Implement Phase 2: Refresh tokens, 2FA, password reset, and audit logging

Co-authored-by: mblanke <9078342+mblanke@users.noreply.github.com>
2026-03-01 14:00:20 -05:00 · 2025-12-09 17:30:12 +00:00
parent ddf287cde7
commit c8c0c762c5
15 changed files with 716 additions and 9 deletions
--- a/backend/app/models/user.py
+++ b/backend/app/models/user.py
@@ -14,7 +14,12 @@ class User(Base):
    role = Column(String, default="user", nullable=False)  # user, admin
    tenant_id = Column(Integer, ForeignKey("tenants.id"), nullable=False)
    is_active = Column(Boolean, default=True, nullable=False)
+    email = Column(String, unique=True, nullable=True, index=True)
+    email_verified = Column(Boolean, default=False, nullable=False)
+    totp_secret = Column(String, nullable=True)
+    totp_enabled = Column(Boolean, default=False, nullable=False)
    created_at = Column(DateTime, default=lambda: datetime.now(timezone.utc))

    # Relationships
    tenant = relationship("Tenant", back_populates="users")
+    refresh_tokens = relationship("RefreshToken", back_populates="user")