UMBRA

rohskiddo/UMBRA

Fork 0

Commit Graph

Author	SHA1	Message	Date
Kyle Pope	bcfebbc9ae	feat(backend): Phase 1 passwordless login — migration, models, toggle endpoints, unlock, delete guard, admin controls - Migration 062: adds users.passwordless_enabled and system_config.allow_passwordless (both default false) - User model: passwordless_enabled field after must_change_password - SystemConfig model: allow_passwordless field after enforce_mfa_new_users - auth.py login(): block passwordless-enabled accounts from password login path (403) with audit log - auth.py auth_status(): change has_passkeys query to full COUNT, add passkey_count + passwordless_enabled to response - auth.py get_current_user(): add /api/auth/passkeys/login/begin and /login/complete to lock_exempt set - passkeys.py: add PasswordlessEnableRequest + PasswordlessDisableRequest schemas - passkeys.py: PUT /passwordless/enable — verify password, check system config, require >= 2 passkeys, set flag - passkeys.py: POST /passwordless/disable/begin — generate user-bound challenge for passkey auth ceremony - passkeys.py: PUT /passwordless/disable — verify passkey auth response, clear flag, update sign count - passkeys.py: PasskeyLoginCompleteRequest.unlock field — passkey re-auth into locked session without new session - passkeys.py: delete guard — 409 if passwordless user attempts to drop below 2 passkeys - schemas/admin.py: add passwordless_enabled to UserListItem + UserDetailResponse; add allow_passwordless to SystemConfigResponse + SystemConfigUpdate; add TogglePasswordlessRequest - admin.py: PUT /users/{user_id}/passwordless — admin-only disable (enabled=False only), revokes all sessions, audit log - admin.py: update_system_config handles allow_passwordless field Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-18 00:15:39 +08:00
Kyle Pope	d8bdae8ec3	Implement multi-user RBAC: database, auth, routing, admin API (Phases 1-6) Phase 1: Add role, mfa_enforce_pending, must_change_password to users table. Create system_config (singleton) and audit_log tables. Migration 026. Phase 2: Add user_id FK to all 8 data tables (todos, reminders, projects, calendars, people, locations, event_templates, ntfy_sent) with 4-step nullable→backfill→FK→NOT NULL pattern. Migrations 027-034. Phase 3: Harden auth schemas (extra="forbid" on RegisterRequest), add MFA enforcement token serializer with distinct salt, rewrite auth router with require_role() factory and registration endpoint. Phase 4: Scope all 12 routers by user_id, fix dependency type bugs, bound weather cache (SEC-15), multi-user ntfy dispatch. Phase 5: Create admin router (14 endpoints), admin schemas, audit service, rate limiting in nginx. SEC-08 CSRF via X-Requested-With. Phase 6: Update frontend types, useAuth hook (role/isAdmin/register), App.tsx (AdminRoute guard), Sidebar (admin link), api.ts (XHR header). Security findings addressed: SEC-01, SEC-02, SEC-03, SEC-04, SEC-05, SEC-06, SEC-07, SEC-08, SEC-12, SEC-13, SEC-15. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-02-26 19:06:25 +08:00

Author

SHA1

Message

Date

Kyle Pope

bcfebbc9ae

feat(backend): Phase 1 passwordless login — migration, models, toggle endpoints, unlock, delete guard, admin controls

- Migration 062: adds users.passwordless_enabled and system_config.allow_passwordless (both default false)
- User model: passwordless_enabled field after must_change_password
- SystemConfig model: allow_passwordless field after enforce_mfa_new_users
- auth.py login(): block passwordless-enabled accounts from password login path (403) with audit log
- auth.py auth_status(): change has_passkeys query to full COUNT, add passkey_count + passwordless_enabled to response
- auth.py get_current_user(): add /api/auth/passkeys/login/begin and /login/complete to lock_exempt set
- passkeys.py: add PasswordlessEnableRequest + PasswordlessDisableRequest schemas
- passkeys.py: PUT /passwordless/enable — verify password, check system config, require >= 2 passkeys, set flag
- passkeys.py: POST /passwordless/disable/begin — generate user-bound challenge for passkey auth ceremony
- passkeys.py: PUT /passwordless/disable — verify passkey auth response, clear flag, update sign count
- passkeys.py: PasskeyLoginCompleteRequest.unlock field — passkey re-auth into locked session without new session
- passkeys.py: delete guard — 409 if passwordless user attempts to drop below 2 passkeys
- schemas/admin.py: add passwordless_enabled to UserListItem + UserDetailResponse; add allow_passwordless to SystemConfigResponse + SystemConfigUpdate; add TogglePasswordlessRequest
- admin.py: PUT /users/{user_id}/passwordless — admin-only disable (enabled=False only), revokes all sessions, audit log
- admin.py: update_system_config handles allow_passwordless field

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-03-18 00:15:39 +08:00

Kyle Pope

d8bdae8ec3

Implement multi-user RBAC: database, auth, routing, admin API (Phases 1-6)

Phase 1: Add role, mfa_enforce_pending, must_change_password to users table.
Create system_config (singleton) and audit_log tables. Migration 026.

Phase 2: Add user_id FK to all 8 data tables (todos, reminders, projects,
calendars, people, locations, event_templates, ntfy_sent) with 4-step
nullable→backfill→FK→NOT NULL pattern. Migrations 027-034.

Phase 3: Harden auth schemas (extra="forbid" on RegisterRequest), add
MFA enforcement token serializer with distinct salt, rewrite auth router
with require_role() factory and registration endpoint.

Phase 4: Scope all 12 routers by user_id, fix dependency type bugs,
bound weather cache (SEC-15), multi-user ntfy dispatch.

Phase 5: Create admin router (14 endpoints), admin schemas, audit
service, rate limiting in nginx. SEC-08 CSRF via X-Requested-With.

Phase 6: Update frontend types, useAuth hook (role/isAdmin/register),
App.tsx (AdminRoute guard), Sidebar (admin link), api.ts (XHR header).

Security findings addressed: SEC-01, SEC-02, SEC-03, SEC-04, SEC-05,
SEC-06, SEC-07, SEC-08, SEC-12, SEC-13, SEC-15.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-02-26 19:06:25 +08:00

2 Commits