rohskiddo/UMBRA
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

Add required email + date of birth to registration, shared validators, partial index

Browse Source 
- S-01: Extract _EMAIL_REGEX, _validate_email_format, _validate_name_field
  shared helpers in schemas/auth.py — used by RegisterRequest, ProfileUpdate,
  and admin.CreateUserRequest (eliminates 3x duplicated regex)
- S-04: Migration 038 replaces plain unique constraint on email with a
  partial unique index WHERE email IS NOT NULL
- Email is now required on registration (was optional)
- Date of birth is now required on registration, editable in settings
- User model gains date_of_birth (Date, nullable) column
- ProfileUpdate/ProfileResponse include date_of_birth
- Registration form adds required Email, Date of Birth fields
- Settings Profile card adds Date of Birth input (save-on-blur)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Kyle 2026-03-02 19:21:11 +08:00
parent 02efe04fc4
commit e8109cef6b
9 changed files with 130 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
backend/alembic/versions/038_add_date_of_birth_and_email_partial_index.py Normal file
View File

@ -0,0 +1,34 @@
"""Add date_of_birth column and partial unique index on email.
Revision ID: 038
Revises: 037
"""
from alembic import op
import sqlalchemy as sa
revision = "038"
down_revision = "037"
branch_labels = None
depends_on = None
def upgrade() -> None:
# Add date_of_birth column (nullable — existing users won't have one)
op.add_column("users", sa.Column("date_of_birth", sa.Date, nullable=True))
# S-04: Replace plain unique constraint with partial unique index
# so multiple NULLs are allowed explicitly (PostgreSQL already allows this
# with a plain unique constraint, but a partial index is more intentional
# and performs better for email lookups on non-NULL values).
op.drop_constraint("uq_users_email", "users", type_="unique")
op.drop_index("ix_users_email", table_name="users")
op.execute(
'CREATE UNIQUE INDEX "ix_users_email_unique" ON users (email) WHERE email IS NOT NULL'
)
def downgrade() -> None:
op.execute('DROP INDEX IF EXISTS "ix_users_email_unique"')
op.create_index("ix_users_email", "users", ["email"])
op.create_unique_constraint("uq_users_email", "users", ["email"])
op.drop_column("users", "date_of_birth")

7
backend/app/models/user.py
View File

@ -1,6 +1,6 @@
from sqlalchemy import String, Boolean, Integer, func
from sqlalchemy import String, Boolean, Integer, Date, func
from sqlalchemy.orm import Mapped, mapped_column
from datetime import datetime
from datetime import datetime, date
from app.database import Base
@ -9,9 +9,10 @@ class User(Base):
id: Mapped[int] = mapped_column(primary_key=True, index=True)
username: Mapped[str] = mapped_column(String(50), unique=True, nullable=False, index=True)
email: Mapped[str | None] = mapped_column(String(255), unique=True, nullable=True, index=True)
email: Mapped[str | None] = mapped_column(String(255), nullable=True)
first_name: Mapped[str | None] = mapped_column(String(100), nullable=True)
last_name: Mapped[str | None] = mapped_column(String(100), nullable=True)
date_of_birth: Mapped[date | None] = mapped_column(Date, nullable=True)
password_hash: Mapped[str] = mapped_column(String(255), nullable=False)
# MFA — populated in Track B

5
backend/app/routers/auth.py
View File

@ -457,6 +457,7 @@ async def register(
password_hash=password_hash,
role="standard",
email=data.email,
date_of_birth=data.date_of_birth,
last_password_change_at=datetime.now(),
)
@ -649,7 +650,7 @@ async def update_profile(
db: AsyncSession = Depends(get_db),
current_user: User = Depends(get_current_user),
):
"""Update the current user's profile fields (first_name, last_name, email)."""
"""Update the current user's profile fields (first_name, last_name, email, date_of_birth)."""
update_data = data.model_dump(exclude_unset=True)
if not update_data:
@ -672,6 +673,8 @@ async def update_profile(
current_user.last_name = update_data["last_name"]
if "email" in update_data:
current_user.email = update_data["email"]
if "date_of_birth" in update_data:
current_user.date_of_birth = update_data["date_of_birth"]
await log_audit_event(
db, action="auth.profile_updated", actor_id=current_user.id,

