dictia-public

Innova-AI/dictia-public

Fork 0

Commit Graph

Author	SHA1	Message	Date
Allison	8792ffb8a4	fix(auth): B-2.1 — FK erasure policy, totp_secret_encrypted, validates, docs - ConsentLog.user_id: nullable=True + ondelete='SET NULL' for Loi 25 art. 28.1 right-to-erasure (audit row survives user deletion, user_id nulled out). Matches existing pattern in auth_log.py / access_log.py. - Add ConsentLog.@validates('consent_type') to reject typos at ORM level (silent typos in audit data are very hard to detect later). - Rename User.totp_secret -> totp_secret_encrypted (size 64->255 for Fernet envelope). Self-documenting contract: never assign plaintext to this column. - init_db.py: drop NOT NULL from totp_enabled migration string for consistency with every other Boolean column in the file (model-side nullable=False is sufficient). - Docs: User class docstring updated to reflect MFA/billing/ordre context; webauthn_credentials shape documented; version column policy documented. - Tests: cleaner IntegrityError catch; add survives_user_deletion test (right-to-erasure); add rejects_invalid_consent_type test (validator).	2026-04-27 21:57:32 -04:00
Allison	48d2abfa74	feat(auth): B-2.1 ConsentLog model (Loi 25) + User MFA/OAuth/Stripe fields - New src/models/consent.py — ConsentLog with user_id FK, consent_type ('cgu' \| 'confidentialite' \| 'marketing' \| 'analytics'), version, granted bool, granted_at/revoked_at timestamps, ip_address (45 chars for IPv6), user_agent (500 chars). User.consent_logs backref. Audit trail per LPRPSP art. 14 (consent tracé) + art. 3.5 (journal). - src/models/user.py: add 7 new columns (totp_secret, totp_enabled DEFAULT 0, webauthn_credentials JSON, ordre_pro, cabinet, stripe_customer_id, subscription_status). Do NOT duplicate existing sso_provider/sso_subject/ email_verified/etc. (per compatibility-audit C4). - src/init_db.py: 7 add_column_if_not_exists() calls for the new User columns + 2 create_index_if_not_exists() for stripe_customer_id and subscription_status. NO Alembic — init_db.py pattern matches compatibility-audit C3. - src/models/__init__.py: register ConsentLog import. - tests/test_consent_log.py: 7 tests — grant flow, 4 consent types, revoke preserves audit trail, User backref, NOT NULL on ip/UA, User.B-2.1 fields round-trip, defaults safe.	2026-04-27 21:44:37 -04:00

Author

SHA1

Message

Date

Allison

8792ffb8a4

fix(auth): B-2.1 — FK erasure policy, totp_secret_encrypted, validates, docs

- ConsentLog.user_id: nullable=True + ondelete='SET NULL' for Loi 25 art. 28.1
  right-to-erasure (audit row survives user deletion, user_id nulled out).
  Matches existing pattern in auth_log.py / access_log.py.
- Add ConsentLog.@validates('consent_type') to reject typos at ORM level
  (silent typos in audit data are very hard to detect later).
- Rename User.totp_secret -> totp_secret_encrypted (size 64->255 for Fernet
  envelope). Self-documenting contract: never assign plaintext to this column.
- init_db.py: drop NOT NULL from totp_enabled migration string for consistency
  with every other Boolean column in the file (model-side nullable=False is
  sufficient).
- Docs: User class docstring updated to reflect MFA/billing/ordre context;
  webauthn_credentials shape documented; version column policy documented.
- Tests: cleaner IntegrityError catch; add survives_user_deletion test
  (right-to-erasure); add rejects_invalid_consent_type test (validator).

2026-04-27 21:57:32 -04:00

Allison

48d2abfa74

feat(auth): B-2.1 ConsentLog model (Loi 25) + User MFA/OAuth/Stripe fields

- New src/models/consent.py — ConsentLog with user_id FK, consent_type
  ('cgu' | 'confidentialite' | 'marketing' | 'analytics'), version, granted
  bool, granted_at/revoked_at timestamps, ip_address (45 chars for IPv6),
  user_agent (500 chars). User.consent_logs backref. Audit trail per
  LPRPSP art. 14 (consent tracé) + art. 3.5 (journal).
- src/models/user.py: add 7 new columns (totp_secret, totp_enabled DEFAULT 0,
  webauthn_credentials JSON, ordre_pro, cabinet, stripe_customer_id,
  subscription_status). Do NOT duplicate existing sso_provider/sso_subject/
  email_verified/etc. (per compatibility-audit C4).
- src/init_db.py: 7 add_column_if_not_exists() calls for the new User
  columns + 2 create_index_if_not_exists() for stripe_customer_id and
  subscription_status. NO Alembic — init_db.py pattern matches
  compatibility-audit C3.
- src/models/__init__.py: register ConsentLog import.
- tests/test_consent_log.py: 7 tests — grant flow, 4 consent types, revoke
  preserves audit trail, User backref, NOT NULL on ip/UA, User.B-2.1 fields
  round-trip, defaults safe.

2026-04-27 21:44:37 -04:00

2 Commits