Skip to content

Remove password_hash from users model, schema, and route (now managed by supabase auth) #66

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

Remove password_hash from users model, schema, and route (now managed by supabase auth) #66

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
1150330
refactor: remove password_hash from users model, schema, and route (m…
Saahi30 Jun 5, 2025
cc13afb
fix: remove password and password_hash logic from seed script (Supaba…
Saahi30 Jun 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 0 additions & 5 deletions Backend/app/db/seed.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,15 +9,13 @@ async def seed_db():
"id": "aabb1fd8-ba93-4e8c-976e-35e5c40b809c",
"username": "creator1",
"email": "[email protected]",
"password": "password123",
"role": "creator",
"bio": "Lifestyle and travel content creator",
},
{
"id": "6dbfcdd5-795f-49c1-8f7a-a5538b8c6f6f",
"username": "brand1",
"email": "[email protected]",
"password": "password123",
"role": "brand",
"bio": "Sustainable fashion brand looking for influencers",
},
Expand All @@ -40,9 +38,6 @@ async def seed_db():
id=user_data["id"],
username=user_data["username"],
email=user_data["email"],
password_hash=user_data[
"password"
], # Using plain password directly
role=user_data["role"],
bio=user_data["bio"],
)
Expand Down
1 change: 0 additions & 1 deletion Backend/app/models/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,6 @@ class User(Base):
id = Column(String, primary_key=True, default=generate_uuid)
username = Column(String, unique=True, nullable=False)
email = Column(String, unique=True, nullable=False)
password_hash = Column(Text, nullable=False)
role = Column(String, nullable=False) # 'creator' or 'brand'
profile_image = Column(Text, nullable=True)
bio = Column(Text, nullable=True)
Expand Down
1 change: 0 additions & 1 deletion Backend/app/routes/post.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,7 +44,6 @@ async def create_user(user: UserCreate):
"id": user_id,
"username": user.username,
"email": user.email,
"password_hash": user.password_hash,
"role": user.role,
"profile_image": user.profile_image,
"bio": user.bio,
Expand Down
2 changes: 1 addition & 1 deletion Backend/app/schemas/schema.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
class UserCreate(BaseModel):
username: str
email: str
password_hash: str
# password_hash: str # Removed: managed by Supabase Auth
role: str
profile_image: Optional[str] = None
bio: Optional[str] = None
Comment on lines 5 to 11
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Verification agent

🧩 Analysis chain

Verify consistency across the codebase.

Ensure that all code referencing the password_hash field in UserCreate has been updated to prevent runtime errors.

🏁 Script executed:

#!/bin/bash
# Description: Verify that no code still references password_hash in UserCreate or related user creation logic
# Expected: No remaining references to password_hash in user creation code

echo "=== Searching for password_hash references in Python files ==="
rg -A 3 -B 3 "password_hash" --type py

echo -e "\n=== Searching for UserCreate usage that might expect password_hash ==="
rg -A 5 -B 5 "UserCreate" --type py

echo -e "\n=== Checking for any remaining password-related fields in schemas ==="
rg -A 3 -B 3 "password" Backend/app/schemas/ --type py

Length of output: 3760

Fix seeding logic that still sets password_hash

The seeder in Backend/app/db/seed.py still assigns a plain‐text password to password_hash, but passwords are now managed by Supabase Auth. Update or remove this mapping to avoid runtime errors:

• Location: Backend/app/db/seed.py

-    password_hash=user_data["password"],  # Using plain password directly
+    # Remove direct password_hash assignment. 
+    # Instead, use Supabase Auth (e.g., supabase.auth.admin.create_user) 
+    # to provision users with passwords, or omit password fields here.

• Ensure any tests or downstream code expecting password_hash are updated to use Supabase’s user/session objects instead.

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
class UserCreate(BaseModel):
username: str
email: str
password_hash: str
# password_hash: str # Removed: managed by Supabase Auth
role: str
profile_image: Optional[str] = None
bio: Optional[str] = None
for user_data in users:
user = User(
username=user_data["username"],
email=user_data["email"],
- password_hash=user_data["password"], # Using plain password directly
+ # Remove direct password_hash assignment.
+ # Instead, use Supabase Auth (e.g., supabase.auth.admin.create_user)
+ # to provision users with passwords, or omit password fields here.
role=user_data["role"],
profile_image=user_data.get("profile_image"),
bio=user_data.get("bio"),
)
db.session.add(user)
db.session.commit()
🧰 Tools
🪛 Pylint (3.3.7)

[refactor] 5-5: Too few public methods (0/2)

(R0903)

🤖 Prompt for AI Agents 
In Backend/app/db/seed.py, update the seeding logic that still assigns a
plain-text password to the password_hash field, which is no longer part of
UserCreate since password management is handled by Supabase Auth. Remove or
refactor any code that sets password_hash during user creation to prevent
runtime errors. Additionally, review and update any tests or downstream code
that expect password_hash to instead use Supabase’s user or session objects for
authentication data.

Expand Down