core-framework 0.12.3__py3-none-any.whl → 0.12.5__py3-none-any.whl

core/__init__.py

@@ -278,7 +278,7 @@ from core.exceptions import (
     MissingDependency,
 )
 
-__version__ = "0.12.3"
+__version__ = "0.12.5"
 __all__ = [
     # Models
     "Model",

core/auth/middleware.py

@@ -1,10 +1,10 @@
 """
 Authentication Middleware for Core Framework.
 
-Bug #8 Fix: Provides built-in middleware for populating request.state.user.
+Uses Starlette's AuthenticationMiddleware pattern which correctly propagates
+user to views via scope["user"] (accessed as request.user).
 
-This middleware automatically authenticates requests using the configured
-authentication backend and populates request.state.user.
+IMPORTANT: Use request.user (not request.state.user) in your views!
 
 Usage:
     from core.auth.middleware import AuthenticationMiddleware
@@ -13,78 +13,117 @@ Usage:
         middlewares=[(AuthenticationMiddleware, {})],
     )
     
-    # Or configure via configure_auth()
-    from core.auth import configure_auth
-    configure_auth(
-        user_model=User,
-        auto_middleware=True,  # Automatically adds middleware
-    )
-
-The middleware will:
-1. Extract Bearer token from Authorization header
-2. Validate the token
-3. Fetch the user from database
-4. Set request.state.user to the authenticated user (or None)
+    # In your view - use request.user
+    @router.get("/me")
+    async def me(request: Request):
+        if not request.user.is_authenticated:
+            raise HTTPException(401, "Not authenticated")
+        return {"id": request.user.id, "email": request.user.email}
 """
 
 from __future__ import annotations
 
+import logging
 from typing import Any, TYPE_CHECKING
+from uuid import UUID
 
-from starlette.middleware.base import BaseHTTPMiddleware
-from starlette.requests import Request
-from starlette.responses import Response
+from starlette.authentication import (
+    AuthenticationBackend,
+    AuthCredentials,
+    BaseUser,
+    UnauthenticatedUser,
+)
+from starlette.middleware.authentication import AuthenticationMiddleware as StarletteAuthMiddleware
+from starlette.requests import HTTPConnection
+
+from core.exceptions import (
+    InvalidToken,
+    TokenExpired,
+    UserNotFound,
+    UserInactive,
+    DatabaseException,
+    ConfigurationError,
+)
 
 if TYPE_CHECKING:
-    from collections.abc import Callable, Awaitable
+    from sqlalchemy.ext.asyncio import AsyncSession
+
+# Logger for authentication - NEVER silent!
+logger = logging.getLogger("core.auth")
 
 
-class AuthenticationMiddleware(BaseHTTPMiddleware):
+# =============================================================================
+# Authenticated User Wrapper
+# =============================================================================
+
+class AuthenticatedUser(BaseUser):
     """
-    Middleware that authenticates requests and populates request.state.user.
+    Wrapper for authenticated user that implements Starlette's BaseUser.
     
-    This middleware:
-    1. Initializes request.state.user to None
-    2. Extracts Bearer token from Authorization header
-    3. Validates the token using configured backend
-    4. Fetches user from database
-    5. Sets request.state.user to authenticated user
+    Provides access to the underlying database user model while implementing
+    the required Starlette interface.
     
-    Example:
-        from core.auth.middleware import AuthenticationMiddleware
-        
-        app = CoreApp(
-            middlewares=[(AuthenticationMiddleware, {})],
-        )
-        
-        # In your view
-        @router.get("/me")
-        async def me(request: Request):
-            user = request.state.user  # User or None
-            if user is None:
-                raise HTTPException(401, "Not authenticated")
-            return {"id": user.id, "email": user.email}
+    Usage in views:
+        user = request.user
+        if user.is_authenticated:
+            print(user.email)  # Access model attributes
+            print(user.id)     # Access model attributes
+    """
+    
+    def __init__(self, user: Any) -> None:
+        self._user = user
+    
+    @property
+    def is_authenticated(self) -> bool:
+        return True
+    
+    @property
+    def display_name(self) -> str:
+        return getattr(self._user, "email", str(self._user))
+    
+    @property
+    def identity(self) -> str:
+        return str(getattr(self._user, "id", ""))
+    
+    def __getattr__(self, name: str) -> Any:
+        """Proxy attribute access to underlying user model."""
+        return getattr(self._user, name)
+    
+    def __repr__(self) -> str:
+        return f"<AuthenticatedUser {self.display_name}>"
+
+
+# =============================================================================
+# Authentication Backend
+# =============================================================================
+
+class JWTAuthBackend(AuthenticationBackend):
+    """
+    JWT Authentication Backend for Starlette.
+    
+    This backend:
+    1. Extracts Bearer token from Authorization header
+    2. Verifies the token using core.auth.tokens
+    3. Fetches user from database
+    4. Returns AuthCredentials and AuthenticatedUser
+    
+    IMPORTANT: All errors are logged, NEVER silenced!
     
-    Configuration via kwargs:
+    Configuration:
         - user_model: User model class (uses global config if None)
         - header_name: Header to extract token from (default: "Authorization")
         - scheme: Expected scheme (default: "Bearer")
-        - skip_paths: List of paths to skip authentication (e.g., ["/health"])
     """
     
     def __init__(
         self,
-        app: "Callable[[Request], Awaitable[Response]]",
         user_model: type | None = None,
         header_name: str = "Authorization",
         scheme: str = "Bearer",
-        skip_paths: list[str] | None = None,
     ) -> None:
-        super().__init__(app)
         self._user_model = user_model
         self.header_name = header_name
         self.scheme = scheme
-        self.skip_paths = skip_paths or []
     
     @property
     def user_model(self) -> type | None:
@@ -95,139 +134,181 @@ class AuthenticationMiddleware(BaseHTTPMiddleware):
         try:
             from core.auth.models import get_user_model
             return get_user_model()
-        except Exception:
+        except Exception as e:
+            logger.error(f"Failed to get user model: {e}")
             return None
     
-    async def dispatch(
-        self,
-        request: Request,
-        call_next: "Callable[[Request], Awaitable[Response]]",
-    ) -> Response:
+    async def authenticate(self, conn: HTTPConnection) -> tuple[AuthCredentials, BaseUser] | None:
         """
-        Process request and authenticate user.
+        Authenticate the request.
         
-        Always sets request.state.user (to User or None).
+        Returns:
+            Tuple of (AuthCredentials, AuthenticatedUser) if authenticated
+            None if no credentials provided
+            
+        Note: Returns None for missing credentials, but LOGS all errors!
         """
-        # Initialize user to None
-        request.state.user = None
-        
-        # Skip authentication for configured paths
-        if self._should_skip(request.url.path):
-            return await call_next(request)
-        
-        # Try to authenticate
-        try:
-            user = await self._authenticate(request)
-            request.state.user = user
-        except Exception:
-            # Authentication failed, keep user as None
-            pass
-        
-        return await call_next(request)
-    
-    def _should_skip(self, path: str) -> bool:
-        """Check if path should skip authentication."""
-        for skip_path in self.skip_paths:
-            if path.startswith(skip_path):
-                return True
-        return False
-    
-    def _extract_token(self, request: Request) -> str | None:
-        """Extract token from Authorization header."""
-        auth_header = request.headers.get(self.header_name)
+        # Extract token from header
+        auth_header = conn.headers.get(self.header_name)
         
         if not auth_header:
+            logger.debug("No Authorization header present")
             return None
         
+        # Parse header
         parts = auth_header.split()
-        
         if len(parts) != 2:
+            logger.warning(f"Malformed Authorization header: expected 2 parts, got {len(parts)}")
             return None
         
         scheme, token = parts
-        
         if scheme.lower() != self.scheme.lower():
+            logger.warning(f"Unexpected auth scheme: expected '{self.scheme}', got '{scheme}'")
             return None
         
-        return token
+        logger.debug(f"Token extracted: {token[:20]}...")
+        
+        # Verify token
+        try:
+            user = await self._verify_and_get_user(token)
+            if user is None:
+                return None
+            
+            logger.info(f"User authenticated: {getattr(user, 'email', user)}")
+            return AuthCredentials(["authenticated"]), AuthenticatedUser(user)
+            
+        except InvalidToken as e:
+            logger.warning(f"Invalid token: {e.message}")
+            return None
+        except TokenExpired as e:
+            logger.warning(f"Token expired: {e.message}")
+            return None
+        except UserNotFound as e:
+            logger.warning(f"User not found: {e.message}")
+            return None
+        except UserInactive as e:
+            logger.warning(f"User inactive: {e.message}")
+            return None
+        except DatabaseException as e:
+            logger.error(f"Database error during authentication: {e.message}", exc_info=True)
+            raise  # Re-raise database errors - these are critical!
+        except ConfigurationError as e:
+            logger.error(f"Configuration error: {e.message}", exc_info=True)
+            raise  # Re-raise configuration errors - these need to be fixed!
+        except Exception as e:
+            # Log unexpected errors with full stack trace
+            logger.exception(f"Unexpected error during authentication: {e}")
+            raise  # NEVER silence unexpected errors!
     
-    async def _authenticate(self, request: Request) -> Any | None:
+    async def _verify_and_get_user(self, token: str) -> Any | None:
         """
-        Authenticate request and return user.
-        
-        Returns:
-            User instance if authenticated, None otherwise
+        Verify token and fetch user from database.
+        
+        Raises:
+            InvalidToken: If token is invalid or malformed
+            TokenExpired: If token has expired
+            UserNotFound: If user doesn't exist
+            UserInactive: If user is inactive
+            DatabaseException: If database query fails
+            ConfigurationError: If auth is not properly configured
         """
-        token = self._extract_token(request)
-        
-        if not token:
-            return None
+        from core.auth.tokens import verify_token, decode_token
+        from core.auth.base import TokenError
         
         # Verify token
-        from core.auth.tokens import verify_token
-        
-        payload = verify_token(token, token_type="access")
+        try:
+            payload = verify_token(token, token_type="access")
+        except TokenError as e:
+            raise InvalidToken(f"Token verification failed: {e}")
         
         if payload is None:
-            return None
+            # verify_token returns None for various reasons - let's be more specific
+            try:
+                # Try to decode to get more info
+                raw_payload = decode_token(token)
+                token_type = raw_payload.get("type")
+                if token_type != "access":
+                    raise InvalidToken(f"Token type mismatch: expected 'access', got '{token_type}'")
+            except Exception as e:
+                raise InvalidToken(f"Token decode failed: {e}")
+            raise InvalidToken("Token verification returned None")
+        
+        logger.debug(f"Token payload: {payload}")
         
         # Get user_id from token
         user_id = payload.get("sub") or payload.get("user_id")
-        
         if not user_id:
-            return None
+            raise InvalidToken("Token missing 'sub' or 'user_id' claim")
         
-        # Get user from database
+        logger.debug(f"User ID from token: {user_id}")
+        
+        # Get user model
         User = self.user_model
         if User is None:
-            return None
+            raise ConfigurationError(
+                "No user model configured. "
+                "Set user_model in AuthenticationMiddleware or call configure_auth(user_model=...)"
+            )
         
-        # Bug #3 & #4 Fix: Get database session correctly
-        # The middleware runs outside FastAPI DI context, so we need to
-        # handle database session creation carefully
+        # Get database session
         db = await self._get_db_session()
         if db is None:
-            return None
+            raise DatabaseException(
+                "Could not obtain database session. "
+                "Ensure database is initialized with init_replicas() or database_url is set in settings."
+            )
         
         try:
             # Convert user_id to correct type
             user_id_converted = self._convert_user_id(user_id, User)
+            logger.debug(f"User ID converted: {user_id_converted} (type: {type(user_id_converted).__name__})")
             
+            # Fetch user
             user = await User.objects.using(db).filter(id=user_id_converted).first()
             
             if user is None:
-                return None
+                raise UserNotFound(f"User with id={user_id} not found")
             
             # Check if user is active
             if hasattr(user, "is_active") and not user.is_active:
-                return None
+                raise UserInactive(f"User {user_id} is inactive")
             
+            logger.debug(f"User found: {getattr(user, 'email', user)}")
             return user
-        except Exception:
-            return None
+            
+        except (UserNotFound, UserInactive):
+            raise  # Re-raise our exceptions
+        except Exception as e:
+            raise DatabaseException(f"Database query failed: {e}")
         finally:
             await db.close()
     
-    async def _get_db_session(self) -> Any | None:
+    async def _get_db_session(self) -> "AsyncSession | None":
         """
         Get a database session for authentication.
         
-        Bug #3 & #4 Fix: Handles both initialized and uninitialized database states.
-        Creates session directly from engine if normal path fails.
+        Tries multiple strategies and logs each attempt.
         
         Returns:
-            AsyncSession or None if database not available
+            AsyncSession or None if all strategies fail
         """
-        # Try 1: Use the standard get_read_session (if database is initialized)
+        errors: list[str] = []
+        
+        # Strategy 1: Use initialized session factory
         try:
-            from core.database import get_read_session, _read_session_factory
+            from core.database import _read_session_factory
             
             if _read_session_factory is not None:
+                logger.debug("Using initialized session factory")
                 return _read_session_factory()
-        except (RuntimeError, ImportError):
-            pass
-        
-        # Try 2: Create session from settings (lazy initialization)
+            else:
+                errors.append("Session factory not initialized (init_replicas not called)")
+        except ImportError as e:
+            errors.append(f"Could not import database module: {e}")
+        except Exception as e:
+            errors.append(f"Session factory error: {e}")
+        
+        # Strategy 2: Create session from settings
         try:
             from core.config import get_settings
             from sqlalchemy.ext.asyncio import create_async_engine, async_sessionmaker, AsyncSession
@@ -236,12 +317,22 @@ class AuthenticationMiddleware(BaseHTTPMiddleware):
             db_url = getattr(settings, 'database_read_url', None) or getattr(settings, 'database_url', None)
             
             if db_url:
+                logger.debug(f"Creating session from settings: {db_url[:30]}...")
                 engine = create_async_engine(db_url, echo=False)
                 session_factory = async_sessionmaker(engine, class_=AsyncSession, expire_on_commit=False)
                 return session_factory()
-        except Exception:
-            pass
-        
+            else:
+                errors.append("No database_url in settings")
+        except ImportError as e:
+            errors.append(f"Could not import config module: {e}")
+        except Exception as e:
+            errors.append(f"Settings engine error: {e}")
+        
+        # All strategies failed - log detailed error
+        logger.error(
+            f"Could not obtain database session. Attempted strategies:\n" +
+            "\n".join(f"  - {err}" for err in errors)
+        )
         return None
     
     def _convert_user_id(self, user_id: str, User: type) -> Any:
@@ -250,9 +341,7 @@ class AuthenticationMiddleware(BaseHTTPMiddleware):
         
         Handles INTEGER, UUID, and string IDs.
         """
-        from uuid import UUID
-        
-        # Try to detect PK type
+        # Try to detect PK type from model
         try:
             from core.auth.models import _get_pk_column_type
             from sqlalchemy.dialects.postgresql import UUID as PG_UUID
@@ -261,86 +350,113 @@ class AuthenticationMiddleware(BaseHTTPMiddleware):
             pk_type = _get_pk_column_type(User)
             
             if pk_type == PG_UUID:
+                logger.debug(f"Converting user_id to UUID: {user_id}")
                 return UUID(user_id)
             elif pk_type in (Integer, BigInteger):
+                logger.debug(f"Converting user_id to int: {user_id}")
                 return int(user_id)
-        except Exception:
-            pass
+        except Exception as e:
+            logger.debug(f"Could not detect PK type, trying heuristics: {e}")
         
-        # Try UUID first, then int, then string
+        # Fallback: Try UUID first (common in modern systems)
         try:
             return UUID(user_id)
         except (ValueError, TypeError):
             pass
         
+        # Try int
         try:
             return int(user_id)
         except (ValueError, TypeError):
             pass
         
+        # Return as string
+        logger.debug(f"Using user_id as string: {user_id}")
         return user_id
 
 
-class OptionalAuthenticationMiddleware(AuthenticationMiddleware):
+# =============================================================================
+# Middleware Factory
+# =============================================================================
+
+class AuthenticationMiddleware(StarletteAuthMiddleware):
     """
-    Same as AuthenticationMiddleware but never raises errors.
+    Authentication Middleware using Starlette's proper pattern.
     
-    Always proceeds with the request, setting user to None on any failure.
-    Useful for endpoints that work both with and without authentication.
-    """
+    This middleware correctly propagates user to views via request.user
+    (not request.state.user which doesn't work with BaseHTTPMiddleware).
     
