dragonflight

History

Zac Gaetano bcfc19e530 fix(mam-api): real dummy bcrypt hash + log last_login_at failures Code-review feedback: - Dummy hash for user-enumeration-defense timing was 63 chars (bcrypt strings are 60 chars). Worked by accident because bcrypt 5.x is lenient about trailing chars; a future tightening would silently regress the timing defense. Replaced with a real pre-computed bcrypt hash. - last_login_at UPDATE now logs errors instead of silently swallowing them, matching the pattern in requireAuth for api_tokens.last_used_at. - Removed dead import of comparePassword from auth.test.js.	2026-05-27 14:35:59 -04:00
..
auth.test.js	fix(mam-api): real dummy bcrypt hash + log last_login_at failures	2026-05-27 14:35:59 -04:00

Zac Gaetano bcfc19e530 fix(mam-api): real dummy bcrypt hash + log last_login_at failures

Code-review feedback:
- Dummy hash for user-enumeration-defense timing was 63 chars (bcrypt strings
  are 60 chars). Worked by accident because bcrypt 5.x is lenient about
  trailing chars; a future tightening would silently regress the timing
  defense. Replaced with a real pre-computed bcrypt hash.
- last_login_at UPDATE now logs errors instead of silently swallowing them,
  matching the pattern in requireAuth for api_tokens.last_used_at.
- Removed dead import of comparePassword from auth.test.js.

2026-05-27 14:35:59 -04:00

auth.test.js

fix(mam-api): real dummy bcrypt hash + log last_login_at failures

2026-05-27 14:35:59 -04:00