verify_password() and create_session() both call .strip().lower() on the incoming username, but _load() stored keys verbatim from auth.json. Any mixed-case key (e.g. written by manual edit or a future migration) would never match, producing a permanent 'Invalid credentials' error. Fix: lowercase all keys at load time so the in-memory dict always matches what the login path expects. Fixes #423 |
||
|---|---|---|
| .. | ||
| __init__.py | ||
| atomic_io.py | ||
| auth.py | ||
| constants.py | ||
| database.py | ||
| exceptions.py | ||
| middleware.py | ||
| models.py | ||
| platform_compat.py | ||
| session_manager.py | ||