# Generated by Django 5.2.6 on 2025-09-18 14:49 import django.contrib.auth.models import django.contrib.auth.validators import django.db.models.deletion import django.utils.timezone import uuid from django.conf import settings from django.db import migrations, models class Migration(migrations.Migration): initial = True dependencies = [ ('auth', '0012_alter_user_first_name_max_length'), ] operations = [ migrations.CreateModel( name='AccessPolicy', fields=[ ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), ('name', models.CharField(max_length=100, unique=True)), ('description', models.TextField()), ('policy_type', models.CharField(choices=[('ALLOW', 'Allow'), ('DENY', 'Deny')], max_length=10)), ('conditions', models.JSONField(help_text='JSON conditions for policy evaluation')), ('resource_type', models.CharField(blank=True, max_length=100)), ('actions', models.JSONField(default=list, help_text='List of actions this policy applies to')), ('priority', models.IntegerField(default=100, help_text='Lower numbers have higher priority')), ('is_active', models.BooleanField(default=True)), ('created_at', models.DateTimeField(auto_now_add=True)), ('updated_at', models.DateTimeField(auto_now=True)), ], options={ 'verbose_name_plural': 'Access Policies', 'ordering': ['priority', 'name'], }, ), migrations.CreateModel( name='DataClassification', fields=[ ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), ('name', models.CharField(choices=[('PUBLIC', 'Public'), ('INTERNAL', 'Internal'), ('CONFIDENTIAL', 'Confidential'), ('RESTRICTED', 'Restricted'), ('TOP_SECRET', 'Top Secret')], max_length=20, unique=True)), ('level', models.IntegerField(help_text='Numeric level for comparison (higher = more sensitive)', unique=True)), ('description', models.TextField()), ('color_code', models.CharField(default='#000000', help_text='Hex color code for UI', max_length=7)), ('requires_clearance', models.BooleanField(default=False)), ('created_at', models.DateTimeField(auto_now_add=True)), ('updated_at', models.DateTimeField(auto_now=True)), ], options={ 'verbose_name': 'Data Classification', 'verbose_name_plural': 'Data Classifications', 'ordering': ['level'], }, ), migrations.CreateModel( name='SSOProvider', fields=[ ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), ('name', models.CharField(max_length=100, unique=True)), ('provider_type', models.CharField(choices=[('SAML', 'SAML'), ('OAUTH2', 'OAuth 2.0'), ('OIDC', 'OpenID Connect'), ('LDAP', 'LDAP')], max_length=20)), ('is_active', models.BooleanField(default=True)), ('configuration', models.JSONField(default=dict)), ('attribute_mapping', models.JSONField(default=dict, help_text='Mapping of SSO attributes to user fields')), ('created_at', models.DateTimeField(auto_now_add=True)), ('updated_at', models.DateTimeField(auto_now=True)), ], options={ 'ordering': ['name'], }, ), migrations.CreateModel( name='Role', fields=[ ('id', models.BigAutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')), ('name', models.CharField(max_length=100, unique=True)), ('description', models.TextField()), ('is_active', models.BooleanField(default=True)), ('created_at', models.DateTimeField(auto_now_add=True)), ('updated_at', models.DateTimeField(auto_now=True)), ('data_classification_access', models.ManyToManyField(blank=True, help_text='Maximum data classification level this role can access', to='security.dataclassification')), ('permissions', models.ManyToManyField(blank=True, to='auth.permission')), ], options={ 'ordering': ['name'], }, ), migrations.CreateModel( name='User', fields=[ ('password', models.CharField(max_length=128, verbose_name='password')), ('last_login', models.DateTimeField(blank=True, null=True, verbose_name='last login')), ('is_superuser', models.BooleanField(default=False, help_text='Designates that this user has all permissions without explicitly assigning them.', verbose_name='superuser status')), ('username', models.CharField(error_messages={'unique': 'A user with that username already exists.'}, help_text='Required. 150 characters or fewer. Letters, digits and @/./+/-/_ only.', max_length=150, unique=True, validators=[django.contrib.auth.validators.UnicodeUsernameValidator()], verbose_name='username')), ('first_name', models.CharField(blank=True, max_length=150, verbose_name='first name')), ('last_name', models.CharField(blank=True, max_length=150, verbose_name='last name')), ('email', models.EmailField(blank=True, max_length=254, verbose_name='email address')), ('is_staff', models.BooleanField(default=False, help_text='Designates whether the user can log into this admin site.', verbose_name='staff status')), ('is_active', models.BooleanField(default=True, help_text='Designates whether this user should be treated as active. Unselect this instead of deleting accounts.', verbose_name='active')), ('date_joined', models.DateTimeField(default=django.utils.timezone.now, verbose_name='date joined')), ('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)), ('employee_id', models.CharField(blank=True, max_length=50, null=True, unique=True)), ('department', models.CharField(blank=True, max_length=100)), ('attributes', models.JSONField(blank=True, default=dict)), ('mfa_enabled', models.BooleanField(default=False)), ('mfa_secret', models.CharField(blank=True, max_length=32)), ('last_login_ip', models.GenericIPAddressField(blank=True, null=True)), ('failed_login_attempts', models.IntegerField(default=0)), ('account_locked_until', models.DateTimeField(blank=True, null=True)), ('sso_provider', models.CharField(blank=True, max_length=50, null=True)), ('sso_identifier', models.CharField(blank=True, max_length=255, null=True)), ('created_at', models.DateTimeField(auto_now_add=True)), ('updated_at', models.DateTimeField(auto_now=True)), ('groups', models.ManyToManyField(blank=True, help_text='The groups this user belongs to. A user will get all permissions granted to each of their groups.', related_name='user_set', related_query_name='user', to='auth.group', verbose_name='groups')), ('user_permissions', models.ManyToManyField(blank=True, help_text='Specific permissions for this user.', related_name='user_set', related_query_name='user', to='auth.permission', verbose_name='user permissions')), ('clearance_level', models.ForeignKey(blank=True, help_text="User's security clearance level", null=True, on_delete=django.db.models.deletion.SET_NULL, to='security.dataclassification')), ('roles', models.ManyToManyField(blank=True, to='security.role')), ], options={ 'ordering': ['username'], }, managers=[ ('objects', django.contrib.auth.models.UserManager()), ], ), migrations.CreateModel( name='AuditLog', fields=[ ('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)), ('timestamp', models.DateTimeField(auto_now_add=True, db_index=True)), ('action_type', models.CharField(choices=[('LOGIN', 'User Login'), ('LOGOUT', 'User Logout'), ('LOGIN_FAILED', 'Failed Login Attempt'), ('PASSWORD_CHANGE', 'Password Changed'), ('MFA_ENABLED', 'MFA Enabled'), ('MFA_DISABLED', 'MFA Disabled'), ('ROLE_ASSIGNED', 'Role Assigned'), ('ROLE_REMOVED', 'Role Removed'), ('DATA_ACCESS', 'Data Accessed'), ('DATA_MODIFIED', 'Data Modified'), ('DATA_DELETED', 'Data Deleted'), ('ACCOUNT_LOCKED', 'Account Locked'), ('ACCOUNT_UNLOCKED', 'Account Unlocked'), ('SSO_LOGIN', 'SSO Login')], max_length=50)), ('resource_type', models.CharField(blank=True, max_length=100)), ('resource_id', models.CharField(blank=True, max_length=255)), ('ip_address', models.GenericIPAddressField(blank=True, null=True)), ('user_agent', models.TextField(blank=True)), ('details', models.JSONField(default=dict)), ('severity', models.CharField(choices=[('LOW', 'Low'), ('MEDIUM', 'Medium'), ('HIGH', 'High'), ('CRITICAL', 'Critical')], default='LOW', max_length=20)), ('hash_value', models.CharField(help_text='SHA-256 hash for integrity verification', max_length=64, unique=True)), ('user', models.ForeignKey(blank=True, null=True, on_delete=django.db.models.deletion.SET_NULL, to=settings.AUTH_USER_MODEL)), ], options={ 'ordering': ['-timestamp'], 'indexes': [models.Index(fields=['timestamp', 'action_type'], name='security_au_timesta_0a6bfb_idx'), models.Index(fields=['user', 'timestamp'], name='security_au_user_id_88bbbb_idx'), models.Index(fields=['severity', 'timestamp'], name='security_au_severit_eb201b_idx')], }, ), migrations.CreateModel( name='MFADevice', fields=[ ('id', models.UUIDField(default=uuid.uuid4, editable=False, primary_key=True, serialize=False)), ('device_type', models.CharField(choices=[('TOTP', 'Time-based One-Time Password'), ('HOTP', 'HMAC-based One-Time Password'), ('SMS', 'SMS'), ('EMAIL', 'Email'), ('HARDWARE', 'Hardware Token')], max_length=20)), ('name', models.CharField(help_text='User-friendly name for the device', max_length=100)), ('secret_key', models.CharField(help_text='Encrypted secret key', max_length=255)), ('is_active', models.BooleanField(default=True)), ('is_primary', models.BooleanField(default=False)), ('last_used', models.DateTimeField(blank=True, null=True)), ('created_at', models.DateTimeField(auto_now_add=True)), ('updated_at', models.DateTimeField(auto_now=True)), ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, related_name='mfa_devices', to=settings.AUTH_USER_MODEL)), ], options={ 'ordering': ['-is_primary', 'name'], 'unique_together': {('user', 'name')}, }, ), ]