fix: customer authentication and shop error page styling

## Customer Authentication Fixes - Fix get_current_customer_api to properly decode customer tokens (was using User model) - Add _validate_customer_token() helper for shared customer token validation - Add vendor validation: token.vendor_id must match request URL vendor - Block admin/vendor tokens from shop endpoints (type != "customer") - Update get_current_customer_optional to use proper customer token validation - Customer auth functions now return Customer object (not User) ## Shop Orders API - Update orders.py to receive Customer directly from auth dependency - Remove broken get_customer_from_user() helper - Use VendorNotFoundException instead of HTTPException ## Shop Error Pages - Fix all error templates (400, 401, 403, 404, 422, 429, 500, 502, generic) - Templates were using undefined CSS classes (.btn, .status-code, etc.) - Now properly extend base.html and override specific blocks - Use Tailwind utility classes for consistent styling ## Documentation - Update docs/api/authentication.md with new Customer return types - Document vendor validation security features - Update docs/api/authentication-quick-reference.md examples 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-12-04 22:48:02 +01:00
parent 8a367077e1
commit cbfbbb4654
13 changed files with 302 additions and 394 deletions
--- a/app/templates/shop/errors/400.html
+++ b/app/templates/shop/errors/400.html
@@ -1,33 +1,22 @@
+{# app/templates/shop/errors/400.html #}
+{# 400 Bad Request error page #}
 {% extends "shop/errors/base.html" %}

 {% block icon %}❌{% endblock %}

 {% block title %}400 - Invalid Request{% endblock %}

-{% block content %}
-{% if vendor and theme and theme.branding and theme.branding.logo %}
-<img src="{{ theme.branding.logo }}" alt="{{ vendor.name }}" class="vendor-logo">
-{% endif %}
+{% block action_buttons %}
+<a href="javascript:history.back()"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-white bg-theme-primary hover:opacity-90 hover:-translate-y-0.5 transition-all shadow-lg">
+    Go Back
+</a>
+<a href="{{ base_url }}shop/"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-theme-primary border-2 border-theme-primary hover:bg-theme-primary hover:text-white hover:-translate-y-0.5 transition-all">
+    Go to Home
+</a>
+{% endblock %}

-<div class="error-icon">❌</div>
-<div class="status-code">400</div>
-<div class="status-name">Invalid Request</div>
-<div class="error-message">
-    The request couldn't be processed. This might be due to invalid information or a technical issue.
-</div>
-
-<div class="action-buttons">
-    <a href="javascript:history.back()" class="btn btn-primary">Go Back</a>
-    <a href="{{ base_url }}shop/" class="btn btn-secondary">Go to Home</a>
-</div>
-
-<div class="support-link">
-    Need help? <a href="{{ base_url }}shop/contact">Contact us</a>
-</div>
-
-{% if vendor %}
-<div class="vendor-info">
-    {{ vendor.name }}
-</div>
-{% endif %}
-{% endblock %}
+{% block support_link %}
+Need help? <a href="{{ base_url }}shop/contact" class="text-theme-primary font-semibold hover:underline">Contact us</a>
+{% endblock %}
--- a/app/templates/shop/errors/401.html
+++ b/app/templates/shop/errors/401.html
@@ -1,33 +1,22 @@
+{# app/templates/shop/errors/401.html #}
+{# 401 Unauthorized error page - prompts login #}
 {% extends "shop/errors/base.html" %}

 {% block icon %}🔐{% endblock %}

 {% block title %}401 - Authentication Required{% endblock %}

-{% block content %}
-{% if vendor and theme and theme.branding and theme.branding.logo %}
-<img src="{{ theme.branding.logo }}" alt="{{ vendor.name }}" class="vendor-logo">
-{% endif %}
+{% block action_buttons %}
+<a href="{{ base_url }}shop/account/login"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-white bg-theme-primary hover:opacity-90 hover:-translate-y-0.5 transition-all shadow-lg">
+    Log In
+</a>
+<a href="{{ base_url }}shop/account/register"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-theme-primary border-2 border-theme-primary hover:bg-theme-primary hover:text-white hover:-translate-y-0.5 transition-all">
+    Create Account
+</a>
+{% endblock %}

-<div class="error-icon">🔐</div>
-<div class="status-code">401</div>
-<div class="status-name">Please Log In</div>
-<div class="error-message">
-    You need to be logged in to access this page. Please sign in to continue shopping.
-</div>
-
-<div class="action-buttons">
-    <a href="{{ base_url }}shop/account/login" class="btn btn-primary">Log In</a>
-    <a href="{{ base_url }}shop/account/register" class="btn btn-secondary">Create Account</a>
-</div>
-
-<div class="support-link">
-    Don't have an account? <a href="{{ base_url }}shop/account/register">Sign up now</a>
-</div>
-
-{% if vendor %}
-<div class="vendor-info">
-    {{ vendor.name }}
-</div>
-{% endif %}
-{% endblock %}
+{% block support_link %}
+Don't have an account? <a href="{{ base_url }}shop/account/register" class="text-theme-primary font-semibold hover:underline">Sign up now</a>
+{% endblock %}
--- a/app/templates/shop/errors/403.html
+++ b/app/templates/shop/errors/403.html
@@ -1,33 +1,22 @@
+{# app/templates/shop/errors/403.html #}
+{# 403 Forbidden error page - access restricted #}
 {% extends "shop/errors/base.html" %}

 {% block icon %}🔒{% endblock %}

 {% block title %}403 - Access Restricted{% endblock %}

-{% block content %}
-{% if vendor and theme and theme.branding and theme.branding.logo %}
-<img src="{{ theme.branding.logo }}" alt="{{ vendor.name }}" class="vendor-logo">
-{% endif %}
+{% block action_buttons %}
+<a href="{{ base_url }}shop/account/login"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-white bg-theme-primary hover:opacity-90 hover:-translate-y-0.5 transition-all shadow-lg">
+    Log In
+</a>
+<a href="{{ base_url }}shop/"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-theme-primary border-2 border-theme-primary hover:bg-theme-primary hover:text-white hover:-translate-y-0.5 transition-all">
+    Go to Home
+</a>
+{% endblock %}

-<div class="error-icon">🔒</div>
-<div class="status-code">403</div>
-<div class="status-name">Access Restricted</div>
-<div class="error-message">
-    This page requires authentication or special permissions to access. Please log in to continue.
-</div>
-
-<div class="action-buttons">
-    <a href="{{ base_url }}shop/account/login" class="btn btn-primary">Log In</a>
-    <a href="{{ base_url }}shop/" class="btn btn-secondary">Go to Home</a>
-</div>
-
-<div class="support-link">
-    Need help accessing your account? <a href="{{ base_url }}shop/contact">Contact support</a>
-</div>
-
-{% if vendor %}
-<div class="vendor-info">
-    {{ vendor.name }}
-</div>
-{% endif %}
-{% endblock %}
+{% block support_link %}
+Need help accessing your account? <a href="{{ base_url }}shop/contact" class="text-theme-primary font-semibold hover:underline">Contact support</a>
+{% endblock %}
--- a/app/templates/shop/errors/404.html
+++ b/app/templates/shop/errors/404.html
@@ -1,33 +1,22 @@
+{# app/templates/shop/errors/404.html #}
+{# 404 Not Found error page - uses base template with custom icon and message #}
 {% extends "shop/errors/base.html" %}

 {% block icon %}🔍{% endblock %}

 {% block title %}404 - Page Not Found{% endblock %}

-{% block content %}
-{% if vendor and theme and theme.branding and theme.branding.logo %}
-<img src="{{ theme.branding.logo }}" alt="{{ vendor.name }}" class="vendor-logo">
-{% endif %}
+{% block action_buttons %}
+<a href="{{ base_url }}shop/"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-white bg-theme-primary hover:opacity-90 hover:-translate-y-0.5 transition-all shadow-lg">
+    Continue Shopping
+</a>
+<a href="{{ base_url }}shop/products"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-theme-primary border-2 border-theme-primary hover:bg-theme-primary hover:text-white hover:-translate-y-0.5 transition-all">
+    View All Products
+</a>
+{% endblock %}

