UMBRA

Author	SHA1	Message	Date
Kyle Pope	e7cb6de7d5	Add admin delete-user with full cascade cleanup Migration 036 adds ondelete rules to 5 transitive FKs that would otherwise block user deletion (calendar_events via calendars, project_tasks via projects, todos via projects, etc.). DELETE /api/admin/users/{user_id} with self-action guard, last-admin guard, session revocation, and audit logging. Frontend gets a red two-click confirm button in the IAM actions menu. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-27 19:20:47 +08:00
Kyle Pope	9f7bbbfcbb	Add per-user active session counts to IAM user list Move active_sessions field from UserDetailResponse into UserListItem so GET /admin/users returns session counts. Uses a correlated subquery to count non-revoked, non-expired sessions per user. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-27 13:26:32 +08:00
Kyle Pope	619e220622	Fix QA review #2 : W-03/W-04, S-01 through S-04 W-03: Unify split transactions — _create_db_session() now uses flush() instead of commit(), callers own the final commit. W-04: Time-bound dedup key fetch to 7-day purge window. S-01: Type admin dashboard response with RecentLoginItem/RecentAuditItem. S-02: Convert starred events index to partial index WHERE is_starred = true. S-03: EventTemplate.created_at default changed to func.now() for consistency. S-04: Add single-worker scaling note to weather cache. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-27 05:41:16 +08:00
Kyle Pope	e57a5b00c9	Fix QA review findings: C-01 through C-04, W-01 through W-07, S-01/S-04/S-05/S-06 Critical fixes: - C-01: Pass user_id to _mark_sent/_already_sent (ntfy crash) - C-02: Align frontend HTTP methods with backend routes (PATCH->PUT, DELETE->POST, fix reset-password/enforce-mfa/disable-mfa paths) - C-03: Add X-Requested-With to CORS allow_headers - C-04: Replace scalar_one_or_none with func.count for auth/status Warning fixes: - W-01: Batch audit log into same transaction in create_user, setup, register - W-02: Extract users array from UserListResponse wrapper in useAdminUsers - W-03: Update password hint from "8 chars" to "12 chars" in CreateUserDialog - W-04: Remove password input from reset flow, show returned temp password - W-06: Remove unused actor_alias variable in admin_dashboard - W-07: Resolve usernames in dashboard audit entries via JOIN, remove ip_address column from recent_logins (not tracked on User model) Suggestions applied: - S-01/S-06: Add extra="forbid" to all admin mutation schemas - S-04: Add ondelete="SET NULL" to audit_log.actor_user_id FK - S-05: Improve registration error message for better UX Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 19:19:04 +08:00
Kyle Pope	d8bdae8ec3	Implement multi-user RBAC: database, auth, routing, admin API (Phases 1-6) Phase 1: Add role, mfa_enforce_pending, must_change_password to users table. Create system_config (singleton) and audit_log tables. Migration 026. Phase 2: Add user_id FK to all 8 data tables (todos, reminders, projects, calendars, people, locations, event_templates, ntfy_sent) with 4-step nullable→backfill→FK→NOT NULL pattern. Migrations 027-034. Phase 3: Harden auth schemas (extra="forbid" on RegisterRequest), add MFA enforcement token serializer with distinct salt, rewrite auth router with require_role() factory and registration endpoint. Phase 4: Scope all 12 routers by user_id, fix dependency type bugs, bound weather cache (SEC-15), multi-user ntfy dispatch. Phase 5: Create admin router (14 endpoints), admin schemas, audit service, rate limiting in nginx. SEC-08 CSRF via X-Requested-With. Phase 6: Update frontend types, useAuth hook (role/isAdmin/register), App.tsx (AdminRoute guard), Sidebar (admin link), api.ts (XHR header). Security findings addressed: SEC-01, SEC-02, SEC-03, SEC-04, SEC-05, SEC-06, SEC-07, SEC-08, SEC-12, SEC-13, SEC-15. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 19:06:25 +08:00

5 Commits