Skip to content

Auth

auth

Authentication API endpoints.

Provides endpoints for user registration, login, logout, token refresh, password reset, and email verification.

Classes

Functions

password_reset_validate 

password_reset_validate(token: str, session: Session = Depends(get_session))

Validate a password reset token via GET with query parameter.

This endpoint checks if a reset token is valid without consuming it. Useful for showing a password reset form or error message.

Source code in fastauth/api/auth.py 
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
@router.get("/password-reset/validate")
def password_reset_validate(
    token: str,
    session: Session = Depends(get_session),
):
    """
    Validate a password reset token via GET with query parameter.

    This endpoint checks if a reset token is valid without consuming it.
    Useful for showing a password reset form or error message.
    """
    from datetime import UTC, datetime

    from fastauth.security.tokens import hash_token

    adapters = AdapterFactory(session=session)

    token_hash = hash_token(token)
    record = adapters.password_resets.get_valid(token_hash=token_hash)

    if not record:
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail=ErrorMessages.INVALID_OR_EXPIRED_RESET_TOKEN,
        )

    expires_at = record.expires_at
    if expires_at.tzinfo is None:
        expires_at = expires_at.replace(tzinfo=UTC)

    if expires_at < datetime.now(UTC):
        raise HTTPException(
            status_code=status.HTTP_400_BAD_REQUEST,
            detail="Expired reset token",
        )

    return {
        "message": "Valid reset token",
        "status": "valid",
        "token": token,
    }

email_verification_confirm 

email_verification_confirm(
    payload: EmailVerificationConfirm, session: Session = Depends(get_session)
)

Confirm email verification via POST with JSON payload.

Source code in fastauth/api/auth.py 
341
342
343
344
345
346
347
348
@router.post("/email-verification/confirm", status_code=status.HTTP_204_NO_CONTENT)
def email_verification_confirm(
    payload: EmailVerificationConfirm,
    session: Session = Depends(get_session),
):
    """Confirm email verification via POST with JSON payload."""
    _confirm_email_verification_helper(payload.token, session)
    return None

email_verification_confirm_get 

email_verification_confirm_get(
    token: str, session: Session = Depends(get_session)
)

Confirm email verification via GET with query parameter.

This endpoint enables clickable email verification links.

Source code in fastauth/api/auth.py 
351
352
353
354
355
356
357
358
359
360
361
362
363
364
@router.get("/email-verification/confirm")
def email_verification_confirm_get(
    token: str,
    session: Session = Depends(get_session),
):
    """Confirm email verification via GET with query parameter.

    This endpoint enables clickable email verification links.
    """
    _confirm_email_verification_helper(token, session)
    return {
        "message": "Email verified successfully",
        "status": "success",
    }