mporwoll/dak.c2s
1
0
Fork 0
mirror of https://github.com/complexcaresolutions/dak.c2s.git synced 2026-03-17 17:13:42 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
dak.c2s/backend/app/schemas/auth.py
CCS Admin d5db84d93f feat: add self-service password reset via email 
Adds "Passwort vergessen?" to login page with email-based password
reset flow. Backend generates secure token (SHA-256 hashed, 1h expiry),
sends reset link via SMTP, and validates on submission. Includes rate
limiting (3 requests/hour/email), audit logging, and account unlock
on successful reset. New ResetPasswordPage with password confirmation.

New DB table: password_reset_tokens (migration 008).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-28 14:56:07 +00:00

83 lines
1.7 KiB
Python
Raw Permalink Blame History

"""Pydantic v2 schemas for authentication endpoints."""
from typing import Optional
from pydantic import BaseModel, EmailStr
from app.schemas.user import UserResponse
class LoginRequest(BaseModel):
"""Credentials submitted to POST /login."""
email: EmailStr
password: str
mfa_code: Optional[str] = None
class TokenResponse(BaseModel):
"""Returned on successful login or token refresh."""
access_token: str
refresh_token: str
token_type: str = "bearer"
user: UserResponse
class RegisterRequest(BaseModel):
"""Self-service registration (requires invitation token or whitelisted domain)."""
username: str
email: EmailStr
password: str
invitation_token: Optional[str] = None
class RefreshRequest(BaseModel):
"""Request body for POST /refresh."""
refresh_token: str
class MFASetupResponse(BaseModel):
"""Returned when a user initiates MFA setup."""
secret: str
qr_uri: str
class MFAVerifyRequest(BaseModel):
"""6-digit TOTP code + secret submitted to activate MFA.
The *secret* was returned by ``/mfa/setup`` and must be echoed back so
the server can verify the code before persisting.
"""
secret: str
code: str
class ChangePasswordRequest(BaseModel):
"""Request body for changing the authenticated user's password."""
old_password: str
new_password: str
class MFADisableRequest(BaseModel):
"""Password confirmation required to disable MFA."""
password: str
class ForgotPasswordRequest(BaseModel):
"""Request body for POST /forgot-password."""
email: EmailStr
class ResetPasswordRequest(BaseModel):
"""Request body for POST /reset-password."""
token: str
new_password: str
Reference in a new issue View git blame Copy permalink