refactor: add clear cast

refactor: delete serializers
refactor: delete me_user
2026-05-29 13:34:40 +03:00 · 2026-05-28 20:52:06 +03:00 · 2026-05-28 13:41:39 +03:00 · 2026-05-19 15:26:50 +03:00 · 2026-05-19 15:23:22 +03:00 · 2026-05-19 08:58:12 +03:00
17 changed files with 631 additions and 60 deletions
--- a/src/application/abstractions/repositories/i_user_repository.py
+++ b/src/application/abstractions/repositories/i_user_repository.py
@@ -38,6 +38,10 @@ class IUserRepository(ABC):
    async def email_exists(self, email: str) -> bool:
        raise NotImplementedError
    @abstractmethod
    async def get_user_by_email(self, email: str) -> UserEntity | None:
        raise NotImplementedError
    @abstractmethod
    async def set_avatar_link(self, user_id: str, avatar_link: str | None) -> UserEntity:
        raise NotImplementedError
--- a/src/application/commands/init.py
+++ b/src/application/commands/init.py
@@ -8,6 +8,8 @@ from src.application.commands.update_bank_details_start import UpdateBankDetails
 from src.application.commands.update_bank_details_complete import UpdateBankDetailsCompleteCommand
 from src.application.commands.change_password_start import ChangePasswordStartCommand
 from src.application.commands.change_password_complete import ChangePasswordCompleteCommand
 from src.application.commands.forgot_password_start import ForgotPasswordStartCommand
 from src.application.commands.forgot_password_complete import ForgotPasswordCompleteCommand
 from src.application.commands.change_email_start import ChangeEmailStartCommand
 from src.application.commands.change_email_confirm_old import ChangeEmailConfirmOldCommand
 from src.application.commands.change_email_complete import ChangeEmailCompleteCommand
--- a/src/application/commands/delete_avatar.py
+++ b/src/application/commands/delete_avatar.py
@@ -17,25 +17,40 @@ class DeleteAvatarCommand:
    @transactional
    async def _load_user(self, user_id: str) -> UserEntity:
-        return await self._unit_of_work.user_repository.get_user_by_id(user_id)
+        user = await self._unit_of_work.user_repository.get_user_by_id(user_id)
        self._logger.debug(f'DeleteAvatar _load_user user_id={user_id} has_avatar_link={bool(user.avatar_link)}')
        return user
    async def __call__(self, user_id: str) -> UserEntity:
        prior = await self._load_user(user_id)
        link = prior.avatar_link
        self._logger.info(f'DeleteAvatar start user_id={user_id} had_link={bool(link)}')
        if link:
            key = self._s3.object_key_from_public_url(link)
            self._logger.debug(f'DeleteAvatar parsed_object_key user_id={user_id} has_key={bool(key)}')
            if not key:
                self._logger.warning(
                    f'DeleteAvatar could not parse avatar URL for S3 user_id={user_id} link_len={len(link)}'
                )
            if key:
                self._logger.info(f'DeleteAvatar S3 delete start user_id={user_id} key={key}')
                try:
                    await self._s3.delete_object(key=key)
                    self._logger.info(f'DeleteAvatar S3 delete done user_id={user_id} key={key}')
                except ClientError as exc:
                    code = exc.response.get('Error', {}).get('Code', '')
                    if code not in ('NoSuchKey', '404'):
-                        self._logger.warning(f'S3 delete avatar failed user_id={user_id} code={code}: {exc}')
+                        self._logger.warning(f'DeleteAvatar S3 delete failed user_id={user_id} code={code}: {exc}')
                    else:
                        self._logger.debug(f'DeleteAvatar S3 object already absent user_id={user_id} code={code}')
        user = await self._clear_avatar_link(user_id)
        self._logger.debug(f'DeleteAvatar DB cleared user_id={user_id} entity_has_link={bool(user.avatar_link)}')
        await self._cache.set_user(user_id, user)
        self._logger.debug(f'DeleteAvatar cache updated user_id={user_id}')
        self._logger.info(f'Avatar removed user_id={user_id}')
        return user
    @transactional
    async def _clear_avatar_link(self, user_id: str) -> UserEntity:
        self._logger.debug(f'DeleteAvatar DB transaction set_avatar_link user_id={user_id} link=None')
        return await self._unit_of_work.user_repository.set_avatar_link(user_id, None)
--- a/src/application/commands/forgot_password_complete.py
+++ b/src/application/commands/forgot_password_complete.py
@@ -0,0 +1,83 @@
 from src.application.abstractions import IUnitOfWork
 from src.application.contracts import IHashService, ILogger, ICache
 from src.application.domain.exceptions import ApplicationException
 from src.infrastructure.database.decorators import transactional
 class ForgotPasswordCompleteCommand:
    def __init__(
        self,
        unit_of_work: IUnitOfWork,
        hash_service: IHashService,
        cache: ICache,
        logger: ILogger,
    ):
        self._unit_of_work = unit_of_work
        self._hash_service = hash_service
        self._cache = cache
        self._logger = logger
    @staticmethod
    def _normalize_email(email: str) -> str:
        return email.strip().lower()
    @transactional
    async def __call__(
        self,
        *,
        email: str,
        code: str,
        new_password: str,
        confirm_password: str,
    ) -> bool:
        code = (code or '').strip()
        normalized = self._normalize_email(email)
        EMAIL_PREFIX = 'forgot_password:email:'
        CODE_PREFIX = 'forgot_password:code:'
        if new_password != confirm_password:
            self._logger.info('Forgot password failed: passwords do not match')
            raise ApplicationException(400, 'Passwords do not match')
        code_key = f'{CODE_PREFIX}{code}'
        cached_email = await self._cache.get(code_key)
        if not cached_email:
            self._logger.info('Forgot password failed: code not found')
            raise ApplicationException(400, 'Invalid or expired code')
        if cached_email != normalized:
            self._logger.info('Forgot password failed: code-email mismatch')
            raise ApplicationException(400, 'Invalid or expired code')
        email_key = f'{EMAIL_PREFIX}{normalized}'
        code_hash = await self._cache.get(email_key)
        if not code_hash:
            self._logger.info('Forgot password failed: email key missing')
            raise ApplicationException(400, 'Invalid or expired code')
        ok = await self._hash_service.verify(hashed_value=code_hash, plain_value=code)
        if not ok:
            self._logger.info('Forgot password failed: code hash mismatch')
            raise ApplicationException(400, 'Invalid or expired code')
        user = await self._unit_of_work.user_repository.get_user_by_email(normalized)
        if user is None:
            self._logger.info('Forgot password failed: user not found after valid code')
            raise ApplicationException(400, 'Invalid or expired code')
        new_password_hash = await self._hash_service.hash(new_password)
        user = await self._unit_of_work.user_repository.set_password(
            user_id=user.id,
            password_hash=new_password_hash,
        )
        await self._cache.set_user(user.id, user)
        try:
            await self._cache.delete(code_key)
            await self._cache.delete(email_key)
        except Exception as e:
            self._logger.warning(f'Forgot password cleanup failed (user_id={user.id}): {e}')
        self._logger.info(f'Password reset via forgot flow for user_id={user.id}')
        return True
--- a/src/application/commands/forgot_password_start.py
+++ b/src/application/commands/forgot_password_start.py
@@ -0,0 +1,132 @@
 import secrets
 from datetime import datetime, timezone
 from ulid import ULID
 from src.application.abstractions import IUnitOfWork
 from src.application.contracts import IHashService, ICache, ILogger, IQueueMessanger
 from src.application.domain.exceptions import ApplicationException
 from src.infrastructure.config import settings
 from src.infrastructure.context_vars import trace_id_var
 from src.infrastructure.database.decorators import transactional
 class ForgotPasswordStartCommand:
    def __init__(
        self,
        hash_service: IHashService,
        cache: ICache,
        unit_of_work: IUnitOfWork,
        logger: ILogger,
        messanger: IQueueMessanger,
    ):
        self._hash_service = hash_service
        self._unit_of_work = unit_of_work
        self._cache = cache
        self._logger = logger
        self._messanger = messanger
    @staticmethod
    def _normalize_email(email: str) -> str:
        return email.strip().lower()
    @transactional
    async def __call__(self, email: str) -> bool:
        TTL = 300
        LOCK_TTL = 30
        MAX_ATTEMPTS = 20
        EMAIL_PREFIX = 'forgot_password:email:'
        CODE_PREFIX = 'forgot_password:code:'
        LOCK_PREFIX = 'forgot_password:lock:'
        normalized = self._normalize_email(email)
        user = await self._unit_of_work.user_repository.get_user_by_email(normalized)
        if user is None:
            self._logger.info(f'Forgot password start: no user for email hash lookup')
            return True
        trace_id = trace_id_var.get()
        if not trace_id or trace_id == 'N/A':
            trace_id = None
        lock_key = f'{LOCK_PREFIX}{normalized}'
        locked = await self._cache.set_nx(lock_key, '1', ttl=LOCK_TTL)
        if not locked:
            self._logger.info(f'Forgot password throttled by lock (user_id={user.id})')
            raise ApplicationException(429, 'Too many requests. Please wait.')
        try:
            email_key = f'{EMAIL_PREFIX}{normalized}'
            existing = await self._cache.get(email_key)
            if existing:
                self._logger.info(f'Forgot password denied: code already exists for user_id={user.id}')
                raise ApplicationException(429, 'Code already sent. Please wait before retrying.')
            for _ in range(MAX_ATTEMPTS):
                code = f'{secrets.randbelow(1_000_000):06d}'
                code_key = f'{CODE_PREFIX}{code}'
                code_hash = await self._hash_service.hash(code)
                reserved = await self._cache.set_nx(code_key, normalized, ttl=TTL)
                if not reserved:
                    continue
                saved = await self._cache.set(email_key, code_hash, ttl=TTL)
                if not saved:
                    await self._cache.delete(code_key)
                    self._logger.error(f'Forgot password failed: cannot save code hash for user_id={user.id}')
                    raise ApplicationException(503, 'Temporary error. Please try again.')
                message_id = str(ULID())
                now = datetime.now(timezone.utc).isoformat()
                metadata = {
                    'trace_id': trace_id,
                    'source': 'user-service',
                    'timestamp': now,
                    'message_id': message_id,
                }
                payload = {
                    'email': normalized,
                    'code': code,
                    'ttl_seconds': TTL,
                }
                message = {
                    'event': 'forgot_password',
                    'payload': payload,
                    'metadata': metadata,
                }
                self._logger.info(f'Forgot password code created for user_id={user.id}')
                try:
                    await self._messanger.publish_to_queue(
                        queue=settings.RABBIT_EMAIL_CODE_QUEUE,
                        message=message,
                        persist=True,
                        correlation_id=trace_id,
                        message_id=message_id,
                        headers={'trace_id': trace_id} if trace_id else None,
                    )
                except Exception as exception:
                    try:
                        await self._cache.delete(email_key)
                        await self._cache.delete(code_key)
                    except Exception as rollback_err:
                        self._logger.error(
                            f'Publish failed and rollback cache failed for user_id={user.id}: {str(rollback_err)}'
                        )
                    self._logger.error(f'Failed to publish forgot password email for user_id={user.id}: {str(exception)}')
                    raise ApplicationException(503, 'Temporary error. Please try again.')
                return True
            self._logger.error(f'Forgot password failed: code space exhausted for user_id={user.id}')
            raise ApplicationException(503, 'Temporary error. Please try again.')
        finally:
            await self._cache.delete(lock_key)
--- a/src/application/commands/set_avatar.py
+++ b/src/application/commands/set_avatar.py
@@ -25,11 +25,16 @@ class SetAvatarCommand:
    @transactional
    async def _load_user(self, user_id: str) -> UserEntity:
-        return await self._unit_of_work.user_repository.get_user_by_id(user_id)
+        user = await self._unit_of_work.user_repository.get_user_by_id(user_id)
        self._logger.debug(f'Avatar _load_user user_id={user_id} has_avatar_link={bool(user.avatar_link)}')
        return user
    async def __call__(self, user_id: str, image_bytes: bytes) -> tuple[UserEntity, int]:
        prior = await self._load_user(user_id)
        old_link = prior.avatar_link
        self._logger.info(
            f'SetAvatar start user_id={user_id} input_bytes={len(image_bytes)} had_previous_link={bool(old_link)}'
        )
        try:
            webp_bytes = image_bytes_to_webp(image_bytes)
        except UnidentifiedImageError as exc:
@@ -38,6 +43,8 @@ class SetAvatarCommand:
            self._logger.exception(str(exc))
            raise BadRequestException(message='Could not process image') from exc
        self._logger.debug(f'SetAvatar webp_ready bytes={len(webp_bytes)}')
        pid = user_id.replace('/', '').replace('.', '_')
        name_id = str(ULID())
        ts = int(datetime.now(timezone.utc).timestamp() * 1000)
@@ -45,28 +52,49 @@ class SetAvatarCommand:
        fname = f'{name_id}_{pid}_{ts}.webp'
        object_key = f'{prefix}/{fname}' if prefix else fname
        self._logger.info(f'SetAvatar S3 upload start user_id={user_id} key={object_key} webp_bytes={len(webp_bytes)}')
        try:
            url = await self._s3.upload_bytes(key=object_key, body=webp_bytes, content_type='image/webp')
        except ClientError as exc:
            self._logger.exception(str(exc))
            raise ServiceUnavailableException(message='S3 upload failed') from exc
        self._logger.info(f'SetAvatar S3 upload done user_id={user_id} key={object_key} public_url_len={len(url)}')
        user = await self._save_avatar_link(user_id, url)
        self._logger.info(
            f'SetAvatar DB updated user_id={user_id} key={object_key} '
            f'entity_avatar_link_len={len(user.avatar_link or "")}'
        )
        await self._cache.set_user(user_id, user)
        self._logger.debug(f'SetAvatar cache updated user_id={user_id}')
        if old_link:
            old_key = self._s3.object_key_from_public_url(old_link)
-            if old_key and old_key != object_key:
+            if not old_key:
                self._logger.warning(
                    f'SetAvatar could not parse old avatar URL for S3 delete user_id={user_id} '
                    f'old_link_len={len(old_link)}'
                )
            elif old_key == object_key:
                self._logger.debug(f'SetAvatar skip delete same object key user_id={user_id} key={object_key}')
            else:
                self._logger.info(f'SetAvatar S3 delete old object user_id={user_id} old_key={old_key}')
                try:
                    await self._s3.delete_object(key=old_key)
                    self._logger.info(f'SetAvatar S3 old object removed user_id={user_id} old_key={old_key}')
                except ClientError as exc:
                    code = exc.response.get('Error', {}).get('Code', '')
                    if code not in ('NoSuchKey', '404'):
                        self._logger.warning(f'S3 delete old avatar failed user_id={user_id} code={code}: {exc}')
                    else:
                        self._logger.debug(f'SetAvatar old object already gone user_id={user_id} code={code}')
        self._logger.info(f'Avatar set for user_id={user_id} key={object_key}')
        return user, len(webp_bytes)
    @transactional
    async def _save_avatar_link(self, user_id: str, avatar_link: str) -> UserEntity:
        self._logger.debug(f'SetAvatar DB transaction set_avatar_link user_id={user_id} link_len={len(avatar_link)}')
        return await self._unit_of_work.user_repository.set_avatar_link(user_id, avatar_link)
--- a/src/application/domain/password_policy.py
+++ b/src/application/domain/password_policy.py
@@ -0,0 +1,21 @@
 import re
 SPECIAL_CHARS = '!@#$%^&*()_+-=.,:;?/[]{}<>'
 def validate_password_strength(password: str) -> str:
    if re.search(r'\s', password):
        raise ValueError('Password must not contain whitespace')
    if len(password) < 12:
        raise ValueError('Password must be at least 12 characters')
    if not re.search(r'[a-z]', password):
        raise ValueError('Password must contain at least one lowercase letter')
    if not re.search(r'[A-Z]', password):
        raise ValueError('Password must contain at least one uppercase letter')
    if not re.search(r'\d', password):
        raise ValueError('Password must contain at least one digit')
    if not any(c in SPECIAL_CHARS for c in password):
        raise ValueError(
            'Password must contain at least one special character from: !@#$%^&*()_+-=.,:;?/[]{}<>'
        )
    return password
--- a/src/infrastructure/database/repositories/user_repository.py
+++ b/src/infrastructure/database/repositories/user_repository.py
@@ -122,3 +122,21 @@ class UserRepository(IUserRepository):
        except SQLAlchemyError as exception:
            self._logger.exception(str(exception))
            raise InternalException(message=f'Database error: {str(exception)}')
    async def get_user_by_email(self, email: str) -> UserEntity | None:
        try:
            stmt = (
                select(UserModel)
                .where(
                    UserModel.email == email,
                    UserModel.is_deleted.is_(False),
                )
            )
            result = await self._session.execute(stmt)
            user: UserModel | None = result.scalar_one_or_none()
            if user is None:
                return None
            return self._to_entity(user)
        except SQLAlchemyError as exception:
            self._logger.exception(str(exception))
            raise InternalException(message=f'Database error: {str(exception)}')
--- a/src/infrastructure/database/unit_of_work.py
+++ b/src/infrastructure/database/unit_of_work.py
@@ -15,19 +15,23 @@ class UnitOfWork(IUnitOfWork):
        self._logger: ILogger = logger
    async def __aenter__(self):
        self._logger.debug('UnitOfWork enter')
        self._user_repository = None
        self._session_repository = None
        self._session = self.session_factory()
        return self
    async def __aexit__(self, exc_type, exc_val, exc_tb):
        if exc_type:
-            self._logger.error(str(exc_val))
+            self._logger.error(f'UnitOfWork rollback_on_error exc_type={exc_type.__name__} exc_val={exc_val!r}')
            await self._session.rollback()
-            self._logger.error(f'Rollback: str{exc_val})')
+            self._logger.debug(f'UnitOfWork session rollback done exc_type={exc_type.__name__}')
        else:
            await self._session.flush()
            await self._session.commit()
-            self._logger.debug('Commit')
+            self._logger.debug('UnitOfWork commit')
        await self._session.close()
        self._logger.debug('UnitOfWork exit session closed')
    @property
    def user_repository(self) -> IUserRepository:
--- a/src/presentation/dependencies/init.py
+++ b/src/presentation/dependencies/init.py
@@ -9,6 +9,8 @@ from src.presentation.dependencies.commands import (
    get_update_bank_details_complete_command,
    get_change_password_start_command,
    get_change_password_complete_command,
    get_forgot_password_start_command,
    get_forgot_password_complete_command,
    get_change_email_start_command,
    get_change_email_confirm_old_command,
    get_change_email_complete_command,
--- a/src/presentation/dependencies/commands.py
+++ b/src/presentation/dependencies/commands.py
@@ -1,6 +1,6 @@
 from fastapi import Depends
 from src.application.abstractions import IUnitOfWork
-from src.application.commands import GetMeCommand, SetPhoneCommand, SetAvatarCommand, DeleteAvatarCommand, SetEncryptedMnemonicStartCommand, SetEncryptedMnemonicCompleteCommand, UpdateBankDetailsStartCommand, UpdateBankDetailsCompleteCommand, ChangePasswordStartCommand, ChangePasswordCompleteCommand, ChangeEmailStartCommand, ChangeEmailConfirmOldCommand, ChangeEmailCompleteCommand
+from src.application.commands import GetMeCommand, SetPhoneCommand, SetAvatarCommand, DeleteAvatarCommand, SetEncryptedMnemonicStartCommand, SetEncryptedMnemonicCompleteCommand, UpdateBankDetailsStartCommand, UpdateBankDetailsCompleteCommand, ChangePasswordStartCommand, ChangePasswordCompleteCommand, ForgotPasswordStartCommand, ForgotPasswordCompleteCommand, ChangeEmailStartCommand, ChangeEmailConfirmOldCommand, ChangeEmailCompleteCommand
 from src.application.contracts import ILogger, ICache, IQueueMessanger, IHashService, IS3
 from src.presentation.dependencies.cache import get_cache
 from src.presentation.dependencies.logger import get_logger
@@ -104,6 +104,36 @@ def get_change_password_complete_command(
    )
 def get_forgot_password_start_command(
    logger: ILogger = Depends(get_logger),
    unit_of_work: IUnitOfWork = Depends(get_unit_of_work),
    cache: ICache = Depends(get_cache),
    messanger: IQueueMessanger = Depends(get_rabbit),
    hash_service: IHashService = Depends(get_hash_service),
 ) -> ForgotPasswordStartCommand:
    return ForgotPasswordStartCommand(
        logger=logger,
        unit_of_work=unit_of_work,
        cache=cache,
        messanger=messanger,
        hash_service=hash_service,
    )
 def get_forgot_password_complete_command(
    logger: ILogger = Depends(get_logger),
    unit_of_work: IUnitOfWork = Depends(get_unit_of_work),
    cache: ICache = Depends(get_cache),
    hash_service: IHashService = Depends(get_hash_service),
 ) -> ForgotPasswordCompleteCommand:
    return ForgotPasswordCompleteCommand(
        logger=logger,
        unit_of_work=unit_of_work,
        cache=cache,
        hash_service=hash_service,
    )
 def get_change_email_start_command(
    logger: ILogger = Depends(get_logger),
    unit_of_work: IUnitOfWork = Depends(get_unit_of_work),
--- a/src/presentation/routing/account.py
+++ b/src/presentation/routing/account.py
@@ -10,7 +10,6 @@ from src.presentation.dependencies.logger import get_logger
 from src.presentation.decorators import csrf_protect
 from src.presentation.schemas.api_errors import ApiErrorPayload, ApiValidationErrorsPayload
 from src.presentation.schemas.me_public import MeUserPublicResponse
 from src.presentation.serializers import me_user_public
 account_router = APIRouter()
@@ -37,6 +36,10 @@ account_router = APIRouter()
            'description': 'Ошибка проверки CSRF (нет пары cookie/заголовка, несовпадение или просрочен токен).',
            'model': ApiErrorPayload,
        },
        status.HTTP_404_NOT_FOUND: {
            'description': 'Учётная запись не найдена.',
            'model': ApiErrorPayload,
        },
        status.HTTP_422_UNPROCESSABLE_ENTITY: {
            'description': 'Ошибка валидации входных данных (например, заголовков).',
            'model': ApiValidationErrorsPayload,
@@ -52,4 +55,22 @@ async def me(
 ) -> MeUserPublicResponse:
    user = await command(user_id=auth.user_id)
    logger.info(f'Get user: {user.id}')
-    return me_user_public(user)
+    return MeUserPublicResponse(
            id=user.id,
            email=user.email,
            first_name=user.first_name,
            middle_name=user.middle_name,
            last_name=user.last_name,
            birth_date=user.birth_date,
            encrypted_mnemonic=user.encrypted_mnemonic,
            phone=user.phone,
            passport_data=user.passport_data,
            inn=user.inn,
            erc20=user.erc20,
            avatar_link=user.avatar_link,
            kyc_verified=user.kyc_verified,
            is_deleted=user.is_deleted,
            created_at=user.created_at,
            updated_at=user.updated_at,
            kyc_verified_at=user.kyc_verified_at
    )  
--- a/src/presentation/routing/account_settings.py
+++ b/src/presentation/routing/account_settings.py
@@ -1,18 +1,35 @@
 from fastapi import APIRouter, Depends, Request
 from fastapi.responses import ORJSONResponse
 from starlette import status
-from src.application.commands import SetPhoneCommand, SetAvatarCommand, DeleteAvatarCommand
+from src.application.commands import (
    SetPhoneCommand,
    SetAvatarCommand,
    DeleteAvatarCommand,
    ChangePasswordStartCommand,
    ChangePasswordCompleteCommand,
    ForgotPasswordStartCommand,
    ForgotPasswordCompleteCommand,
 )
 from src.application.domain.dto import AuthContext
-from src.presentation.decorators import require_access_token, csrf_protect
+from src.presentation.decorators import require_access_token, csrf_protect, rate_limit, email_rl_key
 from src.presentation.dependencies import (
    get_delete_avatar_command,
    get_set_avatar_command,
    get_set_phone_command,
    get_change_password_start_command,
    get_change_password_complete_command,
    get_forgot_password_start_command,
    get_forgot_password_complete_command,
 )
 from src.presentation.schemas import (
    SetAvatarRequest,
    SetPhoneRequest,
    ChangePasswordConfirmRequest,
    ForgotPasswordStartRequest,
    ForgotPasswordCompleteRequest,
 )
 from src.presentation.schemas import SetAvatarRequest, SetPhoneRequest
 from src.presentation.schemas.api_errors import ApiErrorPayload, ApiValidationErrorsPayload
 from src.presentation.schemas.me_public import MeUserPublicResponse, SetAvatarPublicResponse
 from src.presentation.serializers import me_user_public
 account_settings_router = APIRouter(prefix='/settings')
@@ -46,6 +63,62 @@ _SET_AVATAR_ERROR_RESPONSES: dict[int, dict[str, object]] = {
 }
 _PASSWORD_ERROR_RESPONSES: dict[int, dict[str, object]] = {
    status.HTTP_400_BAD_REQUEST: {
        'description': 'Неверный или просроченный код, пароли не совпадают или совпадают с текущим.',
        'model': ApiErrorPayload,
    },
    status.HTTP_401_UNAUTHORIZED: {
        'description': 'Не передан или неверен access token.',
        'model': ApiErrorPayload,
    },
    status.HTTP_404_NOT_FOUND: {
        'description': 'Учётная запись не найдена или у пользователя нет email.',
        'model': ApiErrorPayload,
    },
    status.HTTP_422_UNPROCESSABLE_ENTITY: {
        'description': 'Тело запроса не соответствует схеме (код, длина пароля).',
        'model': ApiValidationErrorsPayload,
    },
    status.HTTP_429_TOO_MANY_REQUESTS: {
        'description': 'Код уже отправлен или слишком частые запросы.',
        'model': ApiErrorPayload,
    },
    status.HTTP_500_INTERNAL_SERVER_ERROR: {
        'description': 'Внутренняя ошибка сервера.',
        'model': ApiErrorPayload,
    },
    status.HTTP_503_SERVICE_UNAVAILABLE: {
        'description': 'Временная ошибка отправки кода или сохранения в кеш.',
        'model': ApiErrorPayload,
    },
 }
 _FORGOT_PASSWORD_ERROR_RESPONSES: dict[int, dict[str, object]] = {
    status.HTTP_400_BAD_REQUEST: {
        'description': 'Неверный или просроченный код, пароли не совпадают.',
        'model': ApiErrorPayload,
    },
    status.HTTP_422_UNPROCESSABLE_ENTITY: {
        'description': 'Тело запроса не соответствует схеме.',
        'model': ApiValidationErrorsPayload,
    },
    status.HTTP_429_TOO_MANY_REQUESTS: {
        'description': 'Код уже отправлен или слишком частые запросы.',
        'model': ApiErrorPayload,
    },
    status.HTTP_500_INTERNAL_SERVER_ERROR: {
        'description': 'Внутренняя ошибка сервера.',
        'model': ApiErrorPayload,
    },
    status.HTTP_503_SERVICE_UNAVAILABLE: {
        'description': 'Временная ошибка отправки кода или сохранения в кеш.',
        'model': ApiErrorPayload,
    },
 }
 _DELETE_AVATAR_ERROR_RESPONSES: dict[int, dict[str, object]] = {
    status.HTTP_401_UNAUTHORIZED: {
        'description': 'Не передан или неверен access token.',
@@ -101,7 +174,25 @@ async def set_avatar(
    command: SetAvatarCommand = Depends(get_set_avatar_command),
 ) -> SetAvatarPublicResponse:
    user, webp_size = await command(user_id=auth.user_id, image_bytes=body.decoded_bytes)
-    pub = me_user_public(user)
