Moved enums and exceptions to separate files

Author: chriscarrollsmith

exceptions/exceptions.py

@@ -0,0 +1,8 @@
+from utils.models import User
+
+
+class NeedsNewTokens(Exception):
+    def __init__(self, user: User, access_token: str, refresh_token: str):
+        self.user = user
+        self.access_token = access_token
+        self.refresh_token = refresh_token

exceptions/http_exceptions.py

@@ -0,0 +1,130 @@
+from fastapi import HTTPException, status
+from utils.enums import ValidPermissions
+
+class EmailAlreadyRegisteredError(HTTPException):
+    def __init__(self):
+        super().__init__(
+            status_code=409,
+            detail="This email is already registered"
+        )
+
+
+class CredentialsError(HTTPException):
+    def __init__(self, message: str = "Invalid credentials"):
+        super().__init__(
+            status_code=401,
+            detail=message
+        )
+
+
+class AuthenticationError(HTTPException):
+    def __init__(self):
+        super().__init__(
+            status_code=status.HTTP_303_SEE_OTHER,
+            headers={"Location": "/login"}
+        )
+
+
+class PasswordValidationError(HTTPException):
+    def __init__(self, field: str, message: str):
+        super().__init__(
+            status_code=422,
+            detail={
+                "field": field,
+                "message": message
+            }
+        )
+
+
+class PasswordMismatchError(PasswordValidationError):
+    def __init__(self, field: str = "confirm_password"):
+        super().__init__(
+            field=field,
+            message="The passwords you entered do not match"
+        )
+
+
+class InsufficientPermissionsError(HTTPException):
+    def __init__(self):
+        super().__init__(
+            status_code=403,
+            detail="You don't have permission to perform this action"
+        )
+
+
+class EmptyOrganizationNameError(HTTPException):
+    def __init__(self):
+        super().__init__(
+            status_code=400,
+            detail="Organization name cannot be empty"
+        )
+
+
+class OrganizationNotFoundError(HTTPException):
+    def __init__(self):
+        super().__init__(
+            status_code=404,
+            detail="Organization not found"
+        )
+
+
+class OrganizationNameTakenError(HTTPException):
+    def __init__(self):
+        super().__init__(
+            status_code=400,
+            detail="Organization name already taken"
+        )
+
+
+class InvalidPermissionError(HTTPException):
+    """Raised when a user attempts to assign an invalid permission to a role"""
+
+    def __init__(self, permission: ValidPermissions):
+        super().__init__(
+            status_code=400,
+            detail=f"Invalid permission: {permission}"
+        )
+
+
+class RoleAlreadyExistsError(HTTPException):
+    """Raised when attempting to create a role with a name that already exists"""
+
+    def __init__(self):
+        super().__init__(status_code=400, detail="Role already exists")
+
+
+class RoleNotFoundError(HTTPException):
+    """Raised when a requested role does not exist"""
+
+    def __init__(self):
+        super().__init__(status_code=404, detail="Role not found")
+
+
+class RoleHasUsersError(HTTPException):
+    """Raised when a requested role to be deleted has users"""
+
+    def __init__(self):
+        super().__init__(
+            status_code=400,
+            detail="Role cannot be deleted until users with that role are reassigned"
+        )
+
+
+class DataIntegrityError(HTTPException):
+    def __init__(
+            self,
+            resource: str = "Database resource"
+    ):
+        super().__init__(
+            status_code=500,
+            detail=(
+                f"{resource} is in a broken state; please contact a system administrator"
+            )
+        )
+
+
+class InvalidImageError(HTTPException):
+    """Raised when an invalid image is uploaded"""
+
+    def __init__(self, message: str = "Invalid image file"):
+        super().__init__(status_code=400, detail=message)

routers/account.py

@@ -3,7 +3,7 @@
 from typing import Optional
 from urllib.parse import urlparse
 from datetime import datetime
-from fastapi import APIRouter, Depends, HTTPException, BackgroundTasks, Form, Request
+from fastapi import APIRouter, Depends, BackgroundTasks, Form, Request
 from fastapi.responses import RedirectResponse
 from fastapi.templating import Jinja2Templates
 from pydantic import BaseModel, EmailStr, ConfigDict
@@ -28,6 +28,7 @@
     PasswordValidationError,
     get_optional_user
 )
+from exceptions.http_exceptions import EmailAlreadyRegisteredError, CredentialsError
 
 logger = getLogger("uvicorn.error")
 
