Kyle Pope
bcfebbc9ae
- Migration 062: adds users.passwordless_enabled and system_config.allow_passwordless (both default false)
- User model: passwordless_enabled field after must_change_password
- SystemConfig model: allow_passwordless field after enforce_mfa_new_users
- auth.py login(): block passwordless-enabled accounts from password login path (403) with audit log
- auth.py auth_status(): change has_passkeys query to full COUNT, add passkey_count + passwordless_enabled to response
- auth.py get_current_user(): add /api/auth/passkeys/login/begin and /login/complete to lock_exempt set
- passkeys.py: add PasswordlessEnableRequest + PasswordlessDisableRequest schemas
- passkeys.py: PUT /passwordless/enable — verify password, check system config, require >= 2 passkeys, set flag
- passkeys.py: POST /passwordless/disable/begin — generate user-bound challenge for passkey auth ceremony
- passkeys.py: PUT /passwordless/disable — verify passkey auth response, clear flag, update sign count
- passkeys.py: PasskeyLoginCompleteRequest.unlock field — passkey re-auth into locked session without new session
- passkeys.py: delete guard — 409 if passwordless user attempts to drop below 2 passkeys
- schemas/admin.py: add passwordless_enabled to UserListItem + UserDetailResponse; add allow_passwordless to SystemConfigResponse + SystemConfigUpdate; add TogglePasswordlessRequest
- admin.py: PUT /users/{user_id}/passwordless — admin-only disable (enabled=False only), revokes all sessions, audit log
- admin.py: update_system_config handles allow_passwordless field
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
56 lines
2.4 KiB
Python
56 lines
2.4 KiB
Python
from sqlalchemy import String, Boolean, Integer, Date, func
|
|
from sqlalchemy.orm import Mapped, mapped_column
|
|
from datetime import datetime, date
|
|
from app.database import Base
|
|
|
|
|
|
class User(Base):
|
|
__tablename__ = "users"
|
|
|
|
id: Mapped[int] = mapped_column(primary_key=True, index=True)
|
|
username: Mapped[str] = mapped_column(String(50), unique=True, nullable=False, index=True)
|
|
umbral_name: Mapped[str] = mapped_column(String(50), unique=True, index=True)
|
|
email: Mapped[str | None] = mapped_column(String(255), nullable=True)
|
|
first_name: Mapped[str | None] = mapped_column(String(100), nullable=True)
|
|
last_name: Mapped[str | None] = mapped_column(String(100), nullable=True)
|
|
date_of_birth: Mapped[date | None] = mapped_column(Date, nullable=True)
|
|
password_hash: Mapped[str] = mapped_column(String(255), nullable=False)
|
|
|
|
# MFA — populated in Track B
|
|
# String(500) because Fernet-encrypted secrets are longer than raw base32
|
|
totp_secret: Mapped[str | None] = mapped_column(String(500), nullable=True, default=None)
|
|
totp_enabled: Mapped[bool] = mapped_column(Boolean, default=False)
|
|
|
|
# Account lockout
|
|
failed_login_count: Mapped[int] = mapped_column(Integer, default=0)
|
|
locked_until: Mapped[datetime | None] = mapped_column(nullable=True, default=None)
|
|
|
|
# Account state
|
|
is_active: Mapped[bool] = mapped_column(Boolean, default=True)
|
|
|
|
# RBAC
|
|
role: Mapped[str] = mapped_column(
|
|
String(30), nullable=False, default="standard", server_default="standard"
|
|
)
|
|
|
|
# MFA enforcement (admin can toggle; checked at login)
|
|
mfa_enforce_pending: Mapped[bool] = mapped_column(
|
|
Boolean, default=False, server_default="false"
|
|
)
|
|
|
|
# Forced password change (set after admin reset)
|
|
must_change_password: Mapped[bool] = mapped_column(
|
|
Boolean, default=False, server_default="false"
|
|
)
|
|
|
|
# Passwordless login — requires >= 2 passkeys registered
|
|
passwordless_enabled: Mapped[bool] = mapped_column(
|
|
Boolean, default=False, server_default="false"
|
|
)
|
|
|
|
# Audit
|
|
created_at: Mapped[datetime] = mapped_column(default=func.now())
|
|
updated_at: Mapped[datetime] = mapped_column(default=func.now(), onupdate=func.now())
|
|
last_login_at: Mapped[datetime | None] = mapped_column(nullable=True, default=None)
|
|
last_password_change_at: Mapped[datetime | None] = mapped_column(nullable=True, default=None)
|