+    pub = MeUserPublicResponse(
            id=user.id,
            email=user.email,
            first_name=user.first_name,
            middle_name=user.middle_name,
            last_name=user.last_name,
            birth_date=user.birth_date,
            encrypted_mnemonic=user.encrypted_mnemonic,
            phone=user.phone,
            passport_data=user.passport_data,
            inn=user.inn,
            erc20=user.erc20,
            avatar_link=user.avatar_link,
            kyc_verified=user.kyc_verified,
            is_deleted=user.is_deleted,
            created_at=user.created_at,
            updated_at=user.updated_at,
            kyc_verified_at=user.kyc_verified_at
    )
    return SetAvatarPublicResponse(**pub.model_dump(), webp_size_bytes=webp_size)
@@ -123,7 +214,118 @@ async def delete_avatar(
    command: DeleteAvatarCommand = Depends(get_delete_avatar_command),
 ) -> MeUserPublicResponse:
    user = await command(user_id=auth.user_id)
-    return me_user_public(user)
+    return MeUserPublicResponse(
            id=user.id,
            email=user.email,
            first_name=user.first_name,
            middle_name=user.middle_name,
            last_name=user.last_name,
            birth_date=user.birth_date,
            encrypted_mnemonic=user.encrypted_mnemonic,
            phone=user.phone,
            passport_data=user.passport_data,
            inn=user.inn,
            erc20=user.erc20,
            avatar_link=user.avatar_link,
            kyc_verified=user.kyc_verified,
            is_deleted=user.is_deleted,
            created_at=user.created_at,
            updated_at=user.updated_at,
            kyc_verified_at=user.kyc_verified_at
    )
@account_settings_router.post(
    path='/password/start',
    response_class=ORJSONResponse,
    status_code=status.HTTP_200_OK,
    summary='Запросить код для смены пароля',
    description='Отправляет шестизначный код на email текущего пользователя. Повторный запрос возможен после истечения TTL.',
    responses=_PASSWORD_ERROR_RESPONSES,
 )
@csrf_protect()
 async def change_password_start(
    request: Request,
    auth: AuthContext = Depends(require_access_token),
    command: ChangePasswordStartCommand = Depends(get_change_password_start_command),
 ):
    result = await command(user_id=auth.user_id)
    return ORJSONResponse(status_code=status.HTTP_200_OK, content={'success': result})
@account_settings_router.post(
    path='/password/complete',
    response_class=ORJSONResponse,
    status_code=status.HTTP_200_OK,
    summary='Подтвердить смену пароля',
    description=(
        'Принимает код из письма, новый пароль и его подтверждение. '
        'Новый пароль должен отличаться от текущего и соответствовать политике сложности (минимум 12 символов).'
    ),
    responses=_PASSWORD_ERROR_RESPONSES,
 )
@csrf_protect()
 async def change_password_complete(
    request: Request,
    body: ChangePasswordConfirmRequest,
    auth: AuthContext = Depends(require_access_token),
    command: ChangePasswordCompleteCommand = Depends(get_change_password_complete_command),
 ):
    result = await command(
        user_id=auth.user_id,
        code=body.code,
        new_password=body.new_password,
        confirm_password=body.confirm_password,
    )
    return ORJSONResponse(status_code=status.HTTP_200_OK, content={'success': result})
@account_settings_router.post(
    path='/password/forgot/start',
    response_class=ORJSONResponse,
    status_code=status.HTTP_200_OK,
    summary='Запросить код для восстановления пароля',
    description=(
        'Принимает email. Если учётная запись существует, отправляет шестизначный код. '
        'Ответ всегда успешный при валидном email (без раскрытия наличия аккаунта).'
    ),
    responses=_FORGOT_PASSWORD_ERROR_RESPONSES,
 )
@rate_limit(limit=5, window_seconds=300, scope='key', key_prefix='rl', key_builder=email_rl_key)
 async def forgot_password_start(
    request: Request,
    body: ForgotPasswordStartRequest,
    command: ForgotPasswordStartCommand = Depends(get_forgot_password_start_command),
 ):
    result = await command(email=body.email)
    return ORJSONResponse(status_code=status.HTTP_200_OK, content={'success': result})
@account_settings_router.post(
    path='/password/forgot/complete',
    response_class=ORJSONResponse,
    status_code=status.HTTP_200_OK,
    summary='Установить новый пароль по коду из письма',
    description=(
        'Принимает email, код из письма, новый пароль и подтверждение. '
        'Пароль: минимум 12 символов, строчная и заглавная буква, цифра, спецсимвол, без пробелов.'