@@ -37,20 +38,7 @@
 # --- Custom Exceptions ---
 
 
-class EmailAlreadyRegisteredError(HTTPException):
-    def __init__(self):
-        super().__init__(
-            status_code=409,
-            detail="This email is already registered"
-        )
-
 
-class AuthenticationError(HTTPException):
-    def __init__(self, message: str = "Invalid credentials"):
-        super().__init__(
-            status_code=401,
-            detail=message
-        )
 
 
 # --- Server Request and Response Models ---
@@ -246,7 +234,7 @@ async def read_reset_password(
 
     # Raise informative error to let user know the token is invalid and may have expired
     if not authorized_user:
-        raise HTTPException(status_code=400, detail="Invalid or expired token")
+        raise CredentialsError(message="Invalid or expired token")
 
     return templates.TemplateResponse(
         "authentication/reset_password.html",
@@ -310,7 +298,7 @@ async def login(
         User.email == user.email)).first()
 
     if not db_user or not db_user.password or not verify_password(user.password, db_user.password.hashed_password):
-        raise AuthenticationError()
+        raise CredentialsError()
 
     # Create access token
     access_token = create_access_token(
@@ -416,7 +404,7 @@ async def reset_password(
         user.email, user.token, session)
 
     if not authorized_user or not reset_token:
-        raise AuthenticationError("Invalid or expired password reset token; please request a new one")
+        raise CredentialsError("Invalid or expired password reset token; please request a new one")
 
     # Update password and mark token as used
     if authorized_user.password:
@@ -488,7 +476,7 @@ async def confirm_email_update(
     )
 
     if not user or not update_token:
-        raise AuthenticationError("Invalid or expired email update token; please request a new one")
+        raise CredentialsError("Invalid or expired email update token; please request a new one")
 
     # Update email and mark token as used
     user.email = new_email

routers/organization.py

@@ -1,47 +1,21 @@
 from logging import getLogger
-from fastapi import APIRouter, Depends, HTTPException, Form, Request
+from datetime import datetime
+from fastapi import APIRouter, Depends, Form, Request
 from fastapi.responses import RedirectResponse
 from fastapi.templating import Jinja2Templates
 from pydantic import BaseModel, ConfigDict, field_validator
 from sqlmodel import Session, select
 from utils.db import get_session
-from utils.auth import get_authenticated_user, get_user_with_relations, InsufficientPermissionsError
+from utils.auth import get_authenticated_user, get_user_with_relations
 from utils.models import Organization, User, Role, utc_time, default_roles, ValidPermissions
-from datetime import datetime
+from exceptions.http_exceptions import EmptyOrganizationNameError, OrganizationNotFoundError, OrganizationNameTakenError, InsufficientPermissionsError
 
 logger = getLogger("uvicorn.error")
 
 router = APIRouter(prefix="/organizations", tags=["organizations"])
 templates = Jinja2Templates(directory="templates")
 
 
-# --- Custom Exceptions ---
-
-
-class EmptyOrganizationNameError(HTTPException):
-    def __init__(self):
-        super().__init__(
-            status_code=400,
-            detail="Organization name cannot be empty"
-        )
-
-
-class OrganizationNotFoundError(HTTPException):
-    def __init__(self):
-        super().__init__(
-            status_code=404,
-            detail="Organization not found"
-        )
-
-
-class OrganizationNameTakenError(HTTPException):
-    def __init__(self):
-        super().__init__(
-            status_code=400,
-            detail="Organization name already taken"
-        )
-
-
 # --- Server Request and Response Models ---
 
