Implement Phase 2: Refresh tokens, 2FA, password reset, and audit logging

Co-authored-by: mblanke <9078342+mblanke@users.noreply.github.com>
2026-03-01 14:00:20 -05:00 · 2025-12-09 17:30:12 +00:00
parent ddf287cde7
commit c8c0c762c5
15 changed files with 716 additions and 9 deletions
--- a/backend/app/schemas/user.py
+++ b/backend/app/schemas/user.py
@@ -1,4 +1,4 @@
-from pydantic import BaseModel
+from pydantic import BaseModel, EmailStr
 from typing import Optional
 from datetime import datetime

@@ -6,6 +6,7 @@ from datetime import datetime
 class UserBase(BaseModel):
    """Base user schema"""
    username: str
+    email: Optional[EmailStr] = None
    role: str = "user"
    tenant_id: int

@@ -18,15 +19,18 @@ class UserCreate(UserBase):
 class UserUpdate(BaseModel):
    """Schema for updating a user"""
    username: Optional[str] = None
+    email: Optional[EmailStr] = None
    password: Optional[str] = None
    role: Optional[str] = None
    is_active: Optional[bool] = None


 class UserRead(UserBase):
-    """Schema for reading user data (excludes password_hash)"""
+    """Schema for reading user data (excludes password_hash and secrets)"""
    id: int
    is_active: bool
+    email_verified: bool
+    totp_enabled: bool
    created_at: datetime

    class Config: