damon/AutonetSellCar
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: 삭제된 사용자 재가입 허용 및 로그인 차단

Browse Source 
- 소프트 삭제된 사용자도 재가입 가능하도록 수정
- 재가입 시 기존 삭제된 사용자 데이터 완전 삭제
- 삭제된/비활성화된 사용자 로그인 차단

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
AutonetSellCar Deploy
2026-01-01 17:40:47 +09:00
parent 1818f0229c
commit de06404d0f
1 changed files with 37 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
backend/app/api/auth.py
View File

@@ -97,10 +97,30 @@ def register(user_data: UserCreate, db: Session = Depends(get_db)):
from ..models.user import VerificationCode from ..models.user import VerificationCode
from datetime import datetime from datetime import datetime
existing = db.query(User).filter(User.email == user_data.email).first() # 활성 사용자만 체크 (삭제된 사용자는 재가입 허용)
existing = db.query(User).filter(
User.email == user_data.email,
User.deleted_at.is_(None) # 삭제되지 않은 사용자만
).first()
if existing: if existing:
raise HTTPException(status_code=400, detail="Email already registered") raise HTTPException(status_code=400, detail="Email already registered")
# 삭제된 사용자가 있다면 완전히 제거 (동일 이메일 재가입 허용)
deleted_user = db.query(User).filter(
User.email == user_data.email,
User.deleted_at.isnot(None)
).first()
if deleted_user:
# 관련 데이터 삭제
from ..models import CarView, PerformanceCheckView, ChargeHistory, Inquiry, Notification
db.query(CarView).filter(CarView.user_id == deleted_user.id).delete()
db.query(PerformanceCheckView).filter(PerformanceCheckView.user_id == deleted_user.id).delete()
db.query(ChargeHistory).filter(ChargeHistory.user_id == deleted_user.id).delete()
db.query(Inquiry).filter(Inquiry.user_id == deleted_user.id).delete()
db.query(Notification).filter(Notification.user_id == deleted_user.id).delete()
db.delete(deleted_user)
db.commit()
# Check if email was verified (pre-registration verification) # Check if email was verified (pre-registration verification)
email_verified = False email_verified = False
verification = db.query(VerificationCode).filter( verification = db.query(VerificationCode).filter(
@@ -148,6 +168,22 @@ def login(
headers={"WWW-Authenticate": "Bearer"}, headers={"WWW-Authenticate": "Bearer"},
) )
# 삭제된 사용자 체크
if user.deleted_at:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="This account has been deleted",
headers={"WWW-Authenticate": "Bearer"},
)
# 비활성화된 사용자 체크
if not user.is_active:
raise HTTPException(
status_code=status.HTTP_401_UNAUTHORIZED,
detail="This account has been deactivated",
headers={"WWW-Authenticate": "Bearer"},
)
access_token = create_access_token(data={"sub": user.email}) access_token = create_access_token(data={"sub": user.email})
return Token(access_token=access_token) return Token(access_token=access_token)