Skip to content

schemas.auth_schemas

src.schemas.auth_schemas

Authentication request/response schemas.

Pydantic models for API request validation and response serialization. Kept separate from domain entities - these are HTTP-layer concerns.

RESTful Endpoints (100% resource-based): POST /api/v1/users - Create user (registration) POST /api/v1/sessions - Create session (login) DELETE /api/v1/sessions/current - Delete session (logout) POST /api/v1/tokens - Create tokens (refresh) POST /api/v1/email-verifications - Create verification (verify email) POST /api/v1/password-reset-tokens - Create reset token (request) POST /api/v1/password-resets - Create reset (execute)

Classes

UserCreateRequest

Bases: BaseModel

Request schema for user creation (registration).

POST /api/v1/users Returns: 201 Created

Source code in src/schemas/auth_schemas.py 
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
class UserCreateRequest(BaseModel):
    """Request schema for user creation (registration).

    POST /api/v1/users
    Returns: 201 Created
    """

    email: EmailStr = Field(
        ...,
        description="User's email address",
        examples=["user@example.com"],
    )
    password: str = Field(
        ...,
        min_length=8,
        max_length=128,
        description="Password (8-128 chars, mixed case, number, special char)",
        examples=["SecurePass123!"],
    )

    model_config = ConfigDict(
        json_schema_extra={
            "example": {
                "email": "user@example.com",
                "password": "SecurePass123!",
            }
        }
    )

UserCreateResponse

Bases: BaseModel

Response schema for user creation (201 Created).

Returns created user resource. User must verify email before creating a session (login).

Source code in src/schemas/auth_schemas.py 
56
57
58
59
60
61
62
63
64
65
66
67
68
class UserCreateResponse(BaseModel):
    """Response schema for user creation (201 Created).

    Returns created user resource.
    User must verify email before creating a session (login).
    """

    id: UUID = Field(..., description="Created user's ID")
    email: str = Field(..., description="User's email address")
    message: str = Field(
        default="Registration successful. Please check your email to verify your account.",
        description="Success message",
    )

SessionCreateRequest

Bases: BaseModel

Request schema for session creation (login).

POST /api/v1/sessions Returns: 201 Created

Source code in src/schemas/auth_schemas.py 
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
class SessionCreateRequest(BaseModel):
    """Request schema for session creation (login).

    POST /api/v1/sessions
    Returns: 201 Created
    """

    email: EmailStr = Field(
        ...,
        description="User's email address",
        examples=["user@example.com"],
    )
    password: str = Field(
        ...,
        min_length=1,
        max_length=128,
        description="User's password",
        examples=["SecurePass123!"],
    )

    model_config = ConfigDict(
        json_schema_extra={
            "example": {
                "email": "user@example.com",
                "password": "SecurePass123!",
            }
        }
    )

SessionCreateResponse

Bases: BaseModel

Response schema for session creation (201 Created).

Returns session tokens (JWT access + opaque refresh).

Source code in src/schemas/auth_schemas.py 
106
107
108
109
110
111
112
113
114
115
116
117
118
119
class SessionCreateResponse(BaseModel):
    """Response schema for session creation (201 Created).

    Returns session tokens (JWT access + opaque refresh).
    """

    access_token: str = Field(..., description="JWT access token (15 min expiry)")
    refresh_token: str = Field(..., description="Opaque refresh token (30 day expiry)")
    token_type: str = Field(
        default="bearer", description="Token type for Authorization header"
    )
    expires_in: int = Field(
        default=900, description="Access token expiration in seconds"
    )

SessionDeleteRequest

Bases: BaseModel

Request schema for session deletion (logout).

DELETE /api/v1/sessions/current Returns: 204 No Content

Note: Requires Authorization header with JWT.

Source code in src/schemas/auth_schemas.py 
127
128
129
130
131
132
133
134
135
136
137
138
139
140
class SessionDeleteRequest(BaseModel):
    """Request schema for session deletion (logout).

    DELETE /api/v1/sessions/current
    Returns: 204 No Content

    Note: Requires Authorization header with JWT.
    """

    refresh_token: str = Field(
        ...,
        min_length=1,
        description="Refresh token to revoke",
    )

TokenCreateRequest

Bases: BaseModel

Request schema for token creation (refresh).

