enh: using existing user model and removed AuthenticatedUser Model

Author: Abhishek Singh

agents/official/beeai-framework/chat/src/chat/agent.py

@@ -30,9 +30,7 @@
 from beeai_framework.tools import Tool
 from beeai_framework.tools.search.duckduckgo import DuckDuckGoSearchTool
 from beeai_framework.tools.search.wikipedia import WikipediaTool
-
 from beeai_framework.tools.weather import OpenMeteoTool
-
 from beeai_sdk.a2a.extensions import (
     AgentDetail,
     AgentDetailTool,
@@ -44,7 +42,7 @@
 from beeai_sdk.a2a.types import AgentMessage
 from beeai_sdk.server import Server
 from beeai_sdk.server.context import Context
-from chat.tools.general.current_time import CurrentTimeTool
+
 from chat.helpers.citations import extract_citations
 from chat.helpers.trajectory import TrajectoryContent
 from chat.tools.files.file_creator import FileCreatorTool, FileCreatorToolOutput
@@ -59,6 +57,7 @@
     ClarificationTool,
     clarification_tool_middleware,
 )
+from chat.tools.general.current_time import CurrentTimeTool
 
 # Temporary instrument fix
 EventMeta.model_fields["context"].exclude = True

apps/beeai-server/src/beeai_server/api/routes/a2a.py

@@ -10,9 +10,9 @@
 
 from beeai_server.api.dependencies import (
     A2AProxyServiceDependency,
-    AuthenticatedUserDependency,
     ProviderServiceDependency,
 )
+from beeai_server.auth.dependencies import AuthenticatedUserDependency
 from beeai_server.service_layer.services.a2a import A2AServerResponse
 
 router = fastapi.APIRouter()

apps/beeai-server/src/beeai_server/api/routes/acp.py

@@ -14,15 +14,12 @@
     RunResumeRequest,
     RunResumeResponse,
 )
-from fastapi.security import APIKeyCookie, APIKeyHeader
 
 from beeai_server.api.dependencies import AcpProxyServiceDependency
 from beeai_server.api.schema.acp import AgentReadResponse, AgentsListResponse
 from beeai_server.auth.dependencies import AuthenticatedUserDependency
 from beeai_server.service_layer.services.acp import AcpServerResponse
 
-api_key_cookie = APIKeyCookie(name="beeai-platform", auto_error=False)
-api_key_header = APIKeyHeader(name="Authorization", auto_error=False)
 router = fastapi.APIRouter()
 
 

apps/beeai-server/src/beeai_server/auth/dependencies.py

@@ -3,42 +3,32 @@
 
 from typing import Annotated
 
-from fastapi import Depends, HTTPException, Request, Security, status
+from fastapi import Depends, HTTPException, Security, status
 from fastapi.security import APIKeyCookie, APIKeyHeader
 from kink import di
 
 from beeai_server.auth.utils import decode_jwt_token, extract_token
 from beeai_server.configuration import Configuration
-
-from .models import AuthenticatedUser
+from beeai_server.domain.models.user import User, UserRole
+from beeai_server.exceptions import EntityNotFoundError
+from beeai_server.service_layer.services.users import UserService
 
 ConfigurationDependency = Annotated[Configuration, Depends(lambda: di[Configuration])]
+UserServiceDependency = Annotated[UserService, Depends(lambda: di[UserService])]
 
 api_key_cookie = APIKeyCookie(name="beeai-platform", auto_error=False)
 api_key_header = APIKeyHeader(name="Authorization", auto_error=False)
-# api_key_header = HTTPBearer(auto_error=False)
-
-
-async def get_current_user(request: Request) -> AuthenticatedUser:
-    user = request.user
-    if not user or not user.is_authenticated:
-        raise HTTPException(status_code=401, detail="Not authenticated")
-    return user
 
 
 async def get_authenticated_user(
+    user_service: UserServiceDependency,
     configuration: ConfigurationDependency,
     cookie_token: Annotated[str | None, Security(api_key_cookie)],
     header_token: Annotated[str | None, Security(api_key_header)],
-) -> AuthenticatedUser:
+) -> User:
     if configuration.oidc.disable_oidc:
         # Bypass OIDC validation — return a default user for dev/testing mode
-        return AuthenticatedUser(
-            uid="dev-user",
-            is_admin=True,
-            display_name="dev user",
-            email="user@beeai.dev",
-        )
+        return await user_service.get_user_by_email("admin@beeai.dev")
     try:
         token = extract_token(header_token, cookie_token)
     except Exception as e:
@@ -56,19 +46,20 @@ async def get_authenticated_user(
     email = claims.get("email")
     is_admin = email in configuration.oidc.admin_emails
 
-    return AuthenticatedUser(
-        uid=claims.get("sub"),
-        is_admin=is_admin,
-        display_name=claims.get("displayName"),
-        email=claims.get("email"),
-    )
+    try:
+        authenticated_user = await user_service.get_user_by_email(email=email)
+    except EntityNotFoundError:
+        role = UserRole.admin if is_admin else UserRole.user
+        authenticated_user = await user_service.create_user(email=email, role=role)
+
+    return authenticated_user
 
 
-def check_admin(user: Annotated[AuthenticatedUser, Depends(get_authenticated_user)]) -> AuthenticatedUser:
-    if not user.is_admin:
+def check_admin(user: Annotated[User, Depends(get_authenticated_user)]) -> User:
+    if user.role != UserRole.admin:
         raise HTTPException(status_code=status.HTTP_403_FORBIDDEN, detail="Admin privileges required")
     return user
 
 
-AuthenticatedUserDependency = Annotated[AuthenticatedUser, Depends(get_authenticated_user)]
+AuthenticatedUserDependency = Annotated[User, Depends(get_authenticated_user)]
 AdminUserDependency = Annotated[str, Depends(check_admin)]

apps/beeai-server/src/beeai_server/auth/models.py

@@ -6,7 +6,7 @@
 
 from kink import inject
 
-from beeai_server.domain.models.user import User
+from beeai_server.domain.models.user import User, UserRole
 from beeai_server.service_layer.unit_of_work import IUnitOfWorkFactory
 
 logger = logging.getLogger(__name__)
@@ -20,9 +20,9 @@ def __init__(
     ):
         self._uow = uow
 
-    async def create_user(self, *, email: str) -> User:
+    async def create_user(self, *, email: str, role: UserRole = UserRole.user) -> User:
         async with self._uow() as uow:
-            user = User(email=email)
+            user = User(email=email, role=role)
             await uow.users.create(user=user)
             await uow.commit()
             return user