fastapi
diff --git a/‎backend/app/auth/dependencies.py‎
Lines changed: 5 additions & 3 deletions b/‎backend/app/auth/dependencies.py‎
Lines changed: 5 additions & 3 deletions
diff --git a/‎backend/app/auth/router.py‎
Lines changed: 28 additions & 16 deletions b/‎backend/app/auth/router.py‎
Lines changed: 28 additions & 16 deletions
diff --git a/‎backend/app/auth/schemas.py‎
Lines changed: 2 additions & 1 deletion b/‎backend/app/auth/schemas.py‎
Lines changed: 2 additions & 1 deletion
diff --git a/‎backend/app/auth/security.py‎
Lines changed: 6 additions & 6 deletions b/‎backend/app/auth/security.py‎
Lines changed: 6 additions & 6 deletions
diff --git a/‎backend/app/auth/service.py‎
Lines changed: 1 addition & 2 deletions b/‎backend/app/auth/service.py‎
Lines changed: 1 addition & 2 deletions
diff --git a/‎backend/app/backend_pre_start.py‎
Lines changed: 4 additions & 4 deletions b/‎backend/app/backend_pre_start.py‎
Lines changed: 4 additions & 4 deletions
diff --git a/‎backend/app/config.py‎
Lines changed: 12 additions & 8 deletions b/‎backend/app/config.py‎
Lines changed: 12 additions & 8 deletions
diff --git a/‎backend/app/database.py‎
Lines changed: 2 additions & 0 deletions b/‎backend/app/database.py‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎backend/app/items/models.py‎
Lines changed: 4 additions & 2 deletions b/‎backend/app/items/models.py‎
Lines changed: 4 additions & 2 deletions
@@ -15,7 +15,7 @@
 from app.users.models import User
 
 reusable_oauth2 = OAuth2PasswordBearer(
-    tokenUrl=f"{settings.API_V1_STR}/login/access-token"
+    tokenUrl=f"{settings.API_V1_STR}/login/access-token",
 )
 
 
@@ -40,11 +40,13 @@ def get_current_user(session: SessionDep, token: TokenDep) -> User:
     user = session.get(User, token_data.sub)
     if not user:
         raise HTTPException(
-            status_code=status.HTTP_404_NOT_FOUND, detail="User not found"
+            status_code=status.HTTP_404_NOT_FOUND,
+            detail="User not found",
         )
     if not user.is_active:
         raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST, detail="Inactive user"
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Inactive user",
         )
     return user
 
 
@@ -1,5 +1,5 @@
 from datetime import timedelta
-from typing import Annotated, Any
+from typing import Annotated
 
 from fastapi import APIRouter, Depends, HTTPException, status
 from fastapi.responses import HTMLResponse
@@ -20,31 +20,35 @@
 
 @router.post("/login/access-token")
 def login_access_token(
-    session: SessionDep, form_data: Annotated[OAuth2PasswordRequestForm, Depends()]
+    session: SessionDep,
+    form_data: Annotated[OAuth2PasswordRequestForm, Depends()],
 ) -> Token:
     """
     OAuth2 compatible token login, get an access token for future requests
     """
     user = auth_service.authenticate(
-        session=session, email=form_data.username, password=form_data.password
+        session=session,
+        email=form_data.username,
+        password=form_data.password,
     )
     if not user:
         raise HTTPException(
             status_code=status.HTTP_400_BAD_REQUEST,
             detail="Incorrect email or password",
         )
-    elif not user.is_active:
+    if not user.is_active:
         raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST, detail="Inactive user"
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Inactive user",
         )
     access_token_expires = timedelta(minutes=settings.ACCESS_TOKEN_EXPIRE_MINUTES)
     return Token(
-        access_token=create_access_token(user.id, expires_delta=access_token_expires)
+        access_token=create_access_token(user.id, expires_delta=access_token_expires),
     )
 
 
 @router.post("/login/test-token", response_model=UserPublic)
-def test_token(current_user: CurrentUser) -> Any:
+def test_token(current_user: CurrentUser) -> CurrentUser:
     """
     Test access token
     """
@@ -63,15 +67,17 @@ def recover_password(email: str, session: SessionDep) -> Message:
     if user:
         password_reset_token = auth_service.generate_password_reset_token(email=email)
         email_data = email_service.generate_reset_password_email(
-            email_to=user.email, email=email, token=password_reset_token
+            email_to=user.email,
+            email=email,
+            token=password_reset_token,
         )
         email_service.send_email(
             email_to=user.email,
             subject=email_data.subject,
             html_content=email_data.html_content,
         )
     return Message(
-        message="If that email is registered, we sent a password recovery link"
+        message="If that email is registered, we sent a password recovery link",
     )
 