 

routers/role.py

@@ -2,57 +2,20 @@
 # they themselves have.
 from typing import List, Sequence, Optional
 from logging import getLogger
-from fastapi import APIRouter, Depends, Form, HTTPException
+from fastapi import APIRouter, Depends, Form
 from fastapi.responses import RedirectResponse
 from pydantic import BaseModel, ConfigDict
 from sqlmodel import Session, select, col
 from sqlalchemy.orm import selectinload
 from utils.db import get_session
-from utils.auth import get_authenticated_user, InsufficientPermissionsError
+from utils.auth import get_authenticated_user
 from utils.models import Role, Permission, ValidPermissions, utc_time, User, DataIntegrityError
+from exceptions.http_exceptions import InsufficientPermissionsError, InvalidPermissionError, RoleAlreadyExistsError, RoleNotFoundError, RoleHasUsersError
 
 logger = getLogger("uvicorn.error")
 
 router = APIRouter(prefix="/roles", tags=["roles"])
 
-
-# --- Custom Exceptions ---
-
-
-class InvalidPermissionError(HTTPException):
-    """Raised when a user attempts to assign an invalid permission to a role"""
-
-    def __init__(self, permission: ValidPermissions):
-        super().__init__(
-            status_code=400,
-            detail=f"Invalid permission: {permission}"
-        )
-
-
-class RoleAlreadyExistsError(HTTPException):
-    """Raised when attempting to create a role with a name that already exists"""
-
-    def __init__(self):
-        super().__init__(status_code=400, detail="Role already exists")
-
-
-class RoleNotFoundError(HTTPException):
-    """Raised when a requested role does not exist"""
-
-    def __init__(self):
-        super().__init__(status_code=404, detail="Role not found")
-
-
-class RoleHasUsersError(HTTPException):
-    """Raised when a requested role to be deleted has users"""
-
-    def __init__(self):
-        super().__init__(
-            status_code=400,
-            detail="Role cannot be deleted until users with that role are reassigned"
-        )
-
-
 # --- Server Request Models ---
 
 class RoleCreate(BaseModel):

utils/auth.py

@@ -14,9 +14,11 @@
 from typing import Optional
 from jinja2.environment import Template
 from fastapi.templating import Jinja2Templates
-from fastapi import Depends, Cookie, HTTPException, status, Request
+from fastapi import Depends, Cookie
 from utils.db import get_session
 from utils.models import User, Role, PasswordResetToken, EmailUpdateToken
+from exceptions.http_exceptions import PasswordValidationError, PasswordMismatchError, AuthenticationError
+from exceptions.exceptions import NeedsNewTokens
 
 load_dotenv()
 resend.api_key = os.environ["RESEND_API_KEY"]
@@ -84,51 +86,6 @@ def replacer(match: re.Match) -> str:
 )
 
 
-# --- Custom Exceptions ---
-
-
-class NeedsNewTokens(Exception):
-    def __init__(self, user: User, access_token: str, refresh_token: str):
-        self.user = user
-        self.access_token = access_token
-        self.refresh_token = refresh_token
-
-
-class AuthenticationError(HTTPException):
-    def __init__(self):
-        super().__init__(
-            status_code=status.HTTP_303_SEE_OTHER,
-            headers={"Location": "/login"}
-        )
-
-
-class PasswordValidationError(HTTPException):
-    def __init__(self, field: str, message: str):
-        super().__init__(
-            status_code=422,
-            detail={
-                "field": field,
-                "message": message
-            }
-        )
-
-
-class PasswordMismatchError(PasswordValidationError):
-    def __init__(self, field: str = "confirm_password"):
-        super().__init__(
-            field=field,
-            message="The passwords you entered do not match"
-        )
-
-
-class InsufficientPermissionsError(HTTPException):
-    def __init__(self):
-        super().__init__(
-            status_code=403,
-            detail="You don't have permission to perform this action"
-        )
-
-
 # --- Helpers ---