POST /api/v1/tokens Returns: 201 Created

Source code in src/schemas/auth_schemas.py 
151
152
153
154
155
156
157
158
159
160
161
162
class TokenCreateRequest(BaseModel):
    """Request schema for token creation (refresh).

    POST /api/v1/tokens
    Returns: 201 Created
    """

    refresh_token: str = Field(
        ...,
        min_length=1,
        description="Current refresh token",
    )

TokenCreateResponse

Bases: BaseModel

Response schema for token creation (201 Created).

Returns new tokens (rotation: old refresh token invalidated).

Source code in src/schemas/auth_schemas.py 
165
166
167
168
169
170
171
172
173
174
175
176
class TokenCreateResponse(BaseModel):
    """Response schema for token creation (201 Created).

    Returns new tokens (rotation: old refresh token invalidated).
    """

    access_token: str = Field(..., description="New JWT access token")
    refresh_token: str = Field(..., description="New refresh token (rotated)")
    token_type: str = Field(default="bearer", description="Token type")
    expires_in: int = Field(
        default=900, description="Access token expiration in seconds"
    )

EmailVerificationCreateRequest

Bases: BaseModel

Request schema for email verification creation.

POST /api/v1/email-verifications Returns: 201 Created

Source code in src/schemas/auth_schemas.py 
184
185
186
187
188
189
190
191
192
193
194
195
196
class EmailVerificationCreateRequest(BaseModel):
    """Request schema for email verification creation.

    POST /api/v1/email-verifications
    Returns: 201 Created
    """

    token: str = Field(
        ...,
        min_length=64,
        max_length=64,
        description="64-character hex verification token from email",
    )

EmailVerificationCreateResponse

Bases: BaseModel

Response schema for email verification (201 Created).

Source code in src/schemas/auth_schemas.py 
199
200
201
202
203
204
205
class EmailVerificationCreateResponse(BaseModel):
    """Response schema for email verification (201 Created)."""

    message: str = Field(
        default="Email verified successfully. You can now create a session.",
        description="Success message",
    )

PasswordResetTokenCreateRequest

Bases: BaseModel

Request schema for password reset token creation.

POST /api/v1/password-reset-tokens Returns: 201 Created (always, to prevent user enumeration)

Source code in src/schemas/auth_schemas.py 
213
214
215
216
217
218
219
220
221
222
223
224
class PasswordResetTokenCreateRequest(BaseModel):
    """Request schema for password reset token creation.

    POST /api/v1/password-reset-tokens
    Returns: 201 Created (always, to prevent user enumeration)
    """

    email: EmailStr = Field(
        ...,
        description="Email address for password reset",
        examples=["user@example.com"],
    )

PasswordResetTokenCreateResponse

Bases: BaseModel

Response schema for password reset token (201 Created).

Always returns success to prevent user enumeration.

Source code in src/schemas/auth_schemas.py 
227
228
229
230
231
232
233
234
235
236
class PasswordResetTokenCreateResponse(BaseModel):
    """Response schema for password reset token (201 Created).

    Always returns success to prevent user enumeration.
    """

    message: str = Field(
        default="If an account with that email exists, a password reset link has been sent.",
        description="Success message (always same to prevent enumeration)",
    )

PasswordResetCreateRequest

Bases: BaseModel

Request schema for password reset execution.

POST /api/v1/password-resets Returns: 201 Created

Source code in src/schemas/auth_schemas.py 
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
class PasswordResetCreateRequest(BaseModel):
    """Request schema for password reset execution.

    POST /api/v1/password-resets
    Returns: 201 Created
    """

    token: str = Field(
        ...,
        min_length=64,
        max_length=64,
        description="64-character hex reset token from email",
    )
    new_password: str = Field(
        ...,
        min_length=8,
        max_length=128,
        description="New password (8-128 chars, mixed case, number, special char)",
        examples=["NewSecurePass456!"],
    )

PasswordResetCreateResponse

Bases: BaseModel

Response schema for password reset (201 Created).

Source code in src/schemas/auth_schemas.py 
266
267
268
269
270
271
272
class PasswordResetCreateResponse(BaseModel):
    """Response schema for password reset (201 Created)."""

    message: str = Field(
        default="Password has been reset successfully. Please create a new session.",
        description="Success message",
    )