cronekorkn/left4me
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
left4me/l4d2web/routes
History
mwiegand 3490be5fb7
auth: reject inactive users at login + invalidate existing sessions 
Two-pronged enforcement so deactivation has effect both for fresh
logins and already-issued sessions:

  - load_current_user(): treat User with active=False as logged-out
    (sets g.user=None). Existing sessions stop working immediately.
  - login(): include `not user.active` in the existing 401 condition,
    so deactivated accounts get the same "invalid credentials"
    response as wrong-password / unknown-user — no timing oracle for
    deactivation status.

Tests still green (12/12 in test_auth.py).
2026-05-10 21:13:31 +02:00
..
__init__.py chore(l4d2): flatten component layout 2026-05-05 23:47:06 +02:00
auth_routes.py auth: reject inactive users at login + invalidate existing sessions 2026-05-10 21:13:31 +02:00
blueprint_routes.py feat(l4d2-web): blueprint rename moves to footer modal — matches overlay/server pattern 2026-05-09 01:37:29 +02:00
files_routes.py feat(files-overlay): user-managed file content as a third overlay type 2026-05-09 18:59:32 +02:00
job_routes.py feat(l4d2-web): managed global map overlays with daily refresh 2026-05-08 08:05:14 +02:00
log_routes.py feat(l4d2-web): server identity by id, name as display label 2026-05-08 19:22:09 +02:00
overlay_routes.py feat(files-overlay): user-managed file content as a third overlay type 2026-05-09 18:59:32 +02:00
page_routes.py feat(l4d2-web): server detail — directory tree of the runtime merged view 2026-05-09 01:35:09 +02:00
server_routes.py refactor(l4d2-web): detail-page UI — single panel, soft border, footer Delete 2026-05-09 01:26:57 +02:00
workshop_routes.py feat(l4d2-web): per-overlay job list + redirect to job after build-triggering edits 2026-05-08 17:44:22 +02:00