login, logout, password reset & email verification using SQLAlchemy/SQLite, replacing custom code in app/api/authentication without breaking RBAC.
Checklist
- Install & configure FastAPI Users
- Update
app/models/user.pyto includeis_active,is_superuser,is_verified - Wire up routes under
/auth/*(register, jwt/login, forgot-password, verify) - Preserve existing RBAC (
validate_transaction_access) in protected endpoints - Migrate or wrap audit logging (
audit_user_ip,audit_user_login) - Add
tests/test_auth.pyusing pytest + httpx for:- registration (201 + public data)
- login (JWT token)
- access to protected route
- password reset & email verification
- Update README with new setup & env vars
Acceptance Criteria
- Test coverage ≥ 95% (no net drop)
- All existing tests pass
- Users can register, login, reset password & verify email
- Protected routes enforce JWT auth + RBAC
- Audit logs still recorded for user actions
References
- FastAPI Users Docs: https://fastapi-users.github.io/fastapi-users/
- FastAPI Users GitHub: https://github.com/fastapi-users/fastapi-users