diff --git a/README.md b/README.md index 349b82d2c2..ad0cbe086f 100644 --- a/README.md +++ b/README.md @@ -148,6 +148,16 @@ After using this generator, your new project (the directory created) will contai ### Next release +### 0.4.0 + +* Fix security on resetting a password. Receive token as body, not query. PR [#34](https://github.com/tiangolo/full-stack-fastapi-postgresql/pull/34). + +* Fix security on resetting a password. Receive it as body, not query. PR [#33](https://github.com/tiangolo/full-stack-fastapi-postgresql/pull/33) by [@dmontagu](https://github.com/dmontagu). + +* Fix SQLAlchemy class lookup on initialization. PR [#29](https://github.com/tiangolo/full-stack-fastapi-postgresql/pull/29) by [@ebreton](https://github.com/ebreton). + +* Fix SQLAlchemy operation errors on database restart. PR [#32](https://github.com/tiangolo/full-stack-fastapi-postgresql/pull/32) by [@ebreton](https://github.com/ebreton). + * Fix locations of scripts in generated README. PR [#19](https://github.com/tiangolo/full-stack-fastapi-postgresql/pull/19) by [@ebreton](https://github.com/ebreton). * Forward arguments from script to `pytest` inside container. PR [#17](https://github.com/tiangolo/full-stack-fastapi-postgresql/pull/17) by [@ebreton](https://github.com/ebreton). diff --git a/{{cookiecutter.project_slug}}/backend/app/app/api/api_v1/endpoints/login.py b/{{cookiecutter.project_slug}}/backend/app/app/api/api_v1/endpoints/login.py index 2640f1c77e..1db861be5f 100644 --- a/{{cookiecutter.project_slug}}/backend/app/app/api/api_v1/endpoints/login.py +++ b/{{cookiecutter.project_slug}}/backend/app/app/api/api_v1/endpoints/login.py @@ -1,6 +1,6 @@ from datetime import timedelta -from fastapi import APIRouter, Depends, HTTPException +from fastapi import APIRouter, Body, Depends, HTTPException from fastapi.security import OAuth2PasswordRequestForm from sqlalchemy.orm import Session @@ -74,7 +74,7 @@ def recover_password(email: str, db: Session = Depends(get_db)): @router.post("/reset-password/", tags=["login"], response_model=Msg) -def reset_password(token: str, new_password: str, db: Session = Depends(get_db)): +def reset_password(token: str = Body(...), new_password: str = Body(...), db: Session = Depends(get_db)): """ Reset password """ diff --git a/{{cookiecutter.project_slug}}/backend/app/app/db/init_db.py b/{{cookiecutter.project_slug}}/backend/app/app/db/init_db.py index 4f1d6f5aa3..6374273132 100644 --- a/{{cookiecutter.project_slug}}/backend/app/app/db/init_db.py +++ b/{{cookiecutter.project_slug}}/backend/app/app/db/init_db.py @@ -2,6 +2,11 @@ from app.core import config from app.models.user import UserCreate +# make sure all SQL Alchemy models are imported before initializing DB +# otherwise, SQL Alchemy might fail to initialize properly relationships +# for more details: https://github.com/tiangolo/full-stack-fastapi-postgresql/issues/28 +from app.db import base + def init_db(db_session): # Tables should be created with Alembic migrations diff --git a/{{cookiecutter.project_slug}}/backend/app/app/db/session.py b/{{cookiecutter.project_slug}}/backend/app/app/db/session.py index 63752d1840..e4698d551f 100644 --- a/{{cookiecutter.project_slug}}/backend/app/app/db/session.py +++ b/{{cookiecutter.project_slug}}/backend/app/app/db/session.py @@ -3,7 +3,7 @@ from app.core import config -engine = create_engine(config.SQLALCHEMY_DATABASE_URI) +engine = create_engine(config.SQLALCHEMY_DATABASE_URI, pool_pre_ping=True) db_session = scoped_session( sessionmaker(autocommit=False, autoflush=False, bind=engine) )