-    async def dispatch(
-        self,
-        request: Request,
-        call_next: "Callable[[Request], Awaitable[Response]]",
-    ) -> Response:
-        """Process request, never failing on auth errors."""
-        request.state.user = None
+    Usage:
+        app = CoreApp(
+            middlewares=[(AuthenticationMiddleware, {})],
+        )
         
-        if not self._should_skip(request.url.path):
-            try:
-                user = await self._authenticate(request)
-                request.state.user = user
-            except Exception:
-                pass  # Silently ignore all errors
+        # Or with shortcut:
+        app = CoreApp(middleware=["auth"])
         
-        return await call_next(request)
+        # In views, use request.user:
+        @router.get("/me")
+        async def me(request: Request):
+            if not request.user.is_authenticated:
+                raise HTTPException(401, "Not authenticated")
+            return {"email": request.user.email}
+    
+    Note: Also sets request.state.user for backward compatibility.
+    """
+    
+    def __init__(
+        self,
+        app: Any,
+        user_model: type | None = None,
+        header_name: str = "Authorization",
+        scheme: str = "Bearer",
+        on_error: Any = None,
+    ) -> None:
+        backend = JWTAuthBackend(
+            user_model=user_model,
+            header_name=header_name,
+            scheme=scheme,
+        )
+        super().__init__(app, backend=backend, on_error=on_error)
+        logger.info("AuthenticationMiddleware initialized")
 
 
-# =============================================================================
-# Auto-configuration helper
-# =============================================================================
+class OptionalAuthenticationMiddleware(AuthenticationMiddleware):
+    """
+    Same as AuthenticationMiddleware but doesn't require authentication.
+    
+    Useful for endpoints that work both with and without authentication.
+    User will be UnauthenticatedUser if no valid token provided.
+    """
+    pass
 
-_middleware_registered = False
 
+# =============================================================================
+# Legacy Compatibility
+# =============================================================================
 
 def ensure_auth_middleware(app: Any) -> None:
     """
     Ensure AuthenticationMiddleware is registered on the app.
     
-    Call this from configure_auth() when auto_middleware=True.
-    
-    Args:
-        app: FastAPI or CoreApp instance
+    DEPRECATED: Use middleware=["auth"] instead.
     """
-    global _middleware_registered
-    
-    if _middleware_registered:
-        return
-    
-    # Try to add middleware
+    logger.warning(
+        "ensure_auth_middleware is deprecated. "
+        "Use middleware=['auth'] or add AuthenticationMiddleware directly."
+    )
     try:
         if hasattr(app, "add_middleware"):
             app.add_middleware(AuthenticationMiddleware)
-            _middleware_registered = True
-    except Exception:
-        pass
+            logger.info("AuthenticationMiddleware added to app")
+    except Exception as e:
+        logger.error(f"Failed to add AuthenticationMiddleware: {e}")
+        raise
 
 
 def reset_middleware_state() -> None:
-    """Reset middleware registration state (for testing)."""
-    global _middleware_registered
-    _middleware_registered = False
+    """Reset middleware state (for testing)."""
+    pass  # No longer needed with new implementation
 
 
 # =============================================================================
@@ -350,6 +466,8 @@ def reset_middleware_state() -> None:
 __all__ = [
     "AuthenticationMiddleware",
     "OptionalAuthenticationMiddleware",
+    "JWTAuthBackend",
+    "AuthenticatedUser",
     "ensure_auth_middleware",
     "reset_middleware_state",
 ]

core/auth/models.py

@@ -58,6 +58,7 @@ def _get_pk_column_type(model_class: type) -> type:
     Detecta o tipo da coluna PK de um modelo.
     
     Bug #3 Fix: Detecção robusta do tipo de PK para FKs.
+    Verifica toda a cadeia de herança (MRO) para detectar corretamente.
     
     Suporta:
     - Integer (int)
@@ -71,6 +72,7 @@ def _get_pk_column_type(model_class: type) -> type:
     from sqlalchemy import Integer, BigInteger, String
     from sqlalchemy.dialects.postgresql import UUID as PG_UUID
     from sqlalchemy import Uuid
+    import uuid as uuid_module
     
