Fix some redirect paths broken by our refactor

Author: chriscarrollsmith

README.md

@@ -164,7 +164,7 @@ Make sure the development database is running and tables and default
 permissions/roles are created first.
 
 ``` bash
-uv run uvicorn main:app --host 0.0.0.0 --port 8000 --reload
+uv run python -m uvicorn main:app --host 0.0.0.0 --port 8000 --reload
 ```
 
 Navigate to http://localhost:8000/

docs/static/documentation.txt

@@ -129,7 +129,7 @@ docker compose up -d
 Make sure the development database is running and tables and default permissions/roles are created first.
 
 ``` bash
-uv run uvicorn main:app --host 0.0.0.0 --port 8000 --reload
+uv run python -m uvicorn main:app --host 0.0.0.0 --port 8000 --reload
 ```
 
 Navigate to http://localhost:8000/

index.qmd

@@ -131,7 +131,7 @@ docker compose up -d
 Make sure the development database is running and tables and default permissions/roles are created first.
 
 ``` bash
-uv run uvicorn main:app --host 0.0.0.0 --port 8000 --reload
+uv run python -m uvicorn main:app --host 0.0.0.0 --port 8000 --reload
 ```
 
 Navigate to http://localhost:8000/

routers/account.py

@@ -5,6 +5,7 @@
 from fastapi import APIRouter, Depends, BackgroundTasks, Form, Request
 from fastapi.responses import RedirectResponse
 from fastapi.templating import Jinja2Templates
+from starlette.datastructures import URLPath
 from pydantic import EmailStr
 from sqlmodel import Session, select
 from utils.models import User, DataIntegrityError, Account
@@ -33,7 +34,8 @@
     CredentialsError,
     PasswordValidationError
 )
-
+from routers.dashboard import router as dashboard_router
+from routers.user import router as user_router
 logger = getLogger("uvicorn.error")
 
 router = APIRouter(prefix="/account", tags=["account"])
@@ -80,34 +82,15 @@ def validate_password_strength_and_match(
 # --- Routes ---
 
 
-@router.post("/delete", response_class=RedirectResponse)
-async def delete_account(
-    email: EmailStr = Form(...),
-    password: str = Form(...),
-    account: Account = Depends(get_authenticated_account),
-    session: Session = Depends(get_session)
-):
+@router.get("/logout", response_class=RedirectResponse)
+def logout():
     """
-    Delete a user account after verifying credentials.
+    Log out a user by clearing their cookies.
     """
-    # Verify the provided email matches the authenticated user
-    if email != account.email:
-        raise CredentialsError(message="Email does not match authenticated account")
-
-    # Verify password
-    if not verify_password(password, account.hashed_password):
-        raise PasswordValidationError(
-            field="password",
-            message="Password is incorrect"
-        )
-
-    # Delete the account and associated user
-    # Note: The user will be deleted automatically by cascade relationship
-    session.delete(account)
-    session.commit()
-
-    # Log out the user
-    return RedirectResponse(url="/account/logout", status_code=303)
+    response = RedirectResponse(url="/", status_code=303)
+    response.delete_cookie("access_token")
+    response.delete_cookie("refresh_token")
+    return response
 
 
 @router.get("/login")
@@ -120,7 +103,7 @@ async def read_login(
     Render login page or redirect to dashboard if already logged in.
     """
     if user:
-        return RedirectResponse(url="/dashboard", status_code=302)
+        return RedirectResponse(url=dashboard_router.url_path_for("read_dashboard"), status_code=302)
     return templates.TemplateResponse(
         "account/login.html",
         {"request": request, "user": user, "email_updated": email_updated}
@@ -136,7 +119,7 @@ async def read_register(
     Render registration page or redirect to dashboard if already logged in.
     """
     if user:
-        return RedirectResponse(url="/dashboard", status_code=302)
+        return RedirectResponse(url=dashboard_router.url_path_for("read_dashboard"), status_code=302)
 
     return templates.TemplateResponse(
         "account/register.html",
@@ -154,7 +137,7 @@ async def read_forgot_password(
     Render forgot password page or redirect to dashboard if already logged in.
     """
     if user:
-        return RedirectResponse(url="/dashboard", status_code=302)
+        return RedirectResponse(url=dashboard_router.url_path_for("read_dashboard"), status_code=302)
 
     return templates.TemplateResponse(
         "account/forgot_password.html",
@@ -185,6 +168,36 @@ async def read_reset_password(
     )
 
