Idra-Informatica/PecHub
1
0
Fork 0
mirror of https://github.com/idrainformatica/PecFlow.git synced 2026-06-16 12:45:42 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
ab6db284497bb2e9ae31ea3924215cb5fb8d067a
PecHub/backend/app/schemas/user.py
T
mgiustini 58a233236c feat: Fase 1 – Fondamenta complete (backend FastAPI + auth + permessi) 
- docker-compose.yml: PostgreSQL 16, Redis 7, MinIO, Nginx
- backend FastAPI: struttura monorepo, config pydantic-settings
- modelli SQLAlchemy: tutti i modelli (tenants, users, mailboxes, messages, archival, permissions, labels, audit_log)
- migrazione Alembic 0001: schema completo in pure SQL
- auth API: login JWT, refresh token rotation, logout, 2FA TOTP (setup/verify/disable)
- CRUD utenti: lista, crea, modifica, reset password, soft delete
- permessi granulari (Fase 1-A): mailbox_permissions, assegna/revoca/lista
- CRUD tenant: gestione super-admin
- sicurezza: AES-256-GCM cifratura credenziali IMAP/SMTP, bcrypt password
- RLS PostgreSQL: isolamento multi-tenant per request
- seed sviluppo: tenant demo + admin + operator
- test unit: security (bcrypt, JWT, AES), auth_service
- test integration: auth endpoints, users endpoints
- CI GitHub Actions: lint (ruff), test (pytest), build Docker, security scan
- infra: nginx.conf, redis.conf
- Makefile con comandi make dev/test/migrate/seed

Definition of Done:
 Login, refresh token e TOTP funzionanti
 make dev porta in piedi tutto lo stack locale
 CI configurata
2026-03-18 16:42:01 +01:00

90 lines
2.8 KiB
Python
Raw Blame History

"""
Schema Pydantic per utenti.
"""
import uuid
from datetime import datetime
from typing import Literal
from pydantic import BaseModel, EmailStr, Field, field_validator
UserRoleType = Literal["super_admin", "admin", "supervisor", "operator", "readonly"]
# ─── Request ──────────────────────────────────────────────────────────────────
class UserCreateRequest(BaseModel):
email: EmailStr
password: str = Field(min_length=8)
full_name: str = Field(min_length=2, max_length=255)
role: UserRoleType = "operator"
@field_validator("password")
@classmethod
def validate_password(cls, v: str) -> str:
if len(v) < 8:
raise ValueError("La password deve essere almeno 8 caratteri")
if not any(c.isupper() for c in v):
raise ValueError("Almeno una lettera maiuscola richiesta")
if not any(c.isdigit() for c in v):
raise ValueError("Almeno un numero richiesto")
return v
@field_validator("role")
@classmethod
def validate_role_not_superadmin(cls, v: str) -> str:
if v == "super_admin":
raise ValueError("Non è possibile creare utenti super_admin via API")
return v
class UserUpdateRequest(BaseModel):
full_name: str | None = Field(default=None, min_length=2, max_length=255)
role: UserRoleType | None = None
is_active: bool | None = None
@field_validator("role")
@classmethod
def validate_role_not_superadmin(cls, v: str | None) -> str | None:
if v == "super_admin":
raise ValueError("Non è possibile assegnare il ruolo super_admin via API")
return v
class UserPasswordResetRequest(BaseModel):
new_password: str = Field(min_length=8)
@field_validator("new_password")
@classmethod
def validate_password(cls, v: str) -> str:
if not any(c.isupper() for c in v):
raise ValueError("Almeno una lettera maiuscola richiesta")
if not any(c.isdigit() for c in v):
raise ValueError("Almeno un numero richiesto")
return v
# ─── Response ─────────────────────────────────────────────────────────────────
class UserResponse(BaseModel):
id: uuid.UUID
tenant_id: uuid.UUID
email: str
full_name: str
role: str
is_active: bool
totp_enabled: bool
last_login_at: datetime | None
created_at: datetime
updated_at: datetime
model_config = {"from_attributes": True}
class UserListResponse(BaseModel):
items: list[UserResponse]
total: int
page: int
page_size: int
pages: int
Reference in New Issue View Git Blame Copy Permalink