 
@@ -83,17 +89,20 @@ def reset_password(session: SessionDep, body: NewPassword) -> Message:
     email = auth_service.verify_password_reset_token(token=body.token)
     if not email:
         raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid token"
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Invalid token",
         )
     user = user_service.get_user_by_email(session=session, email=email)
     if not user:
         # Don't reveal that the user doesn't exist - use same error as invalid token
         raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST, detail="Invalid token"
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Invalid token",
         )
-    elif not user.is_active:
+    if not user.is_active:
         raise HTTPException(
-            status_code=status.HTTP_400_BAD_REQUEST, detail="Inactive user"
+            status_code=status.HTTP_400_BAD_REQUEST,
+            detail="Inactive user",
         )
     user_in_update = UserUpdate(password=body.new_password)
     user_service.update_user(
@@ -109,7 +118,7 @@ def reset_password(session: SessionDep, body: NewPassword) -> Message:
     dependencies=[Depends(get_current_active_superuser)],
     response_class=HTMLResponse,
 )
-def recover_password_html_content(email: str, session: SessionDep) -> Any:
+def recover_password_html_content(email: str, session: SessionDep) -> HTMLResponse:
     """
     HTML Content for Password Recovery
     """
@@ -122,9 +131,12 @@ def recover_password_html_content(email: str, session: SessionDep) -> Any:
         )
     password_reset_token = auth_service.generate_password_reset_token(email=email)
     email_data = email_service.generate_reset_password_email(
-        email_to=user.email, email=email, token=password_reset_token
+        email_to=user.email,
+        email=email,
+        token=password_reset_token,
     )
 
     return HTMLResponse(
-        content=email_data.html_content, headers={"subject:": email_data.subject}
+        content=email_data.html_content,
+        headers={"subject:": email_data.subject},
     )
@@ -4,7 +4,8 @@
 # JSON payload containing access token
 class Token(SQLModel):
     access_token: str
-    token_type: str = "bearer"
+    # S105 - This is not a hardcoded password.
+    token_type: str = "bearer"  # noqa: S105
 
 
 # Contents of JWT token
 
@@ -1,5 +1,5 @@
 from datetime import datetime, timedelta, timezone
-from typing import Any
+from uuid import UUID
 
 import jwt
 from pwdlib import PasswordHash
@@ -13,19 +13,19 @@
     (
         Argon2Hasher(),
         BcryptHasher(),
-    )
+    ),
 )
 
 
-def create_access_token(subject: str | Any, expires_delta: timedelta) -> str:
+def create_access_token(subject: str | UUID, expires_delta: timedelta) -> str:
     expire = datetime.now(timezone.utc) + expires_delta
     to_encode = {"exp": expire, "sub": str(subject)}
-    encoded_jwt = jwt.encode(to_encode, settings.SECRET_KEY, algorithm=ALGORITHM)
-    return encoded_jwt
+    return jwt.encode(to_encode, settings.SECRET_KEY, algorithm=ALGORITHM)
 
 
 def verify_password(
-    plain_password: str, hashed_password: str
+    plain_password: str,
+    hashed_password: str,
 ) -> tuple[bool, str | None]:
     return password_hash.verify_and_update(plain_password, hashed_password)
 
 
@@ -34,12 +34,11 @@ def generate_password_reset_token(email: str) -> str:
     now = datetime.now(timezone.utc)
     expires = now + delta
     exp = expires.timestamp()
-    encoded_jwt = jwt.encode(
+    return jwt.encode(
         {"exp": exp, "nbf": now, "sub": email},
         settings.SECRET_KEY,
         algorithm=ALGORITHM,
     )
-    return encoded_jwt
 
 
 def verify_password_reset_token(token: str) -> str | None:
 
@@ -17,16 +17,16 @@
     stop=stop_after_attempt(max_tries),
     wait=wait_fixed(wait_seconds),
     before=before_log(logger, logging.INFO),
-    after=after_log(logger, logging.WARN),
+    after=after_log(logger, logging.WARNING),
 )
 def init(db_engine: Engine) -> None:
     try:
         with Session(db_engine) as session:
             # Try to create session to check if DB is awake
             session.exec(select(1))
-    except Exception as e:
-        logger.error(e)
-        raise e
+    except Exception:
+        logger.exception("")
+        raise
 
 
 def main() -> None:
 