-<div class="error-icon">🔍</div>
-<div class="status-code">404</div>
-<div class="status-name">Page Not Found</div>
-<div class="error-message">
-    Sorry, we couldn't find the page you're looking for. The product or page may have been moved or is no longer available.
-</div>
-
-<div class="action-buttons">
-    <a href="{{ base_url }}shop/" class="btn btn-primary">Continue Shopping</a>
-    <a href="{{ base_url }}shop/products" class="btn btn-secondary">View All Products</a>
-</div>
-
-<div class="support-link">
-    Can't find what you're looking for? <a href="{{ base_url }}shop/contact">Contact us</a> and we'll help you find it.
-</div>
-
-{% if vendor %}
-<div class="vendor-info">
-    {{ vendor.name }}
-</div>
-{% endif %}
+{% block support_link %}
+Can't find what you're looking for? <a href="{{ base_url }}shop/contact" class="text-theme-primary font-semibold hover:underline">Contact us</a> and we'll help you find it.
 {% endblock %}
--- a/app/templates/shop/errors/422.html
+++ b/app/templates/shop/errors/422.html
@@ -1,46 +1,35 @@
+{# app/templates/shop/errors/422.html #}
+{# 422 Unprocessable Entity error page - validation errors #}
 {% extends "shop/errors/base.html" %}

 {% block icon %}📝{% endblock %}

 {% block title %}422 - Invalid Information{% endblock %}

-{% block content %}
-{% if vendor and theme and theme.branding and theme.branding.logo %}
-<img src="{{ theme.branding.logo }}" alt="{{ vendor.name }}" class="vendor-logo">
-{% endif %}
-
-<div class="error-icon">📝</div>
-<div class="status-code">422</div>
-<div class="status-name">Please Check Your Information</div>
-<div class="error-message">
-    Some of the information you provided isn't valid. Please review the form and try again.
-</div>
-
+{% block extra_content %}
 {% if details and details.validation_errors %}
-<div style="margin: 2rem auto; max-width: 400px; text-align: left; background: #fef2f2; padding: 1.5rem; border-radius: 0.75rem; border-left: 4px solid var(--color-primary);">
-    <h3 style="color: var(--color-text); font-size: 0.875rem; margin-bottom: 0.75rem; font-weight: 600;">Please correct:</h3>
-    <ul style="list-style: none; padding: 0; margin: 0;">
+<div class="my-8 mx-auto max-w-md text-left bg-red-50 p-6 rounded-xl border-l-4 border-theme-primary">
+    <h3 class="text-gray-700 text-sm mb-3 font-semibold">Please correct:</h3>
+    <ul class="list-none p-0 m-0">
    {% for error in details.validation_errors %}
-        <li style="margin-bottom: 0.5rem; color: #7f1d1d; font-size: 0.875rem;">
-            • {{ error.msg }}
-        </li>
+        <li class="mb-2 text-red-800 text-sm">• {{ error.msg }}</li>
    {% endfor %}
    </ul>
 </div>
 {% endif %}
+{% endblock %}

-<div class="action-buttons">
-    <a href="javascript:history.back()" class="btn btn-primary">Go Back and Fix</a>
-    <a href="{{ base_url }}shop/" class="btn btn-secondary">Go to Home</a>
-</div>
+{% block action_buttons %}
+<a href="javascript:history.back()"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-white bg-theme-primary hover:opacity-90 hover:-translate-y-0.5 transition-all shadow-lg">
+    Go Back and Fix
+</a>
+<a href="{{ base_url }}shop/"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-theme-primary border-2 border-theme-primary hover:bg-theme-primary hover:text-white hover:-translate-y-0.5 transition-all">
+    Go to Home
+</a>
+{% endblock %}

-<div class="support-link">
-    Having trouble? <a href="{{ base_url }}shop/contact">We're here to help</a>
-</div>
-
-{% if vendor %}
-<div class="vendor-info">
-    {{ vendor.name }}
-</div>
-{% endif %}
-{% endblock %}
+{% block support_link %}
+Having trouble? <a href="{{ base_url }}shop/contact" class="text-theme-primary font-semibold hover:underline">We're here to help</a>
+{% endblock %}
--- a/app/templates/shop/errors/429.html
+++ b/app/templates/shop/errors/429.html
@@ -1,41 +1,32 @@
+{# app/templates/shop/errors/429.html #}
+{# 429 Too Many Requests error page - rate limiting #}
 {% extends "shop/errors/base.html" %}

 {% block icon %}⏱️{% endblock %}

 {% block title %}429 - Please Slow Down{% endblock %}

-{% block content %}
-{% if vendor and theme and theme.branding and theme.branding.logo %}
-<img src="{{ theme.branding.logo }}" alt="{{ vendor.name }}" class="vendor-logo">
-{% endif %}
-
-<div class="error-icon">⏱️</div>
-<div class="status-code">429</div>
-<div class="status-name">Please Slow Down</div>
-<div class="error-message">
-    You're browsing a bit too fast! Please wait a moment before continuing.
-</div>
-
+{% block extra_content %}
 {% if details and details.retry_after %}
-<div style="margin: 1.5rem 0; padding: 1rem; background: #fef3c7; border-radius: 0.75rem;">
-    <p style="color: #92400e; font-weight: 600;">
+<div class="my-6 p-4 bg-amber-50 rounded-xl">
+    <p class="text-amber-800 font-semibold">
        Please wait {{ details.retry_after }} seconds
    </p>
 </div>
 {% endif %}
+{% endblock %}

-<div class="action-buttons">
-    <a href="javascript:location.reload()" class="btn btn-primary">Try Again</a>
-    <a href="{{ base_url }}shop/" class="btn btn-secondary">Go to Home</a>
-</div>
+{% block action_buttons %}
+<a href="javascript:location.reload()"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-white bg-theme-primary hover:opacity-90 hover:-translate-y-0.5 transition-all shadow-lg">
+    Try Again
+</a>
+<a href="{{ base_url }}shop/"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-theme-primary border-2 border-theme-primary hover:bg-theme-primary hover:text-white hover:-translate-y-0.5 transition-all">
+    Go to Home
+</a>
+{% endblock %}

-<div class="support-link">
-    Questions? <a href="{{ base_url }}shop/contact">Contact us</a>
-</div>
-
-{% if vendor %}
-<div class="vendor-info">
-    {{ vendor.name }}
-</div>
-{% endif %}
-{% endblock %}
+{% block support_link %}
+Questions? <a href="{{ base_url }}shop/contact" class="text-theme-primary font-semibold hover:underline">Contact us</a>
+{% endblock %}
--- a/app/templates/shop/errors/500.html
+++ b/app/templates/shop/errors/500.html
@@ -1,33 +1,22 @@
+{# app/templates/shop/errors/500.html #}
+{# 500 Internal Server Error page #}
 {% extends "shop/errors/base.html" %}

 {% block icon %}😔{% endblock %}

 {% block title %}500 - Something Went Wrong{% endblock %}

-{% block content %}
-{% if vendor and theme and theme.branding and theme.branding.logo %}
-<img src="{{ theme.branding.logo }}" alt="{{ vendor.name }}" class="vendor-logo">
-{% endif %}
+{% block action_buttons %}
+<a href="{{ base_url }}shop/"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-white bg-theme-primary hover:opacity-90 hover:-translate-y-0.5 transition-all shadow-lg">
+    Go to Home
+</a>
+<a href="javascript:location.reload()"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-theme-primary border-2 border-theme-primary hover:bg-theme-primary hover:text-white hover:-translate-y-0.5 transition-all">
+    Try Again
+</a>
+{% endblock %}

-<div class="error-icon">😔</div>
-<div class="status-code">500</div>
-<div class="status-name">Oops! Something Went Wrong</div>
-<div class="error-message">
-    We're experiencing technical difficulties. Our team has been notified and is working to fix the issue. Please try again in a few moments.
-</div>
-
-<div class="action-buttons">
-    <a href="{{ base_url }}shop/" class="btn btn-primary">Go to Home</a>
-    <a href="javascript:location.reload()" class="btn btn-secondary">Try Again</a>
-</div>
-
-<div class="support-link">
-    Issue persisting? <a href="{{ base_url }}shop/contact">Let us know</a> and we'll help you out.
-</div>
-
-{% if vendor %}
-<div class="vendor-info">
-    {{ vendor.name }}
-</div>
-{% endif %}
-{% endblock %}
+{% block support_link %}
+Issue persisting? <a href="{{ base_url }}shop/contact" class="text-theme-primary font-semibold hover:underline">Let us know</a> and we'll help you out.
+{% endblock %}
--- a/app/templates/shop/errors/502.html
+++ b/app/templates/shop/errors/502.html
@@ -1,33 +1,22 @@
+{# app/templates/shop/errors/502.html #}
+{# 502 Bad Gateway error page - upstream service unavailable #}
 {% extends "shop/errors/base.html" %}

