ulysses/core
Karl Jussila ee72d71872
fix(auth): centralize password and username validation constants (#4120)
Added PASSWORD_MIN_LENGTH and RESERVED_USERNAMES to src/constants.py as the
single source of truth. Previously PASSWORD_MIN_LENGTH was hardcoded as 8 in
four route handlers and all three JS validation paths; RESERVED_USERNAMES was
an inline frozenset duplicated in core/auth.py, routes/assistant_routes.py,
routes/research_routes.py, and src/task_scheduler.py.

Added GET /api/auth/policy (unauthenticated) so the frontend reads the real
values from the server instead of hardcoding them in JS.

Added missing empty-username guard to /setup and admin POST /users. Both
returned a misleading 500/409 on whitespace-only input. /signup already had the
check; this makes all three consistent.
2026-06-16 09:52:15 +02:00
..
__init__.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
atomic_io.py Add native Windows compatibility layer 2026-06-01 15:09:47 +09:00
auth.py fix(auth): centralize password and username validation constants (#4120) 2026-06-16 09:52:15 +02:00
constants.py refactor(constants): single source of truth for data dir (#3368) 2026-06-08 09:58:52 +02:00
database.py feat(paths): abstract runtime path logic for frozen distribution packages (#969) 2026-06-15 17:44:10 +01:00
exceptions.py Odysseus v1.0 2026-05-31 23:58:26 +09:00
middleware.py fix(documents): restore PDF library metadata and preview (#2483) 2026-06-07 23:23:27 +02:00
models.py fix: session context drifting — messages leaking between chats (#135) (#267) 2026-06-09 14:12:52 +01:00
platform_compat.py fix(platform): read proc version with utf-8 2026-06-11 21:58:22 +01:00
session_manager.py fix: session context drifting — messages leaking between chats (#135) (#267) 2026-06-09 14:12:52 +01:00