AI-Cognitive-Leap/agnes-the-ai-analyst
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
agnes-the-ai-analyst/app/auth
History
ZdenekSrotyr 3205a8d300 fix: block /auth/token for OAuth-only users without password_hash 
Users without a password_hash (Google OAuth / magic-link accounts) could
obtain a JWT by simply posting their email to /auth/token. Add an else
clause that rejects such requests with 401, directing them to their
configured auth provider. Update and extend tests accordingly.
2026-04-09 16:29:47 +02:00
..
providers security: fix auth (argon2, cookie, JWT), CORS, session middleware, pyproject.toml 2026-04-08 12:08:52 +02:00
__init__.py feat: add FastAPI server with auth, RBAC, and all API endpoints 2026-03-27 15:19:18 +01:00
dependencies.py fix: remove dead PRAGMA enable_wal code 2026-04-09 06:59:57 +02:00
jwt.py security: reduce JWT expiry to 24h and add jti claim 2026-04-09 06:57:23 +02:00
router.py fix: block /auth/token for OAuth-only users without password_hash 2026-04-09 16:29:47 +02:00