feat: add member portal and auth hardening

2026-04-18 12:05:17 -07:00
parent c80b2a543a
commit 468bc05b78
59 changed files with 4066 additions and 604 deletions
--- a/prisma/schema.prisma
+++ b/prisma/schema.prisma
@@ -2442,6 +2442,19 @@ model employee_credentials {
  employeeName         String
  email                String
  securityClearance    String
+  portalPasswordHash   String?
+  mustRotatePassword   Boolean    @default(false)
+  failedLoginAttempts  Int        @default(0)
+  lockedUntil          DateTime?
+  lastLoginAt          DateTime?
+  passwordChangedAt    DateTime?
+  passwordResetTokenHash String?
+  passwordResetTokenExpiresAt DateTime?
+  mfaEnabled           Boolean    @default(false)
+  mfaSecretCiphertext  String?
+  mfaSecretIv          String?
+  mfaSecretTag         String?
+  mfaEnrolledAt        DateTime?
  cryptographicBadgeId String?
  hsmCredentialId      String?
  status               String     @default("active")
@@ -2458,6 +2471,44 @@ model employee_credentials {
  @@index([status])
 }

+model portal_member_accounts {
+  id                   String   @id
+  memberId             String   @unique
+  memberName           String
+  email                String   @unique
+  institutionName      String?
+  institutionCountry   String?
+  participantId        String?
+  lei                  String?
+  sovereignBankId      String?
+  portalPasswordHash   String
+  approvalStatus       String   @default("pending")
+  approvedAt           DateTime?
+  approvedByEmployeeId String?
+  mustRotatePassword   Boolean  @default(false)
+  failedLoginAttempts  Int      @default(0)
+  lockedUntil          DateTime?
+  lastLoginAt          DateTime?
+  passwordChangedAt    DateTime?
+  passwordResetTokenHash String?
+  passwordResetTokenExpiresAt DateTime?
+  status               String   @default("active")
+  issuedAt             DateTime @default(now())
+  expiresAt            DateTime?
+  revokedAt            DateTime?
+  createdAt            DateTime @default(now())
+  updatedAt            DateTime
+
+  @@index([memberId])
+  @@index([email])
+  @@index([participantId])
+  @@index([lei])
+  @@index([institutionCountry])
+  @@index([approvalStatus])
+  @@index([status])
+  @@index([sovereignBankId])
+}
+
 model entanglement_measurements {
  id                     String                 @id
  measurementId          String                 @unique