feat(members): split username/display_name, sync updates to authentik, add password reset API and refresh docs

2026-03-30 22:15:41 +08:00
parent 8ed50cdcc6
commit 75f9f28588
13 changed files with 224 additions and 19 deletions
--- a/app/api/internal.py
+++ b/app/api/internal.py
@@ -31,6 +31,7 @@ def upsert_user_by_sub(
    repo = UsersRepository(db)
    user = repo.upsert_by_sub(
        authentik_sub=payload.sub,
+        username=payload.username,
        email=payload.email,
        display_name=payload.display_name,
        is_active=payload.is_active,
@@ -39,6 +40,7 @@ def upsert_user_by_sub(
        "id": user.id,
        "sub": user.authentik_sub,
        "authentik_user_id": user.authentik_user_id,
+        "username": user.username,
        "email": user.email,
        "display_name": user.display_name,
        "is_active": user.is_active,
@@ -73,13 +75,20 @@ def ensure_authentik_user(
    sync_result = authentik_service.ensure_user(
        sub=payload.sub,
        email=payload.email,
+        username=payload.username,
        display_name=payload.display_name,
        is_active=payload.is_active,
    )

    users_repo = UsersRepository(db)
+    resolved_sub = payload.sub or ""
+    if sync_result.authentik_sub:
+        resolved_sub = sync_result.authentik_sub
+    if not resolved_sub:
+        raise HTTPException(status_code=status.HTTP_502_BAD_GATEWAY, detail="authentik_missing_sub")
    users_repo.upsert_by_sub(
-        authentik_sub=payload.sub,
+        authentik_sub=resolved_sub,
+        username=payload.username,
        email=payload.email,
        display_name=payload.display_name,
        is_active=payload.is_active,