Innova-AI/dictia-public
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix(auth): B-2.1 — FK erasure policy, totp_secret_encrypted, validates, docs

Browse Source 
- ConsentLog.user_id: nullable=True + ondelete='SET NULL' for Loi 25 art. 28.1
  right-to-erasure (audit row survives user deletion, user_id nulled out).
  Matches existing pattern in auth_log.py / access_log.py.
- Add ConsentLog.@validates('consent_type') to reject typos at ORM level
  (silent typos in audit data are very hard to detect later).
- Rename User.totp_secret -> totp_secret_encrypted (size 64->255 for Fernet
  envelope). Self-documenting contract: never assign plaintext to this column.
- init_db.py: drop NOT NULL from totp_enabled migration string for consistency
  with every other Boolean column in the file (model-side nullable=False is
  sufficient).
- Docs: User class docstring updated to reflect MFA/billing/ordre context;
  webauthn_credentials shape documented; version column policy documented.
- Tests: cleaner IntegrityError catch; add survives_user_deletion test
  (right-to-erasure); add rejects_invalid_consent_type test (validator).
This commit is contained in:
Allison
2026-04-27 21:57:32 -04:00
parent 48d2abfa74
commit 8792ffb8a4
4 changed files with 117 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
src/models/user.py
View File

@@ -13,7 +13,13 @@ from src.database import db
class User(db.Model, UserMixin):
"""User model for authentication and profile management."""
"""User model authentication, profile, MFA enrollment, and subscription state.
Post-B-2.1 columns include MFA (totp_secret_encrypted, totp_enabled,
webauthn_credentials), Stripe billing (stripe_customer_id, subscription_status),
and ordre professionnel context (ordre_pro, cabinet) used at signup (B-2.2).
Consent audit trail in src/models/consent.py via User.consent_logs backref.
"""
id = db.Column(db.Integer, primary_key=True)
username = db.Column(db.String(20), unique=True, nullable=False)
@@ -65,11 +71,14 @@ class User(db.Model, UserMixin):
transcription_initial_prompt = db.Column(db.Text, nullable=True)
# === B-2.1: MFA / WebAuthn / Stripe / Loi 25 fields (Phase 2 backend) ===
# TOTP MFA (B-2.5) — chiffré au repos via SECRET_KEY (handled in service layer)
totp_secret = db.Column(db.String(64), nullable=True)
# B-2.5 service layer encrypts the base32 secret with SECRET_KEY before storing.
# The encrypted blob (Fernet token) is what lives in this column. NEVER assign a
# raw base32 secret to this attribute — use the service-layer setter.
totp_secret_encrypted = db.Column(db.String(255), nullable=True)
totp_enabled = db.Column(db.Boolean, default=False, nullable=False)
# WebAuthn / Passkey credentials (B-2.6) — list of credential dicts
# WebAuthn / Passkey credentials (B-2.6) — list of credential dicts:
# [{'id': str, 'public_key': str, 'sign_count': int, 'transports': list[str]}]
webauthn_credentials = db.Column(db.JSON, nullable=True)
# Loi 25 + ordre professionnel context (used at signup B-2.2)