"""Seed the dev environment with a fixed set of test users. Users are upserted on every startup — missing ones are created, existing ones are left untouched except for the admin flag which is always enforced. """ import asyncio from sqlalchemy import select from app.core.security import hash_password from app.database import AsyncSessionLocal from app.models.user import User # ── Dev seed users ──────────────────────────────────────────────────────────── # Passwords satisfy the strength policy (upper, lower, digit, special char, # no forbidden words) so they can also be used via the API if needed. SEED_USERS = [ { "email": "test_admin@example.com", "password": "Secure_Dev1!", "full_name": "Test Admin", "is_superuser": True, }, { "email": "test_1@example.com", "password": "Secure_Dev2!", "full_name": "Test User One", "is_superuser": False, }, { "email": "test_2@example.com", "password": "Secure_Dev3!", "full_name": "Test User Two", "is_superuser": False, }, ] async def seed() -> None: async with AsyncSessionLocal() as db: for spec in SEED_USERS: result = await db.execute( select(User).where(User.email == spec["email"]) ) existing = result.scalar_one_or_none() if existing: # Always enforce the correct admin flag in case it drifted if existing.is_superuser != spec["is_superuser"]: existing.is_superuser = spec["is_superuser"] await db.commit() flag = "admin" if spec["is_superuser"] else "user" print(f"[seed] updated role → {flag}: {spec['email']}") else: print(f"[seed] already exists: {spec['email']}") else: user = User( email=spec["email"], hashed_password=hash_password(spec["password"]), full_name=spec["full_name"], is_superuser=spec["is_superuser"], ) db.add(user) await db.commit() role = "admin" if spec["is_superuser"] else "user" print( f"[seed] created {role}: {spec['email']} pwd: {spec['password']}" ) if __name__ == "__main__": asyncio.run(seed())