- Link a Google account to a password account, and adopt the Google identity onto a matching email account instead of 500ing on a duplicate; set or change a password from Settings. - Expose has_google/has_password on /api/me for the Sign-in methods UI. - Mark Google logins email-verified (backfill existing rows, migration 0024); stop a routine login from clobbering an admin-assigned role (env ADMIN_EMAILS stays the bootstrap admin). - Suspension login-gates (password + Google callback + current_user) with a rate-limited 'suspended' notice; shared purge_user (cascade delete + access-request cleanup + Google-grant revoke) behind self- and admin-deletion; single app_base source for user-facing email links.
31 lines
1 KiB
Python
31 lines
1 KiB
Python
"""backfill email_verified for Google accounts
|
|
|
|
Revision ID: 0024_google_email_verified
|
|
Revises: 0023_user_suspension
|
|
Create Date: 2026-06-19
|
|
|
|
A Google sign-in proves the email, but earlier Google signups were created with
|
|
email_verified=false (the callback didn't set it). Backfill those so the flag reflects reality —
|
|
matters because password-login gates on email_verified, so a Google user who later adds a password
|
|
must count as verified. Demo/password-only rows (google_sub IS NULL) are left untouched.
|
|
"""
|
|
from typing import Sequence, Union
|
|
|
|
from alembic import op
|
|
|
|
revision: str = "0024_google_email_verified"
|
|
down_revision: Union[str, None] = "0023_user_suspension"
|
|
branch_labels: Union[str, Sequence[str], None] = None
|
|
depends_on: Union[str, Sequence[str], None] = None
|
|
|
|
|
|
def upgrade() -> None:
|
|
op.execute(
|
|
"UPDATE users SET email_verified = true "
|
|
"WHERE google_sub IS NOT NULL AND email_verified = false"
|
|
)
|
|
|
|
|
|
def downgrade() -> None:
|
|
# Not reversible — we can't tell which rows were flipped. No-op.
|
|
pass
|