Added soft deletes to all deletion functions and added deleted_at filters as required

gatehouse_app/models/auth/authentication_method.py

@@ -374,7 +374,7 @@ class OAuthState(BaseModel):
     def cleanup_expired(cls) -> None:
         """Remove expired OAuth states."""
         now = datetime.now(timezone.utc)
-        cls.query.filter(cls.expires_at < now).delete()
+        cls.query.filter(cls.expires_at < now).filter(cls.deleted_at == None).update({"deleted_at": now}, synchronize_session=False)
         db.session.commit()
 
     def to_dict(self, exclude=None):

gatehouse_app/models/auth/email_verification_token.py

@@ -32,7 +32,8 @@ class EmailVerificationToken(BaseModel):
 
         Any existing unused tokens for this user are invalidated first.
         """
-        cls.query.filter_by(user_id=user_id, used_at=None).delete()
+        now = datetime.now(timezone.utc)
+        cls.query.filter_by(user_id=user_id, used_at=None).filter(cls.deleted_at == None).update({"deleted_at": now}, synchronize_session=False)
         db.session.flush()
 
         token_value = secrets.token_urlsafe(48)

gatehouse_app/models/auth/password_reset_token.py

@@ -33,7 +33,8 @@ class PasswordResetToken(BaseModel):
         Any existing unused tokens for this user are invalidated first.
         """
         # Invalidate any existing unused tokens for this user
-        cls.query.filter_by(user_id=user_id, used_at=None).delete()
+        now = datetime.now(timezone.utc)
+        cls.query.filter_by(user_id=user_id, used_at=None).filter(cls.deleted_at == None).update({"deleted_at": now}, synchronize_session=False)
         db.session.flush()
 
         token_value = secrets.token_urlsafe(48)