""" PasswordPolicy model — configures password complexity/expiry rules per merchant or globally. """ from __future__ import annotations from datetime import datetime from typing import Optional from sqlalchemy import Integer, String, Boolean, DateTime, ForeignKey, func from sqlalchemy.orm import Mapped, mapped_column from src.apps.base.models.base import Base class PasswordPolicy(Base): """Password policy configuration. merchant_id=None means global default.""" __tablename__ = "password_policies" id: Mapped[int] = mapped_column(Integer, primary_key=True, autoincrement=True) # NULL = global policy; set to a merchant id for merchant-specific override merchant_id: Mapped[Optional[int]] = mapped_column( Integer, ForeignKey("merchants.id", ondelete="CASCADE"), nullable=True, index=True, ) # Complexity rules min_length: Mapped[int] = mapped_column(Integer, nullable=False, default=8) require_uppercase: Mapped[bool] = mapped_column(Boolean, nullable=False, default=True) require_lowercase: Mapped[bool] = mapped_column(Boolean, nullable=False, default=True) require_digit: Mapped[bool] = mapped_column(Boolean, nullable=False, default=True) require_special: Mapped[bool] = mapped_column(Boolean, nullable=False, default=False) # Expiry max_age_days: Mapped[Optional[int]] = mapped_column(Integer, nullable=True) grace_period_days: Mapped[int] = mapped_column(Integer, nullable=False, default=7) # History history_count: Mapped[int] = mapped_column(Integer, nullable=False, default=5) is_active: Mapped[bool] = mapped_column(Boolean, nullable=False, default=True) created_at: Mapped[datetime] = mapped_column( DateTime(timezone=True), server_default=func.now(), nullable=False ) updated_at: Mapped[datetime] = mapped_column( DateTime(timezone=True), server_default=func.now(), onupdate=func.now(), nullable=False, ) deleted_at: Mapped[Optional[datetime]] = mapped_column( DateTime(timezone=True), nullable=True )