from fastapi import HTTPException, status from starlette.requests import Request def require_authenticated_user(request: Request): """Require a logged-in SSO user when SSO is enabled.""" if getattr(request.app.state, 'sso_enabled', False) and not request.session.get('user'): raise HTTPException( status_code=status.HTTP_401_UNAUTHORIZED, detail='Authentication required. Please sign in using SSO.', ) return request.session.get('user')