mohd/Salon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
eb88f23d28f1801a8a2c14ad9bc86f609b41bb66
Salon/docs/risks.md
T
mohd eb88f23d28 chore: document auth fixes
2026-03-14 00:48:05 +03:00

2.9 KiB
Raw Blame History

Risks And Gaps

This file tracks known gaps and risks to address in future iterations.

Security And Auth

  • Phone normalization is KSA-focused and minimal; broaden for multi-country use.
  • OTP protections are basic; add device fingerprinting and IP throttling if needed.
  • Authentica OTP provider is implemented (SMS + WhatsApp via Authentica OTP).
  • Social login is a placeholder.
  • USERNAME_FIELD is now "phone_number"; REQUIRED_FIELDS = []; create_superuser accepts phone_number. Admin and createsuperuser work correctly for phone-only users.
  • Password token obtain endpoint (/api/auth/token/) is deprecated (410 Gone); phone OTP flow is the login source of truth.
  • OTP purpose isolation is enforced at verification endpoint boundaries (/otp/verify accepts only verify, /phone/verify accepts only auth).
  • Django admin user configuration remains email-centric (ordering/add form defaults), increasing operational friction for phone-only accounts.
  • Multiple serializers/model __str__ paths in non-auth apps still fallback to user.email; phone-only users may get poor display/audit clarity.

Next Auth Review Points

  • DB-level guardrails for accounts_user.phone_number are now enforced (NOT NULL, UNIQUE, E.164 check constraint).
  • Decide user lifecycle for phone auth (create user before OTP verify vs provisional/pre-user state).
  • Expand abuse prevention beyond per-phone cooldown (IP throttling, device fingerprint, risk signals).
  • Define OAuth account-linking policy (phone/email conflicts, merge rules, trust source).
  • Add explicit tests for remaining phone-first invariants (verified-phone guards and any legacy-path regressions).

Booking Integrity

  • Availability checks and overlap prevention are now enforced for staff bookings.
  • Race condition — fixed: BookingCreateSerializer.create() now locks the staff row with select_for_update() inside transaction.atomic() and re-runs the overlap check before inserting. Concurrent requests for the same staff slot are serialized at the DB level. Requires PostgreSQL in production (SQLite ignores FOR UPDATE but still serializes writes).
  • No timezone handling or business hours enforcement.
  • No cancellation rules or refund logic.

Payments

  • Moyasar payment creation, webhook reconciliation, and idempotency are implemented.
  • Moyasar capture and refund are implemented in the gateway; API endpoints for admin-initiated capture/refund can be added when needed.

Data And UX

  • Ratings are not recalculated from reviews.
  • No image upload or storage strategy for photos.
  • Booking lifecycle notifications are implemented; Authentica can deliver SMS when NOTIFICATION_PROVIDER=authentica.
  • Localization foundations are in progress; full Arabic translation coverage and RTL QA are still pending.

Ops And Compliance

  • No audit logs for admin actions.
  • No multi-tenant isolation or data export tooling.
  • No GDPR/PDPL data retention policies defined.
Reference in New Issue View Git Blame Copy Permalink