feat: Implement passkey authentication, account management features, and a dedicated MFA login verification flow.

2026-02-05 10:25:18 -05:00 · 2026-01-06 10:08:44 -05:00
parent b80654952d
commit 4da7e52fb0
14 changed files with 1566 additions and 20 deletions
--- a/backend/apps/api/v1/admin/views.py
+++ b/backend/apps/api/v1/admin/views.py
@@ -19,7 +19,7 @@ from django.db import transaction
 from django.db.models import Count, Q
 from django.utils import timezone
 from rest_framework import status
-from rest_framework.permissions import IsAdminUser
+from apps.core.permissions import IsAdminWithSecondFactor
 from rest_framework.response import Response
 from rest_framework.views import APIView

@@ -35,7 +35,7 @@ class OSMUsageStatsView(APIView):
    Return OSM cache statistics for admin dashboard.
    """

-    permission_classes = [IsAdminUser]
+    permission_classes = [IsAdminWithSecondFactor]

    def get(self, request):
        """Return OSM/location cache usage statistics."""
@@ -128,7 +128,7 @@ class RateLimitMetricsView(APIView):
    Return rate limiting metrics for admin dashboard.
    """

-    permission_classes = [IsAdminUser]
+    permission_classes = [IsAdminWithSecondFactor]

    def post(self, request):
        """Return rate limit metrics based on action."""
@@ -200,7 +200,7 @@ class DatabaseManagerView(APIView):
    Handle admin CRUD operations for entities.
    """

-    permission_classes = [IsAdminUser]
+    permission_classes = [IsAdminWithSecondFactor]

    # Map entity types to Django models
    ENTITY_MODEL_MAP = {
@@ -627,7 +627,7 @@ class CeleryTaskStatusView(APIView):
    Return Celery task status (read-only).
    """

-    permission_classes = [IsAdminUser]
+    permission_classes = [IsAdminWithSecondFactor]

    # List of known scheduled tasks
    SCHEDULED_TASKS = [
@@ -734,7 +734,7 @@ class DetectAnomaliesView(APIView):
    TODO: Implement full ML algorithms with numpy/scipy in follow-up task.
    """

-    permission_classes = [IsAdminUser]
+    permission_classes = [IsAdminWithSecondFactor]
    
    # Severity score thresholds
    SEVERITY_THRESHOLDS = {
@@ -932,7 +932,7 @@ class CollectMetricsView(APIView):
    BULLETPROOFED: Safe input parsing with validation.
    """

-    permission_classes = [IsAdminUser]
+    permission_classes = [IsAdminWithSecondFactor]
    
    # Allowed values
    ALLOWED_METRIC_TYPES = {"all", "database", "users", "moderation", "performance"}
@@ -1043,7 +1043,7 @@ class PipelineIntegrityScanView(APIView):
    BULLETPROOFED: Safe input parsing with validation.
    """

-    permission_classes = [IsAdminUser]
+    permission_classes = [IsAdminWithSecondFactor]
    
    # Allowed values
    ALLOWED_SCAN_TYPES = {"full", "referential", "status", "media", "submissions", "stuck", "versions"}