Skip to content
This repository was archived by the owner on Jan 1, 2026. It is now read-only.

Comments

Secure registration and add login with and without OTP#7

Merged
Vianpyro merged 51 commits intomainfrom
feature/secure_registration_add_login
Jun 22, 2025
Merged

Secure registration and add login with and without OTP#7
Vianpyro merged 51 commits intomainfrom
feature/secure_registration_add_login

Conversation

@Vianpyro
Copy link
Member

@Vianpyro Vianpyro commented Jun 12, 2025
edited
Loading

Description

This pull request introduces significant improvements to the user authentication and registration system. The registration flow now enforces email verification before user creation and supports 2FA (OTP). Various code enhancements were made for clarity, consistency, and maintainability.

Changes Made

  • Refactored user registration to use PostgreSQL stored procedure and sanitize username input.
  • Replaced UserCreate schema with UserRegister for clarity and alignment with the new flow.
  • Moved sanitize_username to string_utils and removed username.py.
  • Added HTTPException handling for existing users during registration.
  • Added descriptive docstring to the user registration endpoint.
  • Renamed language_id to language_iso_code in the User model for clarity.
  • Renamed language_iso_code to language_id in model and schema for consistency.
  • Implemented email confirmation flow and login endpoint.
  • Enhanced login endpoint with improved response structure.
  • Implemented OTP-based 2FA login and registration enhancements for OTP secret generation.
  • Moved in-memory store declaration to a more appropriate location for clarity.
  • Updated SQLAlchemy engine initialization for better performance (echo=False, pool_pre_ping=True).
  • Changed registration flow to require email confirmation before creating the user account.

How to Test

  1. Register a new user using the registration endpoint.
  2. Check your email for a confirmation link and confirm the account.
  3. Attempt to log in using the confirmed account credentials.
  4. If 2FA is enabled, provide the OTP when prompted.
  5. Verify that the login flow completes successfully and that invalid or unconfirmed users are appropriately blocked.

Checklist

  • My code follows the project's coding style.
  • I have performed a self-review of my code.
  • I have added necessary tests (if applicable).
  • I have documented my changes (if necessary).

Additional Context

These updates are foundational for enforcing stronger security in the authentication process, including email verification and 2FA. The code has been refactored to improve modularity and clarity, especially in schema and utility functions.

Vianpyro added 13 commits June 9, 2025 14:19
Refactor user registration to use PostgreSQL stored procedure and san…
9aab667 
…itize username input
Refactor user registration to use UserRegister schema and remove User…
7888715 
…Create
Refactor username sanitization: move sanitize_username function to st…
4e0adaf 
…ring_utils and remove username.py
Enhance user registration: add HTTPException for existing users and i…
c3d4e3a 
…mprove code structure
Add docstring to user registration endpoint for clarity
8579c8d
Fix attribute name in User model: update language_id to language_iso_…
89e56e7 
…code for clarity
Refactor language preference handling: rename language_iso_code to la…
ce222fb 
…nguage_id in User model and registration schema for consistency
Implement email confirmation feature and login endpoint
86a04fe
Enhance login endpoint
aec0f96
Implement 2FA login flow and enhance user registration with OTP secre…
a416bbb 
…t generation
Move in-memory store declaration for clarity
a159a8b
Bump version to 1.2.0 for API and 0.3.0 for application; update break…
b3b5526 
…ing change label in version bump workflow
Refactor tasks.json to improve structure and remove unnecessary runOp…
bb83e80 
…tions
@Vianpyro Vianpyro self-assigned this Jun 12, 2025
@Vianpyro Vianpyro added type: feature Requests for new functionality or features. complexity: complex Tasks with unclear paths that need exploration or experimentation. priority: high Important tasks that require immediate attention. special: breaking change Tasks that will introduce a breaking change and require careful implementation. status: needs review Ready for code or design review. type: configuration Changes or updates to configuration files or settings. type: refactor Improvements to existing code without changing functionality. type: secrets management Issues related to securing or managing secrets, tokens, and environment variables. type: security Issues or improvements related to app security. labels Jun 12, 2025
Vianpyro and others added 28 commits June 12, 2025 18:44
docs: Update module docstring for clarity and formatting
1fbeb68
Add email confirmation tests
fee60a7
@Vianpyro
Super-Linter: Fix linting issues
dea7c01
Update dependency installation to use requirements-dev.txt
269762a
Remove confirmation token from email response
41778f1
Refactor security utility functions and enhance test coverage with ne…
475fc1e 
…w fixtures and tests for email and phone encryption, hashing, and verification token generation.
Add test for non-empty encrypted fields to ensure encryption integrity
51ad19b
Enhance OTP verification function to support HOTP counter parameter
ace571e
Add test for hash field length to validate SHA-256 output
f9aed57
Add unit tests for OTP verification functionality
450457e
Refactor password verification function and add comprehensive tests f…
d9b1201 
…or verification logic
Refactor password verification tests to use fixtures for hashed and w…
d8678a9 
…rong passwords
Refactor test client setup in API tests to use FastAPI app instances …
f4e3292 
…directly and remove utility functions for versioned requests.
Implement session and refresh token management in authentication endp…
96ae2a3 
…oints; add utility functions for token creation and hashing.
Refactor authentication endpoints to improve device info handling and…
8ce3629 
… add payload generation fixtures for login and OTP tests
Refactor authentication endpoints to streamline device info handling …
40c9445 
…and remove unnecessary fields from login payloads in schemas and tests.
Refactor login tests to simplify function signatures by removing unne…
a9c96d0 
…cessary parameters.
Refactor device info extraction and session creation in login endpoin…
3a9da42 
…t for improved clarity and reusability.
Add user agent handling to session token saving and login process
0c3b014
Remove unused TODO functions as the Database will handle the removal …
5a04243 
…of old session and refresh tokens
Add user agent string to login OTP session and refresh token saving
f3f595c
Add greenlet dependency to requirements for improved concurrency support
d4439b1
Refactor session creation to include user agent string and update tes…
fe294f3 
…ts to remove user_id assertions
Refactor test_login_2fa_required_returns_2fa_token to simplify patchi…
6b16548 
…ng of dependencies
Update version constraints in requirements.txt for better dependency …
11987f1 
…management
Add unit tests for sanitize_username function to validate username sa…
251c813 
…nitization logic
Update version constraints in requirements-dev.txt for build and test…
f303526 
…ing dependencies
@Vianpyro
Merge branch 'main' into feature/secure_registration_add_login
632be2c
@Vianpyro Vianpyro merged commit d9c3b7e into main Jun 22, 2025
13 of 15 checks passed
@Vianpyro Vianpyro deleted the feature/secure_registration_add_login branch June 22, 2025 11:51
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

@Vianpyro Vianpyro

Labels

complexity: complex Tasks with unclear paths that need exploration or experimentation. priority: high Important tasks that require immediate attention. special: breaking change Tasks that will introduce a breaking change and require careful implementation. status: needs review Ready for code or design review. type: configuration Changes or updates to configuration files or settings. type: feature Requests for new functionality or features. type: refactor Improvements to existing code without changing functionality. type: secrets management Issues related to securing or managing secrets, tokens, and environment variables. type: security Issues or improvements related to app security.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Vianpyro