Feat(Chore): Verify Flow, Invites, Suspend, Depart Cert Policy

feat: add password reset and email verification flow feat: add org invite listing, cancellation, and invite link fallback feat: add user suspend/unsuspend with audit logging feat: add department certificate policy (expiry, extensions) feat: enforce dept cert policy on SSH certificate signing feat: wire up OIDC consent and token flow (replace mocks) feat: rework CLI auth bridge to use frontend login flow feat: add admin OAuth provider management (CRUD) chore: refactor model import paths after module reorganisation chore: clean up config, decorators, and dev tooling
2026-03-01 16:50:27 +05:45
parent 07193a2d2e
commit a0d4e59c24
39 changed files with 2035 additions and 611 deletions
@@ -458,12 +458,22 @@ def add_principal_member(org_id, principal_id):
                error_type="CONFLICT",
            )

-        # Add member
-        membership = PrincipalMembership(
-            user_id=user.id,
-            principal_id=principal_id,
-        )
-        db.session.add(membership)
+        soft_deleted = PrincipalMembership.query.filter(
+            PrincipalMembership.user_id == user.id,
+            PrincipalMembership.principal_id == principal_id,
+            PrincipalMembership.deleted_at.isnot(None)
+        ).first()
+
+        if soft_deleted:
+            soft_deleted.deleted_at = None
+            membership = soft_deleted
+        else:
+            membership = PrincipalMembership(
+                user_id=user.id,
+                principal_id=principal_id,
+            )
+            db.session.add(membership)
+
        db.session.commit()

        member_dict = membership.to_dict()
@@ -665,7 +675,7 @@ def link_principal_to_department(org_id, principal_id, dept_id):
    soft_deleted = DepartmentPrincipal.query.filter(
        DepartmentPrincipal.department_id == dept_id,
        DepartmentPrincipal.principal_id == principal_id,
-        DepartmentPrincipal.deleted_at != None,  # noqa: E711
+        DepartmentPrincipal.deleted_at.isnot(None),
    ).first()

    try:
@@ -678,13 +688,8 @@ def link_principal_to_department(org_id, principal_id, dept_id):
            )
            db.session.add(link)
        db.session.commit()
-    except Exception as e:
+    except Exception:
        db.session.rollback()
-        from gatehouse_app.extensions import db as _db
-        try:
-            _db.session.rollback()
-        except Exception:
-            pass
        return api_response(
            success=False,
            message="Failed to link principal to department",
@@ -693,6 +698,10 @@ def link_principal_to_department(org_id, principal_id, dept_id):
        )

    return api_response(
+        data={
+            "principal": principal.to_dict(),
+            "department": dept.to_dict(),
+        },
        message="Principal linked to department successfully",
        status=201,
    )