     # Verifica cache primeiro
     cache_key = f"{model_class.__module__}.{model_class.__name__}"
@@ -79,7 +81,30 @@ def _get_pk_column_type(model_class: type) -> type:
     
     detected_type = Integer  # Default
     
-    # Método 1: Tenta obter da tabela já mapeada
+    # Método 0 (MAIS IMPORTANTE): Verifica herança de AbstractUUIDUser
+    # Isso é verificado PRIMEIRO porque funciona mesmo durante o mapeamento
+    for base in model_class.__mro__:
+        base_name = base.__name__
+        # Verifica se herda de AbstractUUIDUser ou qualquer classe com UUID no nome
+        if base_name == "AbstractUUIDUser":
+            detected_type = PG_UUID
+            _pk_type_cache[cache_key] = detected_type
+            return detected_type
+    
+    # Método 1: Verifica annotations em TODA a cadeia de herança (MRO)
+    for base in model_class.__mro__:
+        annotations = getattr(base, "__annotations__", {})
+        if "id" in annotations:
+            ann = annotations["id"]
+            ann_str = str(ann)
+            
+            # Detecta UUID (vários formatos)
+            if "UUID" in ann_str or "uuid" in ann_str or "Uuid" in ann_str:
+                detected_type = PG_UUID
+                _pk_type_cache[cache_key] = detected_type
+                return detected_type
+    
+    # Método 2: Tenta obter da tabela já mapeada (se existir)
     if hasattr(model_class, "__table__"):
         pk_columns = [c for c in model_class.__table__.columns if c.primary_key]
         if pk_columns:
@@ -102,40 +127,41 @@ def _get_pk_column_type(model_class: type) -> type:
             _pk_type_cache[cache_key] = detected_type
             return detected_type
     
-    # Método 2: Tenta via annotations
-    annotations = getattr(model_class, "__annotations__", {})
-    
-    if "id" in annotations:
-        ann = annotations["id"]
-        ann_str = str(ann)
-        
-        # Detecta UUID (vários formatos)
-        if "UUID" in ann_str or "uuid" in ann_str or "Uuid" in ann_str:
-            detected_type = PG_UUID
-        # Detecta int
-        elif "int" in ann_str.lower() and "uuid" not in ann_str.lower():
-            detected_type = Integer
-        # Detecta str
-        elif "str" in ann_str.lower() and "uuid" not in ann_str.lower():
-            detected_type = String
-    
-    # Método 3: Verifica campos na classe (declared_attr ou column_property)
-    for attr_name in dir(model_class):
-        if attr_name == "id":
-            attr = getattr(model_class, attr_name, None)
+    # Método 3: Verifica atributo 'id' diretamente na classe e bases
+    for base in model_class.__mro__:
+        if hasattr(base, "id"):
+            attr = getattr(base, "id", None)
             if attr is not None:
-                # Pode ser um InstrumentedAttribute
+                # Pode ser um InstrumentedAttribute ou MappedColumn
                 if hasattr(attr, "type"):
                     attr_type = attr.type
                     if isinstance(attr_type, (PG_UUID, Uuid)):
                         detected_type = PG_UUID
                         break
+                    type_name = type(attr_type).__name__.upper()
+                    if "UUID" in type_name:
+                        detected_type = PG_UUID
+                        break
                 # Pode ser um mapped_column
                 if hasattr(attr, "property") and hasattr(attr.property, "columns"):
                     for col in attr.property.columns:
                         if isinstance(col.type, (PG_UUID, Uuid)):
                             detected_type = PG_UUID
                             break
+                        type_name = type(col.type).__name__.upper()
+                        if "UUID" in type_name:
+                            detected_type = PG_UUID
+                            break
+                # Verifica se é um MappedColumn com tipo definido
+                if hasattr(attr, "column") and hasattr(attr.column, "type"):
+                    col_type = attr.column.type
+                    if isinstance(col_type, (PG_UUID, Uuid)):
+                        detected_type = PG_UUID
+                        break
+                    type_name = type(col_type).__name__.upper()
+                    if "UUID" in type_name:
+                        detected_type = PG_UUID
+                        break
     
     _pk_type_cache[cache_key] = detected_type
     return detected_type

core/auth/tokens.py

@@ -18,6 +18,7 @@ Uso:
 
 from __future__ import annotations
 
+import logging
 from datetime import timedelta
 from typing import Any
 
@@ -29,6 +30,9 @@ from core.auth.base import (
 )
 from core.datetime import timezone
 