    ),
    responses=_FORGOT_PASSWORD_ERROR_RESPONSES,
 )
@rate_limit(limit=10, window_seconds=300, scope='key', key_prefix='rl', key_builder=email_rl_key)
 async def forgot_password_complete(
    request: Request,
    body: ForgotPasswordCompleteRequest,
    command: ForgotPasswordCompleteCommand = Depends(get_forgot_password_complete_command),
 ):
    result = await command(
        email=body.email,
        code=body.code,
        new_password=body.new_password,
        confirm_password=body.confirm_password,
    )
    return ORJSONResponse(status_code=status.HTTP_200_OK, content={'success': result})
 #
 # @account_settings_router.post(path='/encrypted-mnemonic/start', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
@@ -183,32 +385,6 @@ async def delete_avatar(
 #     return {'success': result}
 #
 #
 # @account_settings_router.post(path='/password/start', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
 # async def change_password_start(
 #     request: Request,
 #     auth: AuthContext = Depends(require_access_token),
 #     command: ChangePasswordStartCommand = Depends(get_change_password_start_command),
 # ):
 #     result = await command(user_id=auth.user_id)
 #     return {'success': result}
 #
 #
 # @account_settings_router.post(path='/password/complete', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
 # async def change_password_complete(
 #     request: Request,
 #     body: ChangePasswordConfirmRequest,
 #     auth: AuthContext = Depends(require_access_token),
 #     command: ChangePasswordCompleteCommand = Depends(get_change_password_complete_command),
 # ):
 #     result = await command(
 #         user_id=auth.user_id,
 #         code=body.code,
 #         new_password=body.new_password,
 #         confirm_password=body.confirm_password,
 #     )
 #     return {'success': result}
 #
 #
 # @account_settings_router.post(path='/bank/start', response_class=ORJSONResponse, status_code=status.HTTP_200_OK)
 # async def bank_details_start(
 #     request: Request,
--- a/src/presentation/schemas/init.py
+++ b/src/presentation/schemas/init.py
@@ -2,5 +2,9 @@ from src.presentation.schemas.avatar import SetAvatarRequest
 from src.presentation.schemas.phone import SetPhoneRequest
 from src.presentation.schemas.bank import BankUpdateRequest, BankConfirmRequest
 from src.presentation.schemas.encrypted_mnemonic import EncryptedMnemonicConfirmRequest
-from src.presentation.schemas.password import ChangePasswordConfirmRequest
+from src.presentation.schemas.password import (
    ChangePasswordConfirmRequest,
    ForgotPasswordStartRequest,
    ForgotPasswordCompleteRequest,
 )
 from src.presentation.schemas.email import ChangeEmailConfirmOldRequest, ChangeEmailCompleteRequest
--- a/src/presentation/schemas/password.py
+++ b/src/presentation/schemas/password.py
@@ -1,6 +1,53 @@
 import re
 from typing import Self
 from pydantic import BaseModel, field_validator, model_validator
 from src.application.domain.password_policy import validate_password_strength
 class ForgotPasswordStartRequest(BaseModel):
    email: str
    @field_validator('email')
    @classmethod
    def validate_email(cls, v: str) -> str:
        v = v.strip().lower()
        if not re.match(r'^[^@\s]+@[^@\s]+\.[^@\s]+$', v):
            raise ValueError('Invalid email address')
        return v
 class ForgotPasswordCompleteRequest(BaseModel):
    email: str
    code: str
    new_password: str
    confirm_password: str
    @field_validator('email')
    @classmethod
    def validate_email(cls, v: str) -> str:
        v = v.strip().lower()
        if not re.match(r'^[^@\s]+@[^@\s]+\.[^@\s]+$', v):
            raise ValueError('Invalid email address')
        return v
    @model_validator(mode='after')
    def passwords_match(self) -> Self:
        if self.new_password != self.confirm_password:
            raise ValueError('Passwords do not match')
        return self
    @field_validator('code')
    @classmethod
    def validate_code(cls, v: str) -> str:
        v = v.strip()
        if not re.match(r'^\d{6}$', v):
            raise ValueError('Code must be exactly 6 digits')
        return v
    @field_validator('new_password')
    @classmethod
    def validate_new_password(cls, v: str) -> str:
        return validate_password_strength(v)
 class ChangePasswordConfirmRequest(BaseModel):
@@ -25,6 +72,4 @@ class ChangePasswordConfirmRequest(BaseModel):
    @field_validator('new_password')
    @classmethod
    def validate_new_password(cls, v: str) -> str:
-        if len(v) < 8:
+        return validate_password_strength(v)
            raise ValueError('Password must be at least 8 characters')
        return v
--- a/src/presentation/serializers/init.py
+++ b/src/presentation/serializers/init.py
@@ -1 +0,0 @@
 from src.presentation.serializers.me_user import me_user_payload, me_user_public
--- a/src/presentation/serializers/me_user.py
+++ b/src/presentation/serializers/me_user.py
@@ -1,13 +0,0 @@
 from __future__ import annotations
 from src.application.domain.entities import UserEntity
 from src.presentation.schemas.me_public import MeUserPublicResponse
 def me_user_public(user: UserEntity) -> MeUserPublicResponse:
    return MeUserPublicResponse.from_user(user)
 def me_user_payload(user: UserEntity) -> dict:
    return me_user_public(user).model_dump(mode='json')
Author	SHA1	Message	Date
dev1lfreak	d794d3f9c6	refactor: add clear cast	2026-05-29 13:34:40 +03:00
dev1lfreak	d2e8eb9e4d	refactor: delete serializers	2026-05-28 20:52:06 +03:00
dev1lfreak	b6ffdd9553	refactor: delete me_user	2026-05-28 13:41:39 +03:00
Noloquideus	41d0fe8aa7	feat: change router	2026-05-19 15:26:50 +03:00
Noloquideus	9c2190737a	feat: add reset password	2026-05-19 15:23:22 +03:00
Noloquideus	bd1faffbb0	feat: add change password event	2026-05-19 08:58:12 +03:00
Noloquideus	f426495d47	feat: upodate uow	2026-05-17 15:36:53 +03:00
Noloquideus	4d3683dc01	feat: upodate uow	2026-05-17 15:34:43 +03:00
		`@@ -1 +0,0 @@`
			`from src.presentation.serializers.me_user import me_user_payload, me_user_public`