Harden auth flows and add backend quality gate

2026-03-04 12:57:42 +13:00
parent 1ad4823830
commit c6bc31f27e
24 changed files with 811 additions and 137 deletions
--- a/backend/app/services/jellyfin_sync.py
+++ b/backend/app/services/jellyfin_sync.py
@@ -6,12 +6,15 @@ from ..clients.jellyfin import JellyfinClient
 from ..db import (
    create_user_if_missing,
    get_user_by_username,
+    set_user_email,
    set_user_auth_provider,
    set_user_jellyseerr_id,
 )
 from ..runtime import get_runtime_settings
 from .user_cache import (
    build_jellyseerr_candidate_map,
+    extract_jellyseerr_user_email,
+    find_matching_jellyseerr_user,
    get_cached_jellyseerr_users,
    match_jellyseerr_user_id,
    save_jellyfin_users_cache,
@@ -41,10 +44,13 @@ async def sync_jellyfin_users() -> int:
        if not name:
            continue
        matched_id = match_jellyseerr_user_id(name, candidate_map) if candidate_map else None
+        matched_seerr_user = find_matching_jellyseerr_user(name, jellyseerr_users or [])
+        matched_email = extract_jellyseerr_user_email(matched_seerr_user)
        created = create_user_if_missing(
            name,
            "jellyfin-user",
            role="user",
+            email=matched_email,
            auth_provider="jellyfin",
            jellyseerr_user_id=matched_id,
        )
@@ -60,6 +66,8 @@ async def sync_jellyfin_users() -> int:
                set_user_auth_provider(name, "jellyfin")
            if matched_id is not None:
                set_user_jellyseerr_id(name, matched_id)
+            if matched_email:
+                set_user_email(name, matched_email)
    return imported