From f1842be3bfabe7850d33662da2da377676144c48 Mon Sep 17 00:00:00 2001
From: l3wdfut4pwr <l3wdfut4pwr@gmail.com>
Date: Tue, 21 Apr 2026 13:32:24 +0300
Subject: uv migration

---
 app/routes/auth.py | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'app/routes/auth.py')

diff --git a/app/routes/auth.py b/app/routes/auth.py
index a2de6db..6e0d410 100644
--- a/app/routes/auth.py
+++ b/app/routes/auth.py
@@ -19,9 +19,15 @@ async def login(
 ):
     user = await User.get_user_by_email(form_data.username, session=session)
     if not user:
-        user = await User.get_user_by_username(form_data.username, session=session)
+        user = await User.get_user_by_username(
+            form_data.username, session=session
+        )
 
-    if not user or not verify_password(form_data.password, user.password):
+    if not user or not user.password:
+        logger.warning("Login failed | username/email={}", form_data.username)
+        raise HTTPException(status_code=401, detail="Invalid credentials")
+
+    if not verify_password(form_data.password, user.password):
         logger.warning("Login failed | username/email={}", form_data.username)
         raise HTTPException(status_code=401, detail="Invalid credentials")
 
-- 
cgit v1.3-3-g829e