Merge pull request #3 from tiangolo/master

ebreton · web-flow · commit c0123bbf1b86 · 2019-06-18T20:32:35.000+02:00
Merge in tiangolo branch
diff --git a/README.md b/README.md
@@ -148,6 +148,16 @@ After using this generator, your new project (the directory created) will contai
 
 ### Next release
 
+### 0.4.0
+
+* Fix security on resetting a password. Receive token as body, not query. PR [#34](https://github.com/tiangolo/full-stack-fastapi-postgresql/pull/34).
+
+* Fix security on resetting a password. Receive it as body, not query. PR [#33](https://github.com/tiangolo/full-stack-fastapi-postgresql/pull/33) by [@dmontagu](https://github.com/dmontagu).
+
+* Fix SQLAlchemy class lookup on initialization. PR [#29](https://github.com/tiangolo/full-stack-fastapi-postgresql/pull/29) by [@ebreton](https://github.com/ebreton).
+
+* Fix SQLAlchemy operation errors on database restart. PR [#32](https://github.com/tiangolo/full-stack-fastapi-postgresql/pull/32) by [@ebreton](https://github.com/ebreton).
+
 * Fix locations of scripts in generated README. PR [#19](https://github.com/tiangolo/full-stack-fastapi-postgresql/pull/19) by [@ebreton](https://github.com/ebreton).
 
 * Forward arguments from script to `pytest` inside container. PR [#17](https://github.com/tiangolo/full-stack-fastapi-postgresql/pull/17) by [@ebreton](https://github.com/ebreton).
diff --git a/{{cookiecutter.project_slug}}/backend/app/app/api/api_v1/endpoints/login.py b/{{cookiecutter.project_slug}}/backend/app/app/api/api_v1/endpoints/login.py
@@ -1,6 +1,6 @@
 from datetime import timedelta
 
-from fastapi import APIRouter, Depends, HTTPException
+from fastapi import APIRouter, Body, Depends, HTTPException
 from fastapi.security import OAuth2PasswordRequestForm
 from sqlalchemy.orm import Session
 
@@ -74,7 +74,7 @@ def recover_password(email: str, db: Session = Depends(get_db)):
 
 
 @router.post("/reset-password/", tags=["login"], response_model=Msg)
-def reset_password(token: str, new_password: str, db: Session = Depends(get_db)):
+def reset_password(token: str = Body(...), new_password: str = Body(...), db: Session = Depends(get_db)):
     """
     Reset password
     """
diff --git a/{{cookiecutter.project_slug}}/backend/app/app/db/init_db.py b/{{cookiecutter.project_slug}}/backend/app/app/db/init_db.py
@@ -2,6 +2,11 @@
 from app.core import config
 from app.models.user import UserCreate
 
+# make sure all SQL Alchemy models are imported before initializing DB
+# otherwise, SQL Alchemy might fail to initialize properly relationships
+# for more details: https://github.com/tiangolo/full-stack-fastapi-postgresql/issues/28
+from app.db import base
+
 
 def init_db(db_session):
     # Tables should be created with Alembic migrations
diff --git a/{{cookiecutter.project_slug}}/backend/app/app/db/session.py b/{{cookiecutter.project_slug}}/backend/app/app/db/session.py
@@ -3,7 +3,7 @@
 
 from app.core import config
 
-engine = create_engine(config.SQLALCHEMY_DATABASE_URI)
+engine = create_engine(config.SQLALCHEMY_DATABASE_URI, pool_pre_ping=True)
 db_session = scoped_session(
     sessionmaker(autocommit=False, autoflush=False, bind=engine)
 )

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`
`4`	`4`	`from app.core import config`
`5`	`5`
`6`		`-engine = create_engine(config.SQLALCHEMY_DATABASE_URI)`
	`6`	`+engine = create_engine(config.SQLALCHEMY_DATABASE_URI, pool_pre_ping=True)`
`7`	`7`	`db_session = scoped_session(`
`8`	`8`	`sessionmaker(autocommit=False, autoflush=False, bind=engine)`
`9`	`9`	`)`