chihlasm/resolutionflow
1
0
Fork 0
Code Issues 23 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

fix: create system account for service user to satisfy account_id NOT NULL on prod (#91)

Browse Source 
The prod users table has account_id NOT NULL. The backfill migration and
ensure_service_account() now create a 'ResolutionFlow System' account
(display_code RF-SYS-1) before inserting the service user, satisfying the
constraint on all environments.

Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit was merged in pull request #91.
This commit is contained in:
chihlasm
2026-02-25 23:52:48 -05:00
committed by GitHub
parent e6a0c0549b
commit 8fa6ee1801
2 changed files with 56 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
backend/app/core/service_account.py
View File

@@ -18,6 +18,31 @@ logger = logging.getLogger(__name__)
SERVICE_ACCOUNT_EMAIL = "noreply@resolutionflow.com"
SERVICE_ACCOUNT_NAME = "ResolutionFlow"
SYSTEM_ACCOUNT_NAME = "ResolutionFlow System"
SYSTEM_ACCOUNT_DISPLAY_CODE = "RF-SYS-1"
async def _ensure_system_account(db: AsyncSession) -> uuid.UUID:
"""Get or create the ResolutionFlow system account. Returns its ID."""
from app.models.account import Account
from sqlalchemy import text
result = await db.execute(
select(Account).where(Account.display_code == SYSTEM_ACCOUNT_DISPLAY_CODE)
)
account = result.scalar_one_or_none()
if account is not None:
return account.id
new_account = Account(
id=uuid.uuid4(),
name=SYSTEM_ACCOUNT_NAME,
display_code=SYSTEM_ACCOUNT_DISPLAY_CODE,
)
db.add(new_account)
await db.flush()
logger.info(f"[service_account] Created system account (id={new_account.id})")
return new_account.id
async def ensure_service_account(db: AsyncSession) -> uuid.UUID:
@@ -40,7 +65,8 @@ async def ensure_service_account(db: AsyncSession) -> uuid.UUID:
await db.commit()
return user.id
# Create the service account with a random, unusable password hash
account_id = await _ensure_system_account(db)
new_user = User(
id=uuid.uuid4(),
email=SERVICE_ACCOUNT_EMAIL,
@@ -52,6 +78,7 @@ async def ensure_service_account(db: AsyncSession) -> uuid.UUID:
is_active=True,
is_service_account=True,
must_change_password=False,
account_id=account_id,
account_role="engineer",
)
db.add(new_user)