Inicio Explorar Axuda
Iniciar sesión
yunoadmin
/
bambuddy
réplica de https://github.com/maziggy/bambuddy
1
0
Fork 0
Ficheiros Incidencias 0 Wiki
Árbore: 135b8fd93b
Ramas Etiquetas
bambuddy
/
backend
/
app
/
models
/
user_otp_code.py

user_otp_code.py 2.1 KB
Histórico Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455 
  1. from __future__ import annotations
    2. 

  2. 

  3. from datetime import datetime, timezone
    4. 

  4. 

  5. from sqlalchemy import Boolean, DateTime, ForeignKey, Integer, String, func
    6. 

  6. from sqlalchemy.orm import Mapped, mapped_column
    7. 

  7. 

  8. from backend.app.core.database import Base
    9. 

  9. 

  10. 

  11. class UserOTPCode(Base):
    12. 

  12.     """Temporary email OTP (One-Time Password) code for 2FA verification.
    13. 

  13. 

  14.     Each record represents a single sent OTP code.  Codes expire after
    15. 

  15.     OTP_TTL_MINUTES and are invalidated after MAX_ATTEMPTS failed attempts
    16. 

  16.     or after successful verification.
    17. 

  17.     """
    18. 

  18. 

  19.     __tablename__ = "user_otp_codes"
    20. 

  20. 

  21.     OTP_TTL_MINUTES = 10
    22. 

  22.     MAX_ATTEMPTS = 5
    23. 

  23. 

  24.     id: Mapped[int] = mapped_column(primary_key=True)
    25. 

  25.     user_id: Mapped[int] = mapped_column(Integer, ForeignKey("users.id", ondelete="CASCADE"), index=True)
    26. 

  26.     # pbkdf2_sha256 hash of the 6-digit code
    27. 

  27.     code_hash: Mapped[str] = mapped_column(String(255))
    28. 

  28.     # Number of failed verification attempts for this code
    29. 

  29.     attempts: Mapped[int] = mapped_column(Integer, default=0)
    30. 

  30.     # True once the code has been successfully used or explicitly invalidated
    31. 

  31.     used: Mapped[bool] = mapped_column(Boolean, default=False)
    32. 

  32.     expires_at: Mapped[datetime] = mapped_column(DateTime)
    33. 

  33.     created_at: Mapped[datetime] = mapped_column(DateTime, server_default=func.now())
    34. 

  34. 

  35.     def consume(self) -> None:
    36. 

  36.         """T4: Mark this OTP as used, enforcing preconditions.
    37. 

  37. 

  38.         Raises ``ValueError`` if the code is already used or expired so callers
    39. 

  39.         cannot silently re-use an invalidated code.  The caller is responsible
    40. 

  40.         for flushing/committing the change to the DB.
    41. 

  41.         """
    42. 

  42.         now = datetime.now(timezone.utc)
    43. 

  43.         exp = self.expires_at
    44. 

  44.         if exp.tzinfo is None:
    45. 

  45.             from datetime import timezone as _tz
    46. 

  46. 

  47.             exp = exp.replace(tzinfo=_tz.utc)
    48. 

  48.         if self.used:
    49. 

  49.             raise ValueError("OTP code has already been used")
    50. 

  50.         if exp < now:
    51. 

  51.             raise ValueError("OTP code has expired")
    52. 

  52.         self.used = True
    53. 

  53. 

  54.     def __repr__(self) -> str:
    55. 

  55.         return f"<UserOTPCode user_id={self.user_id} used={self.used}>"
    56.