 {% block icon %}🔧{% endblock %}

 {% block title %}502 - Service Temporarily Unavailable{% endblock %}

-{% block content %}
-{% if vendor and theme and theme.branding and theme.branding.logo %}
-<img src="{{ theme.branding.logo }}" alt="{{ vendor.name }}" class="vendor-logo">
-{% endif %}
+{% block action_buttons %}
+<a href="javascript:location.reload()"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-white bg-theme-primary hover:opacity-90 hover:-translate-y-0.5 transition-all shadow-lg">
+    Try Again
+</a>
+<a href="{{ base_url }}shop/"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-theme-primary border-2 border-theme-primary hover:bg-theme-primary hover:text-white hover:-translate-y-0.5 transition-all">
+    Go to Home
+</a>
+{% endblock %}

-<div class="error-icon">🔧</div>
-<div class="status-code">502</div>
-<div class="status-name">Temporarily Unavailable</div>
-<div class="error-message">
-    We're having trouble connecting to our systems. This is usually temporary. Please try again in a few moments.
-</div>
-
-<div class="action-buttons">
-    <a href="javascript:location.reload()" class="btn btn-primary">Try Again</a>
-    <a href="{{ base_url }}shop/" class="btn btn-secondary">Go to Home</a>
-</div>
-
-<div class="support-link">
-    If this continues, <a href="{{ base_url }}shop/contact">let us know</a>
-</div>
-
-{% if vendor %}
-<div class="vendor-info">
-    {{ vendor.name }}
-</div>
-{% endif %}
-{% endblock %}
+{% block support_link %}
+If this continues, <a href="{{ base_url }}shop/contact" class="text-theme-primary font-semibold hover:underline">let us know</a>
+{% endblock %}
--- a/app/templates/shop/errors/generic.html
+++ b/app/templates/shop/errors/generic.html
@@ -1,31 +1,22 @@
+{# app/templates/shop/errors/generic.html #}
+{# Generic error page - fallback for any error code #}
 {% extends "shop/errors/base.html" %}

 {% block icon %}⚠️{% endblock %}

 {% block title %}{{ status_code }} - {{ status_name }}{% endblock %}

-{% block content %}
-{% if vendor and theme and theme.branding and theme.branding.logo %}
-<img src="{{ theme.branding.logo }}" alt="{{ vendor.name }}" class="vendor-logo">
-{% endif %}
+{% block action_buttons %}
+<a href="{{ base_url }}shop/"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-white bg-theme-primary hover:opacity-90 hover:-translate-y-0.5 transition-all shadow-lg">
+    Continue Shopping
+</a>
+<a href="javascript:history.back()"
+   class="inline-flex items-center px-8 py-4 rounded-xl font-semibold text-theme-primary border-2 border-theme-primary hover:bg-theme-primary hover:text-white hover:-translate-y-0.5 transition-all">
+    Go Back
+</a>
+{% endblock %}

-<div class="error-icon">⚠️</div>
-<div class="status-code">{{ status_code }}</div>
-<div class="status-name">{{ status_name }}</div>
-<div class="error-message">{{ message }}</div>
-
-<div class="action-buttons">
-    <a href="{{ base_url }}shop/" class="btn btn-primary">Continue Shopping</a>
-    <a href="javascript:history.back()" class="btn btn-secondary">Go Back</a>
-</div>
-
-<div class="support-link">
-    Need assistance? <a href="{{ base_url }}shop/contact">Contact us</a>
-</div>
-
-{% if vendor %}
-<div class="vendor-info">
-    {{ vendor.name }}
-</div>
-{% endif %}
-{% endblock %}
+{% block support_link %}
+Need assistance? <a href="{{ base_url }}shop/contact" class="text-theme-primary font-semibold hover:underline">Contact us</a>
+{% endblock %}