sboulahtit/orion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3bf23c1b23a39196519a64f9e0c28053b61b318e
orion/app/modules/loyalty/schemas/pin.py
Samir Boulahtit 3bf23c1b23
Some checks failed
CI / ruff (push) Successful in 15s
Details
CI / pytest (push) Failing after 2h27m32s
Details
CI / validate (push) Successful in 33s
Details
CI / dependency-scanning (push) Successful in 32s
Details
CI / docs (push) Has been skipped
Details
CI / deploy (push) Has been skipped
Details
feat(android-terminal): Phase C — PIN screen with offline bcrypt verify 
Two-pane landscape: scrollable staff list on the left, PIN dots + numeric
keypad on the right. Footer shows online/offline + pending-sync count.

Going with cached-hashes for offline-capable PIN verify (decision logged
in chat). The threat model already accepts the device — a stolen tablet
holds a 1-year store-scoped JWT, so leaking 4-digit bcrypt hashes is
incremental. Hashes only ever leave the server when the requester is a
paired POS tablet, gated by the new endpoint refusing user JWTs.

Backend:
- GET /api/v1/store/loyalty/pins/for-device — returns PINs WITH pin_hash
  for terminal-device JWTs only; user JWTs receive 403.
- PinForDeviceResponse / PinForDeviceListResponse schemas.
- 2 integration tests in TestPinsForDevice (10/10 pass total).

Android:
- PinForDeviceItem / PinForDeviceListResponse Moshi models.
- LoyaltyApi.listPinsForDevice().
- StaffPinRepository.verifyPin(plain) — at.favre.lib bcrypt verify
  against cached hashes; filters active + unlocked rows in one pass.
- PendingTransactionDao.getPendingCount() switched to Flow<Int> so the
  badge auto-updates when transactions sync.
- PinViewModel state machine — loads pins on init, accumulates digits,
  bcrypt-verifies on length >= 4, fires verified/errorMessage. Combines
  pending-sync count + online state into the same StateFlow.
- PinScreen rewrite: avatar-circle staff list, 6-dot PIN display,
  spinner during verify, error label on wrong PIN, status footer.

Open follow-up (intentional, post-launch): tablet doesn't yet report
failed attempts back to the server's lockout counter. Path is clear —
small POST /pins/{id}/record-failed-attempt endpoint plus a call from
attemptVerify's failure branch.

Verified by ./gradlew assembleDebug — clean build.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 22:58:18 +02:00

138 lines
3.2 KiB
Python
Raw Blame History

# app/modules/loyalty/schemas/pin.py
"""
Pydantic schemas for staff PIN operations.
"""
from datetime import datetime
from pydantic import BaseModel, ConfigDict, Field
class PinCreate(BaseModel):
"""Schema for creating a staff PIN."""
name: str = Field(
...,
min_length=1,
max_length=100,
description="Staff member name",
)
staff_id: str | None = Field(
None,
max_length=50,
description="Optional employee ID",
)
pin: str = Field(
...,
min_length=4,
max_length=6,
pattern="^[0-9]+$",
description="4-6 digit PIN",
)
class PinCreateForMerchant(PinCreate):
"""PinCreate from the merchant portal — carries the target store_id in
the body since the merchant has no per-store auth context (unlike the
store-side endpoint which reads store_id from the JWT)."""
store_id: int = Field(..., gt=0, description="Store this PIN belongs to")
class PinUpdate(BaseModel):
"""Schema for updating a staff PIN."""
model_config = ConfigDict(from_attributes=True)
name: str | None = Field(
None,
min_length=1,
max_length=100,
)
staff_id: str | None = Field(
None,
max_length=50,
)
pin: str | None = Field(
None,
min_length=4,
max_length=6,
pattern="^[0-9]+$",
description="New PIN (if changing)",
)
is_active: bool | None = None
class PinResponse(BaseModel):
"""Schema for staff PIN response (never includes actual PIN)."""
model_config = ConfigDict(from_attributes=True)
id: int
name: str
staff_id: str | None = None
is_active: bool
is_locked: bool = False
locked_until: datetime | None = None
last_used_at: datetime | None = None
created_at: datetime
class PinListResponse(BaseModel):
"""Schema for listing staff PINs."""
pins: list[PinResponse]
total: int
class PinDetailResponse(PinResponse):
"""Extended PIN response including store context for cross-store listings."""
store_id: int | None = None
store_name: str | None = None
class PinDetailListResponse(BaseModel):
"""Schema for listing staff PINs with store context."""
pins: list[PinDetailResponse]
total: int
class PinForDeviceResponse(PinResponse):
"""Pin response for a paired terminal device.
Includes the bcrypt ``pin_hash`` so the tablet can verify a typed
PIN locally without a network round-trip. This shape is ONLY served
by the device-only endpoint (``GET /pins/for-device``) — every other
pin endpoint stays hash-less.
"""
pin_hash: str
class PinForDeviceListResponse(BaseModel):
pins: list[PinForDeviceResponse]
total: int
class PinVerifyRequest(BaseModel):
"""Schema for verifying a staff PIN."""
pin: str = Field(
...,
min_length=4,
max_length=6,
pattern="^[0-9]+$",
description="PIN to verify",
)
class PinVerifyResponse(BaseModel):
"""Schema for PIN verification response."""
valid: bool
staff_name: str | None = None
remaining_attempts: int | None = None
locked_until: datetime | None = None
Reference in New Issue View Git Blame Copy Permalink