diff --git a/backend/scripts/seed_test_users.py b/backend/scripts/seed_test_users.py index 715bba8d..030c1101 100644 --- a/backend/scripts/seed_test_users.py +++ b/backend/scripts/seed_test_users.py @@ -97,7 +97,18 @@ async def main() -> None: ) row = result.first() if row: - print(f" [SKIP] {cfg['email']} already exists") + # Backfill email_verified_at for existing rows so older test + # users created before this script set the field still bypass + # the 7-day verification grace. + await conn.execute( + text(""" + UPDATE users + SET email_verified_at = COALESCE(email_verified_at, :now) + WHERE email = :email + """), + {"email": cfg["email"], "now": now}, + ) + print(f" [SKIP] {cfg['email']} already exists (email_verified_at backfilled if null)") if cfg["key"] == "team_admin": team_account_id = row.account_id continue @@ -130,12 +141,17 @@ async def main() -> None: # ---- Create User ---- user_id = uuid.uuid4() + # email_verified_at is stamped at seed time so test users bypass the + # 7-day verification grace immediately. Without this, fixtures hit + # require_verified_email_after_grace once their created_at ages past + # 7 days and get walled out of protected routes. await conn.execute( text(""" INSERT INTO users (id, email, password_hash, name, role, is_super_admin, - is_team_admin, is_active, account_id, account_role, created_at) + is_team_admin, is_active, account_id, account_role, + created_at, email_verified_at) VALUES (:id, :email, :pw, :name, 'engineer', :is_sa, :is_ta, true, - :account_id, :account_role, :now) + :account_id, :account_role, :now, :now) """), { "id": user_id,