phil/Gondulf
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
v1.0.0-rc.7
Gondulf/docs
History
Phil Skentelbery 9135edfe84 fix(auth): require email authentication every login 
CRITICAL SECURITY FIX:
- Email code required EVERY login (authentication, not verification)
- DNS TXT check cached separately (domain verification)
- New auth_sessions table for per-login state
- Codes hashed with SHA-256, constant-time comparison
- Max 3 attempts, 10-minute session expiry
- OAuth params stored server-side (security improvement)

New files:
- services/auth_session.py
- migrations 004, 005
- ADR-010: domain verification vs user authentication

312 tests passing, 86.21% coverage

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-11-22 15:16:26 -07:00
..
architecture
docs: add Phase 2 domain verification design and clarifications
2025-11-20 13:05:09 -07:00
decisions
fix(auth): require email authentication every login
2025-11-22 15:16:26 -07:00
designs
fix(auth): require email authentication every login
2025-11-22 15:16:26 -07:00
guides
fix(health): support HEAD method for health endpoint
2025-11-22 11:54:06 -07:00
reports
fix(auth): require email authentication every login
2025-11-22 15:16:26 -07:00
roadmap
docs: add Phase 2 domain verification design and clarifications
2025-11-20 13:05:09 -07:00
standards
feat(security): merge Phase 4b security hardening
2025-11-20 18:28:50 -07:00
CLARIFICATIONS-ANSWERED.md
docs: add Phase 2 domain verification design and clarifications
2025-11-20 13:05:09 -07:00
CLARIFICATIONS-PHASE-3.md
feat(phase-3): implement token endpoint and OAuth 2.0 flow
2025-11-20 14:24:06 -07:00