"""drop password_hash + email_verified — passwordless auth

Cassandra moves to e-mail-OTP-only authentication. Both columns become
obsolete:

- password_hash: no passwords any more.
- email_verified: every active session is by construction proof of email
  control (sessions only ever land after a successful OTP), so a separate
  flag is redundant.

Revision ID: 0010
Revises: 0009
Create Date: 2026-05-16
"""
from typing import Sequence, Union

import sqlalchemy as sa
from alembic import op


revision: str = "0010"
down_revision: Union[str, None] = "0009"
branch_labels: Union[str, Sequence[str], None] = None
depends_on: Union[str, Sequence[str], None] = None


def upgrade() -> None:
    op.drop_column("users", "password_hash")
    op.drop_column("users", "email_verified")


def downgrade() -> None:
    # Restoring the columns yields empty / default values — we don't have
    # the old hashes any more. Downgrade is structural only.
    op.add_column(
        "users",
        sa.Column("password_hash", sa.String(255), nullable=False, server_default=""),
    )
    op.add_column(
        "users",
        sa.Column("email_verified", sa.Boolean, nullable=False, server_default=sa.text("0")),
    )