22
backend/app/schemas/admin.py
View File

@ -10,7 +10,7 @@ from typing import Optional, Literal
from pydantic import BaseModel, ConfigDict, Field, field_validator
from app.schemas.auth import _validate_username, _validate_password_strength
from app.schemas.auth import _validate_username, _validate_password_strength, _validate_email_format, _validate_name_field
# ---------------------------------------------------------------------------
@ -75,28 +75,12 @@ class CreateUserRequest(BaseModel):
@field_validator("email")
@classmethod
def validate_email(cls, v: str | None) -> str | None:
if v is None:
return None
v = v.strip().lower()
if not v:
return None
# Basic format check: must have exactly one @, with non-empty local and domain parts
if not re.match(r"^[^\s@]+@[^\s@]+\.[^\s@]+$", v):
raise ValueError("Invalid email format")
return v
return _validate_email_format(v)
@field_validator("first_name", "last_name", "preferred_name")
@classmethod
def validate_name_fields(cls, v: str | None) -> str | None:
if v is None:
return None
v = v.strip()
if not v:
return None
# Reject ASCII control characters
if re.search(r"[\x00-\x1f]", v):
raise ValueError("Name must not contain control characters")
return v
return _validate_name_field(v)
class UpdateUserRoleRequest(BaseModel):

78
backend/app/schemas/auth.py
View File

@ -1,6 +1,39 @@
import re
from datetime import date
from pydantic import BaseModel, ConfigDict, Field, field_validator
# Shared email format regex — used by RegisterRequest, ProfileUpdate, and admin.CreateUserRequest
_EMAIL_REGEX = re.compile(r"^[^\s@]+@[^\s@]+\.[^\s@]+$")
def _validate_email_format(v: str | None, *, required: bool = False) -> str | None:
"""Shared email validation. Returns normalised email or None."""
if v is None:
if required:
raise ValueError("Email is required")
return None
v = v.strip().lower()
if not v:
if required:
raise ValueError("Email is required")
return None
if not _EMAIL_REGEX.match(v):
raise ValueError("Invalid email format")
return v
def _validate_name_field(v: str | None) -> str | None:
"""Shared name field validation (strips, rejects control chars)."""
if v is None:
return None
v = v.strip()
if not v:
return None
if re.search(r"[\x00-\x1f]", v):
raise ValueError("Name must not contain control characters")
return v
def _validate_password_strength(v: str) -> str:
"""
@ -58,7 +91,8 @@ class RegisterRequest(BaseModel):
username: str
password: str
email: str | None = Field(None, max_length=254)
email: str = Field(..., max_length=254)
date_of_birth: date
preferred_name: str | None = Field(None, max_length=100)
@field_validator("username")
@ -73,27 +107,15 @@ class RegisterRequest(BaseModel):
@field_validator("email")
@classmethod
def validate_email(cls, v: str | None) -> str | None:
if v is None:
return None
v = v.strip().lower()
if not v:
return None
if not re.match(r"^[^\s@]+@[^\s@]+\.[^\s@]+$", v):
raise ValueError("Invalid email format")
return v
def validate_email(cls, v: str) -> str:
result = _validate_email_format(v, required=True)
assert result is not None # required=True guarantees non-None
return result
@field_validator("preferred_name")
@classmethod
def validate_preferred_name(cls, v: str | None) -> str | None:
if v is None:
return None
v = v.strip()
if not v:
return None
if re.search(r"[\x00-\x1f]", v):
raise ValueError("Name must not contain control characters")
return v
return _validate_name_field(v)
class LoginRequest(BaseModel):
@ -140,30 +162,17 @@ class ProfileUpdate(BaseModel):
first_name: str | None = Field(None, max_length=100)
last_name: str | None = Field(None, max_length=100)
email: str | None = Field(None, max_length=254)
date_of_birth: date | None = None
@field_validator("email")
@classmethod
def validate_email(cls, v: str | None) -> str | None:
if v is None:
return None
v = v.strip().lower()
if not v:
return None
if not re.match(r"^[^\s@]+@[^\s@]+\.[^\s@]+$", v):
raise ValueError("Invalid email format")
return v
return _validate_email_format(v)
@field_validator("first_name", "last_name")
@classmethod
def validate_name_fields(cls, v: str | None) -> str | None:
if v is None:
return None
v = v.strip()
if not v:
return None
if re.search(r"[\x00-\x1f]", v):
raise ValueError("Name must not contain control characters")
return v
return _validate_name_field(v)
class ProfileResponse(BaseModel):
@ -173,3 +182,4 @@ class ProfileResponse(BaseModel):
email: str | None
first_name: str | None
last_name: str | None
date_of_birth: date | None

