curo/kite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

docs(06.2): capture phase context + fix admin user creation 500

Browse Source 
- Phase 6.2 CONTEXT.md: cloud-delete propagation, SHARE-03/05, audit
  log CSV export fix, daily export UI, user handle display
- Fix: admin create_user missing session.flush() before write_audit_log
  caused FK violation on PostgreSQL (silent on SQLite)
- Regression test: test_create_user_writes_audit_log in test_admin_api.py

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
curo1305
2026-05-31 11:00:45 +02:00
parent 3825f670a1
commit 7be48266ae
6 changed files with 252 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/api/admin.py
+1
View File
@@ -244,6 +244,7 @@ async def create_user(
used_bytes=0,
)
session.add(quota)
await session.flush() # persist User + Quota before audit_log FK references them
# D-13: admin user created event
_ip = request.headers.get("X-Forwarded-For") or (request.client.host if request.client else None)
await write_audit_log(
backend/tests/test_admin_api.py
+20 -1
View File
@@ -21,7 +21,8 @@ import pytest_asyncio
from httpx import ASGITransport, AsyncClient
from sqlalchemy.ext.asyncio import AsyncSession
from db.models import Quota, User
from db.models import AuditLog, Quota, User
from sqlalchemy import select
from deps.auth import get_current_admin
from deps.db import get_db
from services.auth import hash_password
@@ -140,6 +141,24 @@ async def test_create_user_sets_password_must_change(admin_client):
assert user.password_must_change is True
@pytest.mark.asyncio
async def test_create_user_writes_audit_log(admin_client):
"""POST /api/admin/users → 201 and audit_log row created (regression: FK ordering bug)."""
client, _admin, session = admin_client
body = {
"handle": "auditcheck_user",
"email": "auditcheck@example.com",
"password": "AuditCheck1@Pass",
"role": "user",
}
resp = await client.post("/api/admin/users", json=body)
assert resp.status_code == 201, f"expected 201, got {resp.status_code}: {resp.text}"
result = await session.execute(
select(AuditLog).where(AuditLog.event_type == "admin.user_created")
)
assert result.scalars().first() is not None, "audit log entry not created after user creation"
@pytest.mark.asyncio
async def test_create_user_weak_password(admin_client):
"""POST /api/admin/users with weak password → 422."""