 
+@router.post("/delete", response_class=RedirectResponse)
+async def delete_account(
+    email: EmailStr = Form(...),
+    password: str = Form(...),
+    account: Account = Depends(get_authenticated_account),
+    session: Session = Depends(get_session)
+):
+    """
+    Delete a user account after verifying credentials.
+    """
+    # Verify the provided email matches the authenticated user
+    if email != account.email:
+        raise CredentialsError(message="Email does not match authenticated account")
+
+    # Verify password
+    if not verify_password(password, account.hashed_password):
+        raise PasswordValidationError(
+            field="password",
+            message="Password is incorrect"
+        )
+
+    # Delete the account and associated user
+    # Note: The user will be deleted automatically by cascade relationship
+    session.delete(account)
+    session.commit()
+
+    # Log out the user
+    return RedirectResponse(url=router.url_path_for("logout"), status_code=303)
+
+
 @router.post("/register", response_class=RedirectResponse)
 async def register(
     name: str = Form(...),
@@ -222,7 +235,7 @@ async def register(
     refresh_token = create_refresh_token(data={"sub": email})
 
     # Set cookie
-    response = RedirectResponse(url="/", status_code=303)
+    response = RedirectResponse(url=dashboard_router.url_path_for("read_dashboard"), status_code=303)
     response.set_cookie(
         key="access_token",
         value=access_token,
@@ -257,7 +270,7 @@ async def login(
     refresh_token = create_refresh_token(data={"sub": account.email})
 
     # Set cookie
-    response = RedirectResponse(url="/", status_code=303)
+    response = RedirectResponse(url=dashboard_router.url_path_for("read_dashboard"), status_code=303)
     response.set_cookie(
         key="access_token",
         value=access_token,
@@ -287,11 +300,11 @@ async def refresh_token(
     """
     _, refresh_token = tokens
     if not refresh_token:
-        return RedirectResponse(url="/login", status_code=303)
+        return RedirectResponse(url=router.url_path_for("read_login"), status_code=303)
 
     decoded_token = validate_token(refresh_token, token_type="refresh")
     if not decoded_token:
-        response = RedirectResponse(url="/login", status_code=303)
+        response = RedirectResponse(url=router.url_path_for("read_login"), status_code=303)
         response.delete_cookie("access_token")
         response.delete_cookie("refresh_token")
         return response
@@ -300,14 +313,14 @@ async def refresh_token(
     account = session.exec(select(Account).where(
         Account.email == user_email)).one_or_none()
     if not account:
-        return RedirectResponse(url="/login", status_code=303)
+        return RedirectResponse(url=router.url_path_for("read_login"), status_code=303)
 
     new_access_token = create_access_token(
         data={"sub": account.email, "fresh": False}
     )
     new_refresh_token = create_refresh_token(data={"sub": account.email})
 
-    response = RedirectResponse(url="/", status_code=303)
+    response = RedirectResponse(url=dashboard_router.url_path_for("read_dashboard"), status_code=303)
     response.set_cookie(
         key="access_token",
         value=new_access_token,
@@ -379,18 +392,7 @@ async def reset_password(
     session.commit()
     session.refresh(authorized_account)
 
-    return RedirectResponse(url="/login", status_code=303)
-
-
-@router.get("/logout", response_class=RedirectResponse)
-def logout():
-    """
-    Log out a user by clearing their cookies.
-    """
-    response = RedirectResponse(url="/", status_code=303)
-    response.delete_cookie("access_token")
-    response.delete_cookie("refresh_token")
-    return response
+    return RedirectResponse(url=router.url_path_for("read_login"), status_code=303)
 
 
 @router.post("/update_email")
@@ -429,8 +431,12 @@ async def request_email_update(
         session=session
     )
 
+    # Generate URL with query parameters separately
+    profile_path: URLPath = user_router.url_path_for("read_profile")
+    redirect_url = f"{profile_path}?email_update_requested=true"
+
     return RedirectResponse(
-        url="/profile?email_update_requested=true",
+        url=redirect_url,
         status_code=303
     )
 
@@ -461,9 +467,13 @@ async def confirm_email_update(
     access_token = create_access_token(data={"sub": new_email, "fresh": True})
     refresh_token = create_refresh_token(data={"sub": new_email})
 
+    # Generate URL with query parameters separately
+    profile_path: URLPath = user_router.url_path_for("read_profile")
+    redirect_url = f"{profile_path}?email_updated=true"
+    
     # Set cookies before redirecting
     response = RedirectResponse(
-        url="/profile?email_updated=true",
+        url=redirect_url,
         status_code=303
     )
 

routers/organization.py

@@ -5,7 +5,7 @@
 from fastapi.templating import Jinja2Templates
 from sqlmodel import Session, select
 from sqlalchemy.orm import selectinload
-from utils.db import get_session, default_roles, create_default_roles
+from utils.db import get_session, create_default_roles
 from utils.dependencies import get_authenticated_user, get_user_with_relations
 from utils.models import Organization, User, Role, Account, utc_time
 from utils.enums import ValidPermissions
@@ -138,7 +138,10 @@ def create_organization(
 
     session.refresh(db_org) # Refresh again to be safe before redirect
 
-    return RedirectResponse(url=f"/organizations/{db_org.id}", status_code=303)
+    return RedirectResponse(
+        url=router.url_path_for("read_organization", org_id=db_org.id),
+        status_code=303
+    )
 
