make User.authenticate an instance function

api/kiwi_vpn_api/db/schemas.py

@@ -76,8 +76,8 @@ class UserCreate(UserBase):
 
 
 class User(UserBase):
-    certificates: list[Certificate]
-    capabilities: list[UserCapability]
+    certificates: list[Certificate] = []
+    capabilities: list[UserCapability] = []
 
     class Config:
         orm_mode = True
@@ -109,29 +109,6 @@ class User(UserBase):
 
         return cls.from_orm(db_user)
 
-    @classmethod
-    def authenticate(
-        cls,
-        db: Session,
-        name: str,
-        password: str,
-        crypt_context: CryptContext,
-    ) -> User | None:
-        """
-        Authenticate with name/password against users in database.
-        """
-
-        if (db_user := models.User.load(db, name)) is None:
-            # nonexistent user, fake doing password verification
-            crypt_context.dummy_verify()
-            return None
-
-        if not crypt_context.verify(password, db_user.password):
-            # password hash mismatch
-            return None
-
-        return cls.from_orm(db_user)
-
     @classmethod
     def create(
         cls,
@@ -160,6 +137,29 @@ class User(UserBase):
             # user already existed
             pass
 
+    def authenticate(
+        self,
+        db: Session,
+        password: str,
+        crypt_context: CryptContext,
+    ) -> User | None:
+        """
+        Authenticate with name/password against users in database.
+        """
+
+        if (db_user := models.User.load(db, self.name)) is None:
+            # nonexistent user, fake doing password verification
+            crypt_context.dummy_verify()
+            return False
+
+        if not crypt_context.verify(password, db_user.password):
+            # password hash mismatch
+            return False
+
+        self.from_orm(db_user)
+
+        return True
+
     def add_capabilities(
         self,
         db: Session,

api/kiwi_vpn_api/main.py

@@ -17,25 +17,10 @@ from .db import Connection
 from .db.schemas import User
 from .routers import admin, user
 
-app = FastAPI()
-
-
-@app.on_event("startup")
-async def on_startup() -> None:
-    # check if configured
-    if (current_config := await Config.load()) is not None:
-        # connect to database
-        Connection.connect(await current_config.db.db_engine)
-
-        # some testing
-        with Connection.use() as db:
-            print(User.from_db(db, "admin"))
-            print(User.from_db(db, "nonexistent"))
-
-
-def main() -> None:
 settings = Settings.get()
 
+app = FastAPI()
+
 api = FastAPI(
     title="kiwi-vpn API",
     description="This API enables the `kiwi-vpn` service.",
@@ -57,6 +42,21 @@ def main() -> None:
 
 app.mount("/api", api)
 
+
+@app.on_event("startup")
+async def on_startup() -> None:
+    # check if configured
+    if (current_config := await Config.load()) is not None:
+        # connect to database
+        Connection.connect(await current_config.db.db_engine)
+
+        # some testing
+        with Connection.use() as db:
+            print(User.from_db(db, "admin"))
+            print(User.from_db(db, "nonexistent"))
+
+
+def main() -> None:
     uvicorn.run(
         "kiwi_vpn_api.main:app",
         host="0.0.0.0",

api/kiwi_vpn_api/routers/user.py

@@ -39,15 +39,13 @@ async def login(
         raise HTTPException(status_code=status.HTTP_400_BAD_REQUEST)
 
     # try logging in
-    user = User.authenticate(
+    user = User(name=form_data.username)
+    if not user.authenticate(
         db=db,
-        name=form_data.username,
         password=form_data.password,
         crypt_context=await current_config.crypto.crypt_context,
-    )
-
+    ):
         # authentication failed
-    if user is None:
         raise HTTPException(
             status_code=status.HTTP_401_UNAUTHORIZED,
             detail="Could not validate credentials",