@@ -1,6 +1,6 @@
 import secrets
 import warnings
-from typing import Annotated, Any, Literal
+from typing import Annotated, Literal
 
 from pydantic import (
     AnyUrl,
@@ -15,10 +15,10 @@
 from typing_extensions import Self
 
 
-def parse_cors(v: Any) -> list[str] | str:
+def parse_cors(v: str | list[str] | None) -> list[str] | str:
     if isinstance(v, str) and not v.startswith("["):
         return [i.strip() for i in v.split(",") if i.strip()]
-    elif isinstance(v, list | str):
+    if isinstance(v, list | str):
         return v
     raise ValueError(v)
 
@@ -38,14 +38,15 @@ class Settings(BaseSettings):
     ENVIRONMENT: Literal["local", "staging", "production"] = "local"
 
     BACKEND_CORS_ORIGINS: Annotated[
-        list[AnyUrl] | str, BeforeValidator(parse_cors)
+        list[AnyUrl] | str,
+        BeforeValidator(parse_cors),
     ] = []
 
     @computed_field  # type: ignore[prop-decorator]
     @property
     def all_cors_origins(self) -> list[str]:
         return [str(origin).rstrip("/") for origin in self.BACKEND_CORS_ORIGINS] + [
-            self.FRONTEND_HOST
+            self.FRONTEND_HOST,
         ]
 
     PROJECT_NAME: str
@@ -58,7 +59,8 @@ def all_cors_origins(self) -> list[str]:
 
     @computed_field  # type: ignore[prop-decorator]
     @property
-    def SQLALCHEMY_DATABASE_URI(self) -> PostgresDsn:
+    # N802 - Error from original template.
+    def SQLALCHEMY_DATABASE_URI(self) -> PostgresDsn:  # noqa: N802
         return PostgresDsn.build(
             scheme="postgresql+psycopg",
             username=self.POSTGRES_USER,
@@ -110,10 +112,12 @@ def _enforce_non_default_secrets(self) -> Self:
         self._check_default_secret("SECRET_KEY", self.SECRET_KEY)
         self._check_default_secret("POSTGRES_PASSWORD", self.POSTGRES_PASSWORD)
         self._check_default_secret(
-            "FIRST_SUPERUSER_PASSWORD", self.FIRST_SUPERUSER_PASSWORD
+            "FIRST_SUPERUSER_PASSWORD",
+            self.FIRST_SUPERUSER_PASSWORD,
         )
 
         return self
 
 
-settings = Settings()  # type: ignore
+# call-arg - Error from original template.
+settings = Settings()  # type: ignore[call-arg]
@@ -22,9 +22,11 @@ def init_db(session: Session) -> None:
     # Tables should be created with Alembic migrations
     # But if you don't want to use migrations, create
     # the tables un-commenting the next lines
+    # # ERA001 - Error from original template.
     # from sqlmodel import SQLModel # noqa: ERA001
 
     # This works because the models are already imported and registered from app.models
+    # # ERA001 - Error from original template.
     # SQLModel.metadata.create_all(engine) # noqa: ERA001
     user = session.exec(
         select(User).where(User.email == settings.FIRST_SUPERUSER),
 
@@ -22,9 +22,11 @@ class Item(ItemBase, table=True):
     id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)
     created_at: datetime | None = Field(
         default_factory=get_datetime_utc,
-        sa_type=DateTime(timezone=True),  # type: ignore
+        sa_type=DateTime(timezone=True),  # type: ignore[call-overload]
     )
     owner_id: uuid.UUID = Field(
-        foreign_key="user.id", nullable=False, ondelete="CASCADE"
+        foreign_key="user.id",
+        nullable=False,
+        ondelete="CASCADE",
     )
     owner: User | None = Relationship(back_populates="items")
Original file line number	Diff line number	Diff line change
`@@ -22,9 +22,11 @@ class Item(ItemBase, table=True):`
`22`	`22`	`id: uuid.UUID = Field(default_factory=uuid.uuid4, primary_key=True)`
`23`	`23`	`created_at: datetime \| None = Field(`
`24`	`24`	`default_factory=get_datetime_utc,`
`25`		`- sa_type=DateTime(timezone=True), # type: ignore`
	`25`	`+ sa_type=DateTime(timezone=True), # type: ignore[call-overload]`
`26`	`26`	`)`
`27`	`27`	`owner_id: uuid.UUID = Field(`
`28`		`- foreign_key="user.id", nullable=False, ondelete="CASCADE"`
	`28`	`+ foreign_key="user.id",`
	`29`	`+ nullable=False,`
	`30`	`+ ondelete="CASCADE",`
`29`	`31`	`)`
`30`	`32`	`owner: User \| None = Relationship(back_populates="items")`