weefnn/full-stack-fastapi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒️ Ensure authentication takes constant time, to avoid enumeration attacks (#2105)

Browse Source 
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
This commit is contained in:
Sebastián Ramírez
2026-01-22 07:50:00 -08:00
committed by GitHub
parent 7107f7e83a
commit 689d7105e1
3 changed files with 31 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
backend/tests/api/routes/test_login.py
View File

@@ -59,7 +59,9 @@ def test_recovery_password(
headers=normal_user_token_headers,
)
assert r.status_code == 200
assert r.json() == {"message": "Password recovery email sent"}
assert r.json() == {
"message": "If that email is registered, we sent a password recovery link"
}
def test_recovery_password_user_not_exits(
@@ -70,7 +72,11 @@ def test_recovery_password_user_not_exits(
f"{settings.API_V1_STR}/password-recovery/{email}",
headers=normal_user_token_headers,
)
assert r.status_code == 404
# Should return 200 with generic message to prevent email enumeration attacks
assert r.status_code == 200
assert r.json() == {
"message": "If that email is registered, we sent a password recovery link"
}
def test_reset_password(client: TestClient, db: Session) -> None: