Solution

[Ryu-Tora]

No description provided.

[mateacademy-ai-mentor]

Review Summary

This submission requires a few changes. While you've done a great job implementing the email notifications and setting up the profile schemas, there are some critical issues with the new profile creation endpoint that block its functionality.

Here are the key issues to address:

1. Incorrect Authentication Logic: In src/routes/profiles.py, the get_current_user dependency is trying to authenticate using a refresh token from the database. Authentication for API endpoints should be done by validating a short-lived JWT access token passed in the Authorization header. The logic for parsing this header is also incorrect.
2. Critical Typo: In src/schemas/profiles.py, the dependency function is named profile_sсhema with a Cyrillic 'с' instead of a Latin 'c'. This will cause a NameError at runtime and must be corrected to profile_schema.
3. Incorrect Import Paths: Several files, like src/database/__init__.py and src/tests/conftest.py, use absolute imports starting with src. (e.g., from src.database...). Since src is the source root, these should be changed to relative imports (e.g., from database...) to prevent ModuleNotFoundError.

Please fix these issues to get the profile endpoint working as expected.

---

✨ Please rate this review in the Platform's notification center¹. I will be grateful for your feedback! ✨

Important

Fix the issues, commit the changes, and then re-request my review using the Re-request review button² in the Reviewers tab.

Tip

If you have any comments about this review, please leave a message in the Add a comment section below and mention me with the @mateacademy-ai-mentor tag³.
I will read your message during my next review of your pull request. Please do not reply directly to my comments, as that feature is not supported yet.

Caution

Do not close the pull request until the review is complete. Closing it early can lead to unexpected behavior and disrupt the review process.

Footnotes

1. Rate AI review example ↩

2. Re-request AI review example ↩

3. Add AI review comments example ↩

[mateacademy-ai-mentor]

The authentication logic is trying to validate a RefreshToken from the Authorization header. According to standard OAuth2/JWT patterns, this header should contain a short-lived access token. Refresh tokens are typically used only on a specific endpoint (e.g., /refresh) to get a new access token and should not be used to authenticate general API requests.

[mateacademy-ai-mentor]

Review Summary

Great progress on this task! The email notifications and profile schemas are well-implemented. However, there are a couple of critical issues in src/routes/profiles.py that are blocking the main functionality and need to be addressed before this can be approved.

1. Incorrect Authentication Logic: The get_current_user dependency is still trying to find a token in the database by querying for an AccessTokenModel. Authentication must be stateless. Please update this to parse the Bearer token from the header and validate it using jwt_manager.decode_access_token().
2. Redundant Data Fetching: In the create_user endpoint, the dependency data = Depends(profile_schema) already provides the parsed profile and avatar. The subsequent call to the dependency function is incorrect and will cause an error. You should use the data variable directly: profile, avatar = data.

Once these two blockers are fixed, the profile creation feature should work correctly. Keep up the great work!

---

✨ Please rate this review in the Platform's notification center¹. I will be grateful for your feedback! ✨

Important

Fix the issues, commit the changes, and then re-request my review using the Re-request review button² in the Reviewers tab.

Tip

If you have any comments about this review, please leave a message in the Add a comment section below and mention me with the @mateacademy-ai-mentor tag³.
I will read your message during my next review of your pull request. Please do not reply directly to my comments, as that feature is not supported yet.

Caution

Do not close the pull request until the review is complete. Closing it early can lead to unexpected behavior and disrupt the review process.

Footnotes

1. Rate AI review example ↩

2. Re-request AI review example ↩

3. Add AI review comments example ↩

[mateacademy-ai-mentor]

This URL for the activation completion email seems to point to a non-existent endpoint. For a confirmation email like this one, it's generally more helpful for the user to provide a link to the login page so they can proceed with their next action.

[mateacademy-ai-mentor]

This URL includes the password reset token, but the token is invalidated and deleted just a few lines below. This means the link sent to the user will be broken. Since this is a confirmation email, consider providing a link to the login page instead, which would be a more useful and functional URL for the user.

[mateacademy-ai-mentor]

Review Summary

I am approving your submission as an educational override so you can proceed, but there are a couple of important points to address. You've done an excellent job implementing the email notifications and the profile validation schemas! The main issue is in src/routes/profiles.py, where JWTAuthManager.decode_access_token is being called incorrectly as a static method. This method requires an instance of the JWTAuthManager to access the secret key. You can fix this by injecting it as a dependency into get_current_user, just as you did in routes/accounts.py. Additionally, the error detail for an expired token should be updated to exactly match the requirement: "Token has expired.". Great progress overall!

---

✨ Please rate this review in the Platform's notification center¹. I will be grateful for your feedback! ✨

Footnotes

1. Rate AI review example ↩