 
 @router.post("/update/{org_id}", response_class=RedirectResponse)
@@ -177,7 +180,7 @@ def update_organization(
     session.add(organization)
     session.commit()
 
-    return RedirectResponse(url=f"/profile", status_code=303)
+    return RedirectResponse(url=router.url_path_for("read_organization", org_id=org_id), status_code=303)
 
 
 @router.post("/delete/{org_id}", response_class=RedirectResponse)
@@ -200,7 +203,7 @@ def delete_organization(
     session.delete(organization)
     session.commit()
 
-    return RedirectResponse(url="/profile", status_code=303)
+    return RedirectResponse(url="/user/profile", status_code=303)
 
 
 @router.post("/invite/{org_id}", response_class=RedirectResponse)
@@ -278,6 +281,6 @@ def invite_member(
 
     # Return to the organization page
     return RedirectResponse(
-        url=f"/organizations/{org_id}",
+        url=router.url_path_for("read_organization", org_id=org_id),
         status_code=303
     )

routers/role.py

@@ -10,6 +10,7 @@
 from utils.dependencies import get_authenticated_user
 from utils.models import Role, Permission, ValidPermissions, utc_time, User, DataIntegrityError
 from exceptions.http_exceptions import InsufficientPermissionsError, InvalidPermissionError, RoleAlreadyExistsError, RoleNotFoundError, RoleHasUsersError
+from routers.organization import router as organization_router
 
 logger = getLogger("uvicorn.error")
 
@@ -55,7 +56,10 @@ def create_role(
     # Commit transaction
     session.commit()
 
-    return RedirectResponse(url=f"/organizations/{organization_id}", status_code=303)
+    return RedirectResponse(
+        url=organization_router.url_path_for("read_organization", org_id=organization_id),
+        status_code=303
+    )
 
 
 @router.post("/update", response_class=RedirectResponse)
@@ -117,7 +121,10 @@ def update_role(
 
     session.commit()
     session.refresh(db_role)
-    return RedirectResponse(url=f"/organizations/{organization_id}", status_code=303)
+    return RedirectResponse(
+        url=organization_router.url_path_for("read_organization", org_id=organization_id),
+        status_code=303
+    )
 
 
 @router.post("/delete", response_class=RedirectResponse)
@@ -149,4 +156,7 @@ def delete_role(
     session.delete(db_role)
     session.commit()
 
-    return RedirectResponse(url=f"/organizations/{organization_id}", status_code=303)
+    return RedirectResponse(
+        url=organization_router.url_path_for("read_organization", org_id=organization_id),
+        status_code=303
+    )

routers/user.py

@@ -4,7 +4,7 @@
 from typing import Optional, List
 from fastapi.templating import Jinja2Templates
 from sqlalchemy.orm import selectinload
-from utils.models import User, DataIntegrityError, Role, Organization
+from utils.models import User, DataIntegrityError, Organization
 from utils.db import get_session
 from utils.dependencies import get_authenticated_user, get_user_with_relations
 from utils.images import validate_and_process_image, MAX_FILE_SIZE, MIN_DIMENSION, MAX_DIMENSION, ALLOWED_CONTENT_TYPES
@@ -14,6 +14,7 @@
     UserNotFoundError,
     OrganizationNotFoundError
 )
+from routers.organization import router as organization_router
 
 router = APIRouter(prefix="/user", tags=["user"])
 templates = Jinja2Templates(directory="templates")
@@ -138,7 +139,7 @@ def update_user_role(
     session.commit()
 
     return RedirectResponse(
-        url=f"/organizations/{organization_id}",
+        url=organization_router.url_path_for("read_organization", org_id=organization_id),
         status_code=303
     )
 
@@ -189,6 +190,6 @@ def remove_user_from_organization(
     session.commit()
 
     return RedirectResponse(
-        url=f"/organizations/{organization_id}",
+        url=organization_router.url_path_for("read_organization", org_id=organization_id),
         status_code=303
     )

templates/account/forgot_password.html

@@ -1,4 +1,4 @@
-{% extends "auth_base.html" %}
+{% extends "account/auth_base.html" %}
 
 {% block title %}Forgot Password{% endblock %}
 

templates/account/login.html

@@ -1,4 +1,4 @@
-{% extends "auth_base.html" %}
+{% extends "account/auth_base.html" %}
 
 {% block title %}Login{% endblock %}
 

templates/account/register.html

@@ -1,4 +1,4 @@
-{% extends "auth_base.html" %}
+{% extends "account/auth_base.html" %}
 
 {% block title %}Register{% endblock %}