mohd/Salon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9787fb699a1293fba644fbed610bf377a371815c
Salon/docs/risks.md
T

3.0 KiB
Raw Blame History

Risks And Gaps

This file tracks known gaps and risks to address in future iterations.

Security And Auth

  • Phone normalization is KSA-focused and minimal; broaden for multi-country use.
  • OTP protections now include per-phone limits plus /phone/request IP/device window controls; thresholds still need production tuning.
  • Authentica OTP provider is implemented (SMS + WhatsApp via Authentica OTP).
  • Social login is a placeholder.
  • USERNAME_FIELD is now "phone_number"; REQUIRED_FIELDS = []; create_superuser accepts phone_number. Admin and createsuperuser work correctly for phone-only users.
  • Password token obtain endpoint (/api/auth/token/) is deprecated (410 Gone); phone OTP flow is the login source of truth.
  • OTP purpose isolation is enforced at verification endpoint boundaries (/otp/verify accepts only verify, /phone/verify accepts only auth).
  • Django admin user configuration now orders by phone_number and requests it on add forms to reduce friction for phone-only accounts.
  • Phone auth request now creates the customer record before issuing OTPs and marks is_phone_verified once /api/auth/phone/verify/ succeeds, so phone numbers remain first-class during onboarding.

Next Auth Review Points

  • DB-level guardrails for accounts_user.phone_number are now enforced (NOT NULL, UNIQUE, E.164 check constraint).
  • Abuse-control implementation for /api/auth/phone/request/ is in place (IP throttling + persisted device signal); next step is monitor false positives and tune limits.
  • Define OAuth account-linking policy (phone/email conflicts, merge rules, trust source).
  • Add explicit tests for remaining phone-first invariants (verified-phone guards and any legacy-path regressions).

Booking Integrity

  • Availability checks and overlap prevention are now enforced for staff bookings.
  • Race condition — fixed: BookingCreateSerializer.create() now locks the staff row with select_for_update() inside transaction.atomic() and re-runs the overlap check before inserting. Concurrent requests for the same staff slot are serialized at the DB level. Requires PostgreSQL in production (SQLite ignores FOR UPDATE but still serializes writes).
  • No timezone handling or business hours enforcement.
  • No cancellation rules or refund logic.

Payments

  • Moyasar payment creation, webhook reconciliation, and idempotency are implemented.
  • Moyasar capture and refund are implemented in the gateway; API endpoints for admin-initiated capture/refund can be added when needed.

Data And UX

  • Ratings are not recalculated from reviews.
  • No image upload or storage strategy for photos.
  • Booking lifecycle notifications are implemented; Authentica can deliver SMS when NOTIFICATION_PROVIDER=authentica.
  • Localization foundations are in progress; full Arabic translation coverage and RTL QA are still pending.

Ops And Compliance

  • No audit logs for admin actions.
  • No multi-tenant isolation or data export tooling.
  • No GDPR/PDPL data retention policies defined.
Reference in New Issue View Git Blame Copy Permalink