Chore: moving changes - migrating Desktop from nobara 42 to windows(WSL)

backend/app/core/auth.py

@@ -3,9 +3,11 @@ Authentication utilities for JWT-based session management with role-based expira
 """
 from datetime import datetime, timedelta, timezone
 from typing import Optional, Union
+import secrets
+import hashlib
 from jose import JWTError, jwt
 from passlib.context import CryptContext
-from fastapi import Depends, HTTPException, status
+from fastapi import Depends, HTTPException, status, Request
 from fastapi.security import HTTPBearer, HTTPAuthorizationCredentials
 from sqlmodel import Session, select
 from app.core.config import settings
@@ -35,15 +37,27 @@ def authenticate_user(
         session: Session,
         username: str,
         password: str
-        ) -> Optional[User]:
-    """Authenticate user with username and password."""
+        ) -> tuple[Optional[User], str]:
+    """Authenticate user with username and password.
+    
+    Returns:
+        tuple: (User object or None, error_message)
+        error_message values:
+        - "success" if authentication successful
+        - "user_not_found" if username doesn't exist
+        - "invalid_password" if password is incorrect
+        - "account_pending_approval" if user exists but not approved
+    """
     statement = select(User).where(User.username == username)
     user = session.exec(statement).first()
     if not user:
-        return None
+        return None, "user_not_found"
     if not verify_password(password, user.password_hash):
-        return None
-    return user
+        return None, "invalid_password"
+    # Check if user is approved
+    if not user.is_approved:
+        return None, "account_pending_approval"
+    return user, "success"
 
 
 def get_token_expiration_minutes(role: UserRole) -> int:
@@ -138,3 +152,17 @@ def require_role(required_roles: list[UserRole]):
 require_admin = require_role([UserRole.ADMIN])
 require_write_access = require_role([UserRole.ADMIN, UserRole.WRITE])
 require_any_access = require_role([UserRole.ADMIN, UserRole.WRITE, UserRole.READ_ONLY])
+
+
+def send_password_reset_email(username: str, email: str) -> bool:
+    """Send password reset instructions via email (mock implementation)."""
+    # In a real application, you would:
+    # 1. Verify the email belongs to the username
+    # 2. Send an email with instructions to reset password
+    # 3. The email would contain a link to your frontend with instructions
+    
+    print(f"Mock: Sending password reset email to {email} for user {username}")
+    print("Instructions: Please contact your system administrator to reset your password.")
+    
+    # Return True to indicate email was "sent"
+    return True