|
|
@@ -116,13 +116,16 @@ async def login_user(request: LoginRequest, http_request: Request):
|
|
|
|
|
|
user = user_data_service.login(request.email, request.pin)
|
|
|
|
|
|
- referer = http_request.headers.get("referer")
|
|
|
- if referer and "admin" in referer:
|
|
|
- if not user or user_data_service.permissions(user.id) == 0:
|
|
|
- logger.warning(f"Unauthorized admin access attempt by {request.email}")
|
|
|
- return JSONResponse(status_code=403, content={"message": UserResponse.NOT_PERMITTED})
|
|
|
+
|
|
|
if user:
|
|
|
# Successful login, return user data and token
|
|
|
+
|
|
|
+ referer = http_request.headers.get("referer")
|
|
|
+ if referer and "admin" in referer:
|
|
|
+ if user_data_service.permissions(user.id) == 0:
|
|
|
+ logger.warning(f"Unauthorized admin access attempt by {request.email}")
|
|
|
+ return JSONResponse(status_code=403, content={"message": UserResponse.NOT_PERMITTED})
|
|
|
+
|
|
|
redis_client.delete(f"login_attempts:{request.email}")
|
|
|
return JSONResponse(status_code=200, content={"message": SuccessResponse.LOGIN_SUCCESS, "data": {
|
|
|
"id": user.id,
|
latapp