feat(auth): enforce single-owner invariant in bootstrap flow
This commit is contained in:
@@ -12,6 +12,7 @@ Implemented in MVP0:
|
||||
- Support fallback sign-in page: `/support/<CMS_SUPPORT_LOGIN_KEY>`
|
||||
- Prisma auth models (`user`, `session`, `account`, `verification`)
|
||||
- First registration creates owner; subsequent registrations are disabled
|
||||
- Owner invariant reconciliation is enforced in auth bootstrap and owner promotion flow
|
||||
|
||||
## Environment
|
||||
|
||||
@@ -38,5 +39,5 @@ Optional:
|
||||
- Support user bootstrap is available via `bun run auth:seed:support`.
|
||||
- Root `bun run db:seed` runs DB seed and support-user seed.
|
||||
- `CMS_ADMIN_SELF_REGISTRATION_ENABLED` is temporary until admin settings UI manages this policy.
|
||||
- Owner invariant hardening for all future user-management mutations remains tracked in `TODO.md`.
|
||||
- Owner invariant checks for future user-management mutations remain tracked in `TODO.md`.
|
||||
- Email verification and forgot/reset password pipelines are tracked for MVP2.
|
||||
|
||||
Reference in New Issue
Block a user