curo1305
212c663a4c
- scripts/seed.py: seed three fixed dev users on every startup:
test_admin@example.com / Secure_Dev1! (admin)
test_1@example.com / Secure_Dev2! (user)
test_2@example.com / Secure_Dev3! (user)
Upsert logic: missing users are created; existing users have their admin
flag corrected if it drifted; all passwords pass the strength policy
- TODO.md: add permissions registry item (user_app_permissions table,
admin UI to grant/revoke per-app access per user)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
75 lines
2.5 KiB
Python
75 lines
2.5 KiB
Python
"""Seed the dev environment with a fixed set of test users.
|
|
|
|
Users are upserted on every startup — missing ones are created, existing ones
|
|
are left untouched except for the admin flag which is always enforced.
|
|
"""
|
|
|
|
import asyncio
|
|
|
|
from sqlalchemy import select
|
|
|
|
from app.core.security import hash_password
|
|
from app.database import AsyncSessionLocal
|
|
from app.models.user import User
|
|
|
|
# ── Dev seed users ────────────────────────────────────────────────────────────
|
|
# Passwords satisfy the strength policy (upper, lower, digit, special char,
|
|
# no forbidden words) so they can also be used via the API if needed.
|
|
|
|
SEED_USERS = [
|
|
{
|
|
"email": "test_admin@example.com",
|
|
"password": "Secure_Dev1!",
|
|
"full_name": "Test Admin",
|
|
"is_superuser": True,
|
|
},
|
|
{
|
|
"email": "test_1@example.com",
|
|
"password": "Secure_Dev2!",
|
|
"full_name": "Test User One",
|
|
"is_superuser": False,
|
|
},
|
|
{
|
|
"email": "test_2@example.com",
|
|
"password": "Secure_Dev3!",
|
|
"full_name": "Test User Two",
|
|
"is_superuser": False,
|
|
},
|
|
]
|
|
|
|
|
|
async def seed() -> None:
|
|
async with AsyncSessionLocal() as db:
|
|
for spec in SEED_USERS:
|
|
result = await db.execute(
|
|
select(User).where(User.email == spec["email"])
|
|
)
|
|
existing = result.scalar_one_or_none()
|
|
|
|
if existing:
|
|
# Always enforce the correct admin flag in case it drifted
|
|
if existing.is_superuser != spec["is_superuser"]:
|
|
existing.is_superuser = spec["is_superuser"]
|
|
await db.commit()
|
|
flag = "admin" if spec["is_superuser"] else "user"
|
|
print(f"[seed] updated role → {flag}: {spec['email']}")
|
|
else:
|
|
print(f"[seed] already exists: {spec['email']}")
|
|
else:
|
|
user = User(
|
|
email=spec["email"],
|
|
hashed_password=hash_password(spec["password"]),
|
|
full_name=spec["full_name"],
|
|
is_superuser=spec["is_superuser"],
|
|
)
|
|
db.add(user)
|
|
await db.commit()
|
|
role = "admin" if spec["is_superuser"] else "user"
|
|
print(
|
|
f"[seed] created {role}: {spec['email']} pwd: {spec['password']}"
|
|
)
|
|
|
|
|
|
if __name__ == "__main__":
|
|
asyncio.run(seed())
|