- Added models for `OAuthClient`, `OAuthState`, and `OAuthAccount`.
- Created Pydantic schemas to support OAuth flows, client management, and linked accounts.
- Implemented skeleton endpoints for OAuth Provider mode: authorization, token, and revocation.
- Updated router imports to include new `/oauth` and `/oauth/provider` routes.
- Added Alembic migration script to create OAuth-related database tables.
- Enhanced `users` table to allow OAuth-only accounts by making `password_hash` nullable.
- Deleted `admin.ts`, `auth.ts`, and `users.ts` MSW handler files to streamline demo mode setup.
- Updated demo credentials logic in `DemoCredentialsModal` and `DemoModeBanner` for stronger password requirements (≥12 characters).
- Refined documentation in `CLAUDE.md` to align with new credential standards and auto-generated MSW workflows.
- Introduced `pyproject.toml` to centralize backend tool configurations (e.g., Ruff, mypy, coverage, pytest).
- Replaced Black, isort, and Flake8 with Ruff for linting, formatting, and import sorting.
- Updated `requirements.txt` to include Ruff and remove replaced tools.
- Added `Makefile` to streamline development workflows with commands for linting, formatting, type-checking, testing, and cleanup.
- **Configurations:** Test minimum `SECRET_KEY` length validation to prevent weak JWT signing keys. Validate proper handling of secure defaults.
- **Permissions:** Add tests for inactive user blocking, API access control, and superuser privilege escalation across organizational roles.
- **Authentication:** Test logout safety, session revocation, token replay prevention, and defense against JWT algorithm confusion attacks.
- Include `# pragma: no cover` for unreachable defensive code in security-sensitive areas.
- Introduce unit and integration tests for `get_async_database_url`, `get_db`, `async_transaction_scope`, `check_async_database_health`, `init_async_db`, and `close_async_db`.
- Cover success and failure scenarios, including session cleanup, transaction rollbacks, and database health checks.
- Ensure robust handling of exceptions and validation of utility function outputs across async database operations.
- Updated `verify_password` and `get_password_hash` to their async counterparts to prevent event loop blocking.
- Replaced N+1 query patterns in `admin.py` and `session_async.py` with optimized bulk operations for improved performance.
- Enhanced `user_async.py` with bulk update and soft delete methods for efficient user management.
- Added eager loading support in CRUD operations to prevent N+1 query issues.
- Updated test cases with stronger password examples for better security representation.
- Refactored all `password reset` and `auth dependency` tests to utilize async patterns for compatibility with async database sessions.
- Enhanced test fixtures with `pytest-asyncio` to support asynchronous database operations.
- Improved user handling with async context management for `test_user` and `async_mock_user`.
- Introduced `await` syntax for route calls, token generation, and database transactions in test cases.
- Enforced minimum length and security standards for `SECRET_KEY` (32 chars, random value required in production).
- Added checks for strong `FIRST_SUPERUSER_PASSWORD` (min 12 chars with mixed case, digits).
- Updated `.env.template` with guidelines for secure configurations.
- Added `test_config.py` to verify validations for environment configurations, passwords, and database URLs.
This commit introduces a suite of tests for user models, schemas, CRUD operations, and authentication services. It also adds utilities for in-memory database setup to support these tests and updates environment settings for consistency.
