feat: update the endpoint details of the auth api

jbriones1 · jbriones1 · commit 30b3a779bfb5 · 2025-09-06T20:44:25.000-07:00
diff --git a/src/auth/crud.py b/src/auth/crud.py
@@ -4,7 +4,6 @@
 import sqlalchemy
 from sqlalchemy.ext.asyncio import AsyncSession
 
-from auth.models import SiteUserModel
 from auth.tables import SiteUser, UserSession
 
 _logger = logging.getLogger(__name__)
diff --git a/src/auth/models.py b/src/auth/models.py
@@ -8,6 +8,9 @@ class LoginBodyParams(BaseModel):
     ticket: str = Field(description="Ticket return from SFU's CAS system")
     redirect_url: str | None = Field(None, description="Optional redirect URL")
 
+class UpdateUserParams(BaseModel):
+    profile_picture_url: str
+
 class UserSessionModel(BaseModel):
     computing_id: str
     issue_time: datetime
@@ -17,4 +20,4 @@ class SiteUserModel(BaseModel):
     computing_id: str
     first_logged_in: datetime
     last_logged_in: datetime
-    profile_picture_url: str | None
+    profile_picture_url: str | None = None
diff --git a/src/auth/urls.py b/src/auth/urls.py
@@ -10,7 +10,7 @@
 
 import database
 from auth import crud
-from auth.models import LoginBodyParams, SiteUserModel
+from auth.models import LoginBodyParams, SiteUserModel, UpdateUserParams
 from constants import DOMAIN, IS_PROD, SAMESITE
 from utils.shared_models import DetailModel, MessageModel
 
@@ -134,15 +134,16 @@ async def get_user(
     """
     session_id = request.cookies.get("session_id", None)
     if session_id is None:
-        raise HTTPException(status_code=401, detail="User must be authenticated to get their info")
+        raise HTTPException(status_code=401, detail="user must be authenticated to get their info")
 
     user_info = await crud.get_site_user(db_session, session_id)
     if user_info is None:
-        raise HTTPException(status_code=401, detail="Could not find user with session_id, please log in")
+        raise HTTPException(status_code=401, detail="could not find user with session_id, please log in")
 
     return JSONResponse(user_info.serialize())
 
 
+# TODO: We should change this so that the admins can change people's pictures too, so they can remove offensive stuff
 @router.patch(
     "/user",
     operation_id="update_user",
@@ -153,18 +154,18 @@ async def get_user(
     },
 )
 async def update_user(
-    profile_picture_url: str,
+    body: UpdateUserParams,
     request: Request,
     db_session: database.DBSession,
 ):
     """
     Returns the info stored in the site_user table in the auth module, if the user is logged in.
     """
-    session_id = request.cookies.get("session_id", None)
+    session_id = request.cookies.get("session_id")
     if session_id is None:
-        raise HTTPException(status_code=401, detail="User must be authenticated to get their info")
+        raise HTTPException(status_code=401, detail="user must be authenticated to get their info")
 
-    ok = await crud.update_site_user(db_session, session_id, profile_picture_url)
+    ok = await crud.update_site_user(db_session, session_id, body.profile_picture_url)
     await db_session.commit()
     if not ok:
-        raise HTTPException(status_code=401, detail="Could not find user with session_id, please log in")
+        raise HTTPException(status_code=401, detail="could not find user with session_id, please log in")
