SQLalchemy error for function get_current_user. Fix is in the description. Is this fix correct?

[dmenisdev]

First Check

• I added a very descriptive title here.
• I used the GitHub search to find a similar question and didn't find it.
• I searched in the documentation/README.
• I already searched in Google "How to do X" and didn't find any information.
• I already read and followed all the tutorial in the docs/README and didn't find an answer.

Commit to Help

• I commit to help with one of those options 👆

Example Code

def get_current_user(session: SessionDep, token: TokenDep) -> User:
    try:
        payload = jwt.decode(
            token, settings.SECRET_KEY, algorithms=[security.ALGORITHM]
        )
        token_data = TokenPayload(**payload)
    except (InvalidTokenError, ValidationError):
        raise HTTPException(
            status_code=status.HTTP_403_FORBIDDEN,
            detail="Could not validate credentials",
        )
    user = session.get(User, uuid.UUID(token_data.sub))
    if not user:
        raise HTTPException(status_code=404, detail="User not found")
    if not user.is_active:
        raise HTTPException(status_code=400, detail="Inactive user")
    return user


CurrentUser = Annotated[User, Depends(get_current_user)]

Description

Issue

Open browser to swagger docs.
Try out endpoint: /api/v1/users/me (Read user me).

This resulted in error:
sqlalchemy.exc.StatementError: (builtins.AttributeError) 'str' object has no attribute 'hex'
[SQL: SELECT user.email AS user_email, user.is_active AS user_is_active, user.is_superuser AS user_is_superuser, user.full_name AS user_full_name, user.id AS user_id, user.hashed_password AS user_hashed_password
FROM user
WHERE user.id = ?]
[parameters: [{'pk_1': '80288216-dddd-558b-965b-e62ed65f22ec'}]]

Cause

In the function get_current_user SQLAlchemy tries to bind the string value to the UUID column, it's trying to call the hex method on the string, which doesn't exist.

Solution

Convert the string to a UUID object before passing it to session.get. You can do this using the uuid.UUID constructor.
See example code above.

Operating System

macOS

Operating System Details

Apple Silicon.
Browser: Brave.

Python Version

Python 3.12.4

Additional Context

I replaced PostgreSQL with SQLite when I came across this issue.
Fixed it but not sure how and if this can be incorporated into the official Github project.

PS: I only say an option to create an issue for "security issues" this isn't that so I created the discussion here.
I can create a pull request for this, if you want.

[YuriiMotov]

It was probably an issue back then, but in current version this endpoint works well.

token_data.sub contains the ID of user that was extracted from the access token