feat: DB constraints for phone auth

2026-03-14 00:31:20 +03:00
parent 4026b94c3a
commit 5ece1036cd
4 changed files with 60 additions and 4 deletions
@@ -0,0 +1,25 @@
+# Generated by Django 6.0.3 on 2026-03-13 20:53
+
+from django.db import migrations, models
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ("accounts", "0003_preferred_language"),
+    ]
+
+    operations = [
+        migrations.AlterField(
+            model_name="user",
+            name="phone_number",
+            field=models.CharField(max_length=20, unique=True),
+        ),
+        migrations.AddConstraint(
+            model_name="user",
+            constraint=models.CheckConstraint(
+                condition=models.Q(("phone_number__regex", r"^\+[1-9][0-9]{7,14}$")),
+                name="accounts_user_phone_e164_format",
+            ),
+        ),
+    ]
@@ -4,6 +4,7 @@ from datetime import timedelta
 from django.conf import settings
 from django.contrib.auth.models import AbstractBaseUser, PermissionsMixin, BaseUserManager
 from django.db import models
+from django.db.models import Q
 from django.utils import timezone


@@ -42,7 +43,7 @@ class UserManager(BaseUserManager):

 class User(AbstractBaseUser, PermissionsMixin):
    email = models.EmailField(unique=True, null=True, blank=True)
-    phone_number = models.CharField(max_length=20, unique=True, null=True, blank=True)
+    phone_number = models.CharField(max_length=20, unique=True)
    role = models.CharField(max_length=20, choices=UserRole.choices, default=UserRole.CUSTOMER)
    first_name = models.CharField(max_length=150, blank=True)
    last_name = models.CharField(max_length=150, blank=True)
@@ -62,6 +63,14 @@ class User(AbstractBaseUser, PermissionsMixin):
    USERNAME_FIELD = "phone_number"
    REQUIRED_FIELDS = []  # email is optional; phone_number is the identifier

+    class Meta:
+        constraints = [
+            models.CheckConstraint(
+                name="accounts_user_phone_e164_format",
+                condition=Q(phone_number__regex=r"^\+[1-9][0-9]{7,14}$"),
+            ),
+        ]
+
    def __str__(self):
        return self.email or self.phone_number or str(self.id)

@@ -1,6 +1,7 @@
 from unittest.mock import patch

 import pytest
+from django.db import IntegrityError
 from django.urls import reverse

 from apps.accounts.models import OtpPurpose, PhoneOTP, User
@@ -69,3 +70,24 @@ def test_otp_verify_rejects_auth_purpose_otp(client):
        )

    assert response.status_code == 400
+
+
+@pytest.mark.django_db
+def test_db_rejects_null_phone_number():
+    # DB invariant: phone_number is mandatory.
+    with pytest.raises(IntegrityError):
+        User.objects.create(email="null-phone@example.com")
+
+
+@pytest.mark.django_db
+def test_db_rejects_non_e164_phone_number():
+    # DB invariant: store normalized E.164 only.
+    with pytest.raises(IntegrityError):
+        User.objects.create_user(phone_number="0512345678")
+
+
+@pytest.mark.django_db
+def test_db_rejects_duplicate_phone_number():
+    User.objects.create_user(phone_number="+966512345678")
+    with pytest.raises(IntegrityError):
+        User.objects.create_user(phone_number="+966512345678")
@@ -17,18 +17,18 @@ def booking_payload():
        email="owner@example.com",
        password="pass",
        role=UserRole.MANAGER,
-        phone_number="0500000001",
+        phone_number="+966500000001",
    )
    customer = User.objects.create_user(
        email="customer@example.com",
        password="pass",
-        phone_number="0500000002",
+        phone_number="+966500000002",
    )
    staff_user = User.objects.create_user(
        email="staff@example.com",
        password="pass",
        role=UserRole.STAFF,
-        phone_number="0500000003",
+        phone_number="+966500000003",
    )

    salon = Salon.objects.create(