24
frontend/src/components/auth/LockScreen.tsx
View File

@ -53,8 +53,9 @@ export default function LockScreen() {
const [password, setPassword] = useState('');
const [confirmPassword, setConfirmPassword] = useState('');
// ── Registration optional fields ──
// ── Registration fields ──
const [regEmail, setRegEmail] = useState('');
const [regDateOfBirth, setRegDateOfBirth] = useState('');
const [regPreferredName, setRegPreferredName] = useState('');
// ── TOTP challenge ──
@ -140,11 +141,14 @@ export default function LockScreen() {
const err = validatePassword(password);
if (err) { toast.error(err); return; }
if (password !== confirmPassword) { toast.error('Passwords do not match'); return; }
if (!regEmail.trim()) { toast.error('Email is required'); return; }
if (!regDateOfBirth) { toast.error('Date of birth is required'); return; }
try {
await register({
username,
password,
email: regEmail.trim() || undefined,
email: regEmail.trim(),
date_of_birth: regDateOfBirth,
preferred_name: regPreferredName.trim() || undefined,
});
// On success useAuth invalidates query → Navigate handles redirect
@ -567,6 +571,7 @@ export default function LockScreen() {
setPassword('');
setConfirmPassword('');
setRegEmail('');
setRegDateOfBirth('');
setRegPreferredName('');
setLoginError(null);
}}
@ -622,17 +627,29 @@ export default function LockScreen() {
/>
</div>
<div className="space-y-2">
<Label htmlFor="reg-email">Email</Label>
<Label htmlFor="reg-email" required>Email</Label>
<Input
id="reg-email"
type="email"
value={regEmail}
onChange={(e) => setRegEmail(e.target.value)}
placeholder="your@email.com"
required
maxLength={254}
autoComplete="email"
/>
</div>
<div className="space-y-2">
<Label htmlFor="reg-dob" required>Date of Birth</Label>
<Input
id="reg-dob"
type="date"
value={regDateOfBirth}
onChange={(e) => setRegDateOfBirth(e.target.value)}
required
autoComplete="bday"
/>
</div>
<div className="space-y-2">
<Label htmlFor="reg-password" required>Password</Label>
<Input
@ -677,6 +694,7 @@ export default function LockScreen() {
setPassword('');
setConfirmPassword('');
setRegEmail('');
setRegDateOfBirth('');
setRegPreferredName('');
setLoginError(null);
}}

17
frontend/src/components/settings/SettingsPage.tsx
View File

@ -65,6 +65,7 @@ export default function SettingsPage() {
const [firstName, setFirstName] = useState('');
const [lastName, setLastName] = useState('');
const [profileEmail, setProfileEmail] = useState('');
const [dateOfBirth, setDateOfBirth] = useState('');
const [emailError, setEmailError] = useState<string | null>(null);
useEffect(() => {
@ -72,6 +73,7 @@ export default function SettingsPage() {
setFirstName(profileQuery.data.first_name ?? '');
setLastName(profileQuery.data.last_name ?? '');
setProfileEmail(profileQuery.data.email ?? '');
setDateOfBirth(profileQuery.data.date_of_birth ?? '');
}
}, [profileQuery.dataUpdatedAt]);
@ -170,8 +172,8 @@ export default function SettingsPage() {
}
};
const handleProfileSave = async (field: 'first_name' | 'last_name' | 'email') => {
const values: Record<string, string> = { first_name: firstName, last_name: lastName, email: profileEmail };
const handleProfileSave = async (field: 'first_name' | 'last_name' | 'email' | 'date_of_birth') => {
const values: Record<string, string> = { first_name: firstName, last_name: lastName, email: profileEmail, date_of_birth: dateOfBirth };
const current = values[field].trim();
const original = profileQuery.data?.[field] ?? '';
if (current === (original || '')) return;
@ -349,6 +351,17 @@ export default function SettingsPage() {
<p className="text-xs text-red-400">{emailError}</p>
)}
</div>
<div className="space-y-2">
<Label htmlFor="date_of_birth">Date of Birth</Label>
<Input
id="date_of_birth"
type="date"
value={dateOfBirth}
onChange={(e) => setDateOfBirth(e.target.value)}
onBlur={() => handleProfileSave('date_of_birth')}
onKeyDown={(e) => { if (e.key === 'Enter') handleProfileSave('date_of_birth'); }}
/>
</div>
</CardContent>
</Card>

8
frontend/src/hooks/useAuth.ts
View File

@ -47,11 +47,11 @@ export function useAuth() {
});
const registerMutation = useMutation({
mutationFn: async ({ username, password, email, preferred_name }: {
username: string; password: string; email?: string; preferred_name?: string;
mutationFn: async ({ username, password, email, date_of_birth, preferred_name }: {
username: string; password: string; email: string; date_of_birth: string;
preferred_name?: string;
}) => {
const payload: Record<string, string> = { username, password };
if (email) payload.email = email;
const payload: Record<string, string> = { username, password, email, date_of_birth };
if (preferred_name) payload.preferred_name = preferred_name;
const { data } = await api.post<LoginResponse & { message?: string }>('/auth/register', payload);
return data;

1
frontend/src/types/index.ts
View File

@ -350,6 +350,7 @@ export interface UserProfile {
email: string | null;
first_name: string | null;
last_name: string | null;
date_of_birth: string | null;
}
export interface EventTemplate {