Auth: Nur noch Magic Link, Code-Verifizierung entfernt

- /api/auth/verify-code Endpoint entfernt
- generate_magic_code() entfernt
- E-Mail: Nur noch Anmelde-Link, kein 6-stelliger Code
- Login-Seite: Zeigt nach E-Mail-Eingabe Hinweis statt Code-Feld
- Magic Link Token-Verifikation via URL bleibt bestehen

src/auth_router.py

@@ -5,7 +5,7 @@ from datetime import datetime, timedelta, timezone
 from fastapi import APIRouter, Depends, HTTPException
 from pydantic import BaseModel, EmailStr
 
-from auth import create_token, generate_magic_token, generate_magic_code, get_current_user
+from auth import create_token, generate_magic_token, get_current_user
 from config import GLOBE_BASE_URL, MAGIC_LINK_EXPIRE_MINUTES
 from database import get_db
 from email_utils import send_magic_link_email
@@ -18,14 +18,9 @@ class LoginRequest(BaseModel):
     email: EmailStr
 
 
-class CodeVerifyRequest(BaseModel):
-    email: EmailStr
-    code: str
-
-
 @router.post("/request-link")
 async def request_magic_link(req: LoginRequest, db=Depends(get_db)):
-    """Sendet Magic Link + Code per E-Mail."""
+    """Sendet Magic Link per E-Mail."""
     email = req.email.lower().strip()
 
     # User pruefen
@@ -41,27 +36,26 @@ async def request_magic_link(req: LoginRequest, db=Depends(get_db)):
     if not user["globe_access"]:
         raise HTTPException(status_code=403, detail="Kein Globe-Zugang. Bitte wenden Sie sich an Ihren Administrator.")
 
-    # Magic Token + Code erzeugen
+    # Magic Token erzeugen
     token = generate_magic_token()
-    code = generate_magic_code()
     expires = datetime.now(timezone.utc) + timedelta(minutes=MAGIC_LINK_EXPIRE_MINUTES)
 
     await db.execute(
         """INSERT INTO magic_links (user_id, email, token, code, expires_at, purpose)
-           VALUES (?, ?, ?, ?, ?, 'globe_login')""",
-        (user["id"], email, token, code, expires.isoformat()),
+           VALUES (?, ?, ?, '', ?, 'globe_login')""",
+        (user["id"], email, token, expires.isoformat()),
     )
     await db.commit()
 
     link = f"{GLOBE_BASE_URL}/api/auth/verify?token={token}"
 
     try:
-        await send_magic_link_email(email, code, link)
+        await send_magic_link_email(email, link)
     except Exception:
         raise HTTPException(status_code=502, detail="E-Mail konnte nicht gesendet werden.")
 
     logger.info(f"Magic Link gesendet an {email}")
-    return {"ok": True, "message": "Zugangscode wurde per E-Mail gesendet."}
+    return {"ok": True, "message": "Anmelde-Link wurde per E-Mail gesendet."}
 
 
 @router.get("/verify")
@@ -101,37 +95,6 @@ async def verify_token(token: str, db=Depends(get_db)):
     """)
 
 
-@router.post("/verify-code")
-async def verify_code(req: CodeVerifyRequest, db=Depends(get_db)):
-    """Verifiziert 6-stelligen Code, gibt JWT zurueck."""
-    email = req.email.lower().strip()
-    cursor = await db.execute(
-        """SELECT ml.id, ml.user_id, ml.expires_at, ml.is_used,
-                  u.username, u.email, u.is_active, u.globe_access, u.role
-           FROM magic_links ml JOIN users u ON ml.user_id = u.id
-           WHERE ml.code = ? AND LOWER(u.email) = ? AND ml.purpose = 'globe_login'
-           ORDER BY ml.created_at DESC LIMIT 1""",
-        (req.code, email),
-    )
-    row = await cursor.fetchone()
-    if not row:
-        raise HTTPException(status_code=400, detail="Ungueltiger Code.")
-    if row["is_used"]:
-        raise HTTPException(status_code=400, detail="Code wurde bereits verwendet.")
-    if datetime.fromisoformat(row["expires_at"]) < datetime.now(timezone.utc):
-        raise HTTPException(status_code=400, detail="Code ist abgelaufen.")
-    if not row["is_active"] or not row["globe_access"]:
-        raise HTTPException(status_code=403, detail="Kein Zugang.")
-
-    await db.execute("UPDATE magic_links SET is_used = 1 WHERE id = ?", (row["id"],))
-    await db.execute("UPDATE users SET last_login_at = ? WHERE id = ?",
-                     (datetime.now(timezone.utc).isoformat(), row["user_id"]))
-    await db.commit()
-
-    jwt_token = create_token(row["user_id"], row["username"], row["email"], row["role"])
-    return {"ok": True, "token": jwt_token}
-
-
 @router.get("/me")
 async def get_me(user: dict = Depends(get_current_user)):
     return {"id": user["id"], "email": user["email"], "username": user["username"]}