|
51 | 51 | InvitationEmailMismatchError, |
52 | 52 | InvitationProcessingError |
53 | 53 | ) |
54 | | -from utils.core.models import EmailVerificationToken |
55 | 54 | from routers.core.dashboard import router as dashboard_router |
56 | 55 | from routers.core.user import router as user_router |
57 | 56 | from routers.core.organization import router as org_router |
@@ -447,6 +446,7 @@ async def login( |
447 | 446 | logger.info(f"Standard login for account {account.email}. Redirecting to dashboard.") |
448 | 447 |
|
449 | 448 | # Create access token |
| 449 | + assert account.id is not None |
450 | 450 | access_token = create_access_token( |
451 | 451 | data={"sub": account.email, "fresh": True} |
452 | 452 | ) |
@@ -518,6 +518,7 @@ async def refresh_token( |
518 | 518 | if not db_token or db_token.account_id != account.id: |
519 | 519 | return RedirectResponse(url=router.url_path_for("read_login"), status_code=303) |
520 | 520 |
|
| 521 | + assert account.id is not None |
521 | 522 | if db_token.revoked: |
522 | 523 | # Token reuse detected — revoke all tokens for this account |
523 | 524 | logger.warning( |
@@ -611,6 +612,7 @@ async def reset_password( |
611 | 612 | if not authorized_account or not reset_token: |
612 | 613 | raise CredentialsError("Invalid or expired password reset token; please request a new one") |
613 | 614 |
|
| 615 | + assert authorized_account.id is not None |
614 | 616 | # Update password and mark token as used |
615 | 617 | authorized_account.hashed_password = get_password_hash(new_password) |
616 | 618 |
|
@@ -659,6 +661,7 @@ async def recover_account( |
659 | 661 | if not account or not recovery_token: |
660 | 662 | raise CredentialsError(message="Invalid or expired recovery token") |
661 | 663 |
|
| 664 | + assert account.id is not None |
662 | 665 | # Mark recovery token as used |
663 | 666 | recovery_token.used = True |
664 | 667 |
|
@@ -733,6 +736,7 @@ async def add_email( |
733 | 736 | if email_count >= MAX_EMAILS_PER_ACCOUNT: |
734 | 737 | raise MaxEmailsReachedError() |
735 | 738 |
|
| 739 | + assert account.id is not None |
736 | 740 | # Send verification email (suppresses if unexpired token exists) |
737 | 741 | sent = send_email_verification(account.id, new_email, session) |
738 | 742 |
|
@@ -760,6 +764,8 @@ async def verify_email( |
760 | 764 | if not account or not verification_token: |
761 | 765 | raise CredentialsError(message="Invalid or expired verification token") |
762 | 766 |
|
| 767 | + assert account.id is not None |
| 768 | + |
763 | 769 | # Race condition guard: check email not already taken |
764 | 770 | existing = session.exec( |
765 | 771 | select(AccountEmail).where(AccountEmail.email == verification_token.new_email) |
@@ -814,6 +820,7 @@ async def promote_email( |
814 | 820 | """ |
815 | 821 | Promote a secondary email address to primary. |
816 | 822 | """ |
| 823 | + assert account.id is not None |
817 | 824 | # Look up the AccountEmail |
818 | 825 | target_email = session.exec( |
819 | 826 | select(AccountEmail).where( |
@@ -897,6 +904,7 @@ async def remove_email( |
897 | 904 | """ |
898 | 905 | Remove a non-primary email address from the account. |
899 | 906 | """ |
| 907 | + assert account.id is not None |
900 | 908 | target_email = session.exec( |
901 | 909 | select(AccountEmail).where( |
902 | 910 | AccountEmail.id == email_id, |
|
0 commit comments