3e0fb92012
- Remove role field from UserCreate schema, hardcode 'engineer' at registration
- Escape all user content in HTML export with html.escape() (XSS fix)
- Add field_validator to reject default SECRET_KEY when DEBUG=False
- Add CHECK constraint on users.role ('engineer'|'viewer') + migration 011
- Fix test_admin fixture to properly grant is_super_admin via ORM
- Fix circular FK (users↔invite_codes) in test DB setup with DROP SCHEMA CASCADE
- Add 5 new security tests (role validation + XSS prevention)
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
38 lines
975 B
Python
38 lines
975 B
Python
from datetime import datetime
|
|
from typing import Optional
|
|
from uuid import UUID
|
|
from pydantic import BaseModel, EmailStr, Field
|
|
|
|
|
|
class UserBase(BaseModel):
|
|
email: EmailStr
|
|
name: str = Field(..., min_length=1, max_length=255)
|
|
|
|
|
|
class UserCreate(UserBase):
|
|
password: str = Field(..., min_length=10, description="Password must be at least 10 characters")
|
|
invite_code: Optional[str] = Field(None, description="Invite code for registration (required when invite system is enabled)")
|
|
|
|
|
|
class UserUpdate(BaseModel):
|
|
name: Optional[str] = Field(None, min_length=1, max_length=255)
|
|
email: Optional[EmailStr] = None
|
|
|
|
|
|
class UserLogin(BaseModel):
|
|
email: EmailStr
|
|
password: str
|
|
|
|
|
|
class UserResponse(UserBase):
|
|
id: UUID
|
|
role: str
|
|
is_super_admin: bool = False
|
|
is_team_admin: bool = False
|
|
team_id: Optional[UUID] = None
|
|
created_at: datetime
|
|
last_login: Optional[datetime] = None
|
|
|
|
class Config:
|
|
from_attributes = True
|