+# Logger for token operations
+logger = logging.getLogger("core.auth.tokens")
+
 
 class JWTBackend(TokenBackend):
     """
@@ -123,10 +127,14 @@ class JWTBackend(TokenBackend):
         import jwt
         
         try:
-            return jwt.decode(token, self.secret_key, algorithms=[self.algorithm])
+            payload = jwt.decode(token, self.secret_key, algorithms=[self.algorithm])
+            logger.debug(f"Token decoded: sub={payload.get('sub')}, type={payload.get('type')}")
+            return payload
         except jwt.ExpiredSignatureError:
+            logger.debug("Token decode failed: token expired")
             raise TokenError("Token expired")
         except jwt.InvalidTokenError as e:
+            logger.debug(f"Token decode failed: {e}")
             raise TokenError(f"Invalid token: {e}")
     
     def verify_token(
@@ -147,11 +155,17 @@ class JWTBackend(TokenBackend):
         try:
             payload = self.decode_token(token)
             
-            if payload.get("type") != token_type:
+            actual_type = payload.get("type")
+            if actual_type != token_type:
+                logger.debug(
+                    f"Token type mismatch: expected '{token_type}', got '{actual_type}'"
+                )
                 return None
             
+            logger.debug(f"Token verified successfully: sub={payload.get('sub')}")
             return payload
-        except TokenError:
+        except TokenError as e:
+            logger.debug(f"Token verification failed: {e}")
             return None
     
     def refresh_token(self, refresh_token: str) -> tuple[str, str] | None:

core/auth/views.py

@@ -360,15 +360,27 @@ class AuthViewSet(ViewSet):
     ) -> dict:
         """
         Get current authenticated user.
+        
+        Uses request.user (Starlette pattern) with fallback to request.state.user
+        for backward compatibility.
         """
+        # Try request.user first (Starlette AuthenticationMiddleware pattern)
+        user = getattr(request, "user", None)
+        if user is not None and getattr(user, "is_authenticated", False):
+            # user is an AuthenticatedUser wrapper - get underlying model
+            if hasattr(user, "_user"):
+                user = user._user
+            return self.user_output_schema.model_validate(user).model_dump()
+        
+        # Fallback to request.state.user (legacy pattern)
         user = getattr(request.state, "user", None)
-        if user is None:
-            raise HTTPException(
-                status_code=401,
-                detail="Not authenticated"
-            )
+        if user is not None:
+            return self.user_output_schema.model_validate(user).model_dump()
         
-        return self.user_output_schema.model_validate(user).model_dump()
+        raise HTTPException(
+            status_code=401,
+            detail="Not authenticated"
+        )
     
     @action(methods=["POST"], detail=False, permission_classes=[IsAuthenticated])
     async def change_password(
@@ -381,7 +393,15 @@ class AuthViewSet(ViewSet):
         """
         Change password for current user.
         """
-        user = getattr(request.state, "user", None)
+        # Try request.user first (Starlette pattern)
+        user = getattr(request, "user", None)
+        if user is not None and getattr(user, "is_authenticated", False):
+            if hasattr(user, "_user"):
+                user = user._user
+        else:
+            # Fallback to request.state.user
+            user = getattr(request.state, "user", None)
+        
         if user is None:
             raise HTTPException(
                 status_code=401,

{core_framework-0.12.3.dist-info → core_framework-0.12.5.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: core-framework
-Version: 0.12.3
+Version: 0.12.5
 Summary: Core Framework - Django-inspired, FastAPI-powered. Alta performance, baixo acoplamento, produtividade extrema.
 Project-URL: Homepage, https://github.com/SorPuti/core-framework
 Project-URL: Documentation, https://github.com/SorPuti/core-framework#readme

{core_framework-0.12.3.dist-info → core_framework-0.12.5.dist-info}/RECORD

@@ -1,4 +1,4 @@
-core/__init__.py,sha256=sy9liwZ93LJntl_s54pgi3oAM8vHPC_dgaOeVAydmtY,12058
+core/__init__.py,sha256=pc5DiPlXIs8HLdJ6-rz30XpNpVTCGRhDxLw8VG65iDg,12058
 core/app.py,sha256=sCA3mJI696i7MIjrPxfOr5zEYt0njarQfHHy3EAajk4,21071
 core/choices.py,sha256=rhcL3p2dB7RK99zIilpmoTFVcibQEIaRpz0CY0kImCE,10502
 core/config.py,sha256=2-MVF9nLoYmxpYYH_Gzn4-Sa3MU87YZskRPtlNyhg6Q,14049
@@ -22,12 +22,12 @@ core/auth/backends.py,sha256=R-siIE8TrNqDHkCx42zXN1WVvvuWOun1nj8D5elrC9g,10425
 core/auth/base.py,sha256=Q7vXgwTmgdmyW7G8eJmDket2bKB_8YFnraZ_kK9_gTs,21425
 core/auth/decorators.py,sha256=tmC7prKUvHuzQ3J872nM6r83DR9d82dCLXKLvUB1Os8,12288
 core/auth/hashers.py,sha256=0gIf67TU0k5H744FADpyh9_ugxA7m3mhYPZxLh_lEtc,12808
-core/auth/middleware.py,sha256=r4F3AIb4k9Z7gbTwcyG-MVWCyGikQqP54IHNKmyNtdc,10963
-core/auth/models.py,sha256=3ekHuaiSNhyQ6K1-w-TNmvtC406qhTT8AttA03Zl3pQ,32636
+core/auth/middleware.py,sha256=3Wddxi2MKHrHguKfdW9LRKhHaHcmQ807edVcsFLqhVc,16645
+core/auth/models.py,sha256=aEE7deQKPS1aH0Btzzh3Z1Bwuqy8zvLZwu4JFEmiUNk,34058
 core/auth/permissions.py,sha256=v3ykAgNpq5wJ0NkuC_FuveMctOkDfM9Xp11XEnUAuBg,12461
 core/auth/schemas.py,sha256=L0W96dOD348rJDGeu1K5Rz3aJj-GdwMr2vbwwsYfo2g,3469
-core/auth/tokens.py,sha256=jk-TnMRdVGPhy6pWqSF2Ef8RTqLrP6Mkuo5GvRQh9no,8489
-core/auth/views.py,sha256=n-WhSIVHJCsjyxBFrI2JCfy-kRpg4YybsOCPnbRpwWM,13277
+core/auth/tokens.py,sha256=jOF40D5O8WRG8klRwMBuSG-jOhdsp1irXn2aZ2puNSg,9149
+core/auth/views.py,sha256=3gMaq8pzWoWr29ExJk21JgGay2fE3Fq3Tz99Wb_ftvE,14203
 core/cli/__init__.py,sha256=obodnvfe8DUziqpk-IAaHTEOb1KSfYQeuBZEAofut4o,449
 core/cli/main.py,sha256=daWz8tuMkMYrkNBfueDH5OghncdqLs3k7BUMmvDsSvk,119635
 core/deployment/__init__.py,sha256=RNcBRO9oB3WRnhtTTwM6wzVEcUKpKF4XfRkGSbbykIc,794
@@ -78,7 +78,7 @@ example/auth.py,sha256=zBpLutb8lVKnGfQqQ2wnyygsSutHYZzeJBuhnFhxBaQ,4971
 example/models.py,sha256=xKdx0kJ9n0tZ7sCce3KhV3BTvKvsh6m7G69eFm3ukf0,4549
 example/schemas.py,sha256=wJ9QofnuHp4PjtM_IuMMBLVFVDJ4YlwcF6uQm1ooKiY,6139
 example/views.py,sha256=GQwgQcW6yoeUIDbF7-lsaZV7cs8G1S1vGVtiwVpZIQE,14338
-core_framework-0.12.3.dist-info/METADATA,sha256=XE6KCQJj3FgemixbQXBicIsp3CrsX5al-SzEPH-vtNk,12791
-core_framework-0.12.3.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
-core_framework-0.12.3.dist-info/entry_points.txt,sha256=lQ65IAOpieqU1VcHCUReeyandpyy8IKGix6IkJW_4Is,39
-core_framework-0.12.3.dist-info/RECORD,,
+core_framework-0.12.5.dist-info/METADATA,sha256=INxj7mhfca6AsK23r_uZ4pMozXdOumZN9EM9BUV2IcI,12791
+core_framework-0.12.5.dist-info/WHEEL,sha256=WLgqFyCfm_KASv4WHyYy0P3pM_m7J5L9k2skdKLirC8,87
+core_framework-0.12.5.dist-info/entry_points.txt,sha256=lQ65IAOpieqU1VcHCUReeyandpyy8IKGix6IkJW_4Is,39
+core_framework-0.12.5.dist-info/RECORD,,