Skip to content

Input validation — enum checks for frequency/tone/depth/timezone #13

@howwohmm

Description

@howwohmm

Problem

`main.py:126-134` — `EnrollRequest` accepts arbitrary strings for `frequency`, `tone`, `depth`, `timezone`:

  • Bad timezone (e.g., "not_a_tz") → crash in pytz
  • Bad frequency (e.g., "99x") → no email slots generated, silent failure
  • `EmailStr` is imported but unused — email validation is just `"@" in email` (line 401)

Solution

  • Use Pydantic `Literal` or `Enum` types for frequency, tone, depth
  • Validate timezone against `pytz.all_timezones`
  • Use `EmailStr` for email fields
  • Add `@validator` for active_days (must be valid day abbreviations)

Files

  • `main.py` — `EnrollRequest` model (lines 126-134), OTP models

Acceptance Criteria

  • Invalid frequency/tone/depth returns 422 with clear error
  • Invalid timezone returns 422
  • Email validated properly
  • Active days validated against Mon-Sun

Metadata

Metadata

Assignees

No one assigned

    Labels

    P3Low — operational paingood first issueGood for newcomerssecuritySecurity issue

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions