curo/kite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(02-03): add TOTP setup/enable/disable, password reset, and frontend_url to config

Browse Source 
- GET /api/auth/totp/setup: returns provisioning_uri + secret (400 if already enabled)
- POST /api/auth/totp/enable: rate-limited 10/min, verifies TOTP code with Redis replay prevention, returns 10 backup codes
- DELETE /api/auth/totp: disables TOTP, clears secret, deletes backup codes
- POST /api/auth/password-reset: always returns 202 (anti-enumeration), enqueues Celery email task
- POST /api/auth/password-reset/confirm: validates token, strength, HIBP; updates password; no auto-login (AUTH-05)
- config.py: added frontend_url setting for password reset link construction
- test_auth_totp.py: all 11 tests passing (GREEN)
This commit is contained in:
curo1305
2026-05-22 19:52:36 +02:00
parent d7831e9382
commit 43e1d0145e
3 changed files with 201 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files
backend/config.py
+3
View File
@@ -50,6 +50,9 @@ class Settings(BaseSettings):
# CORS (Phase 2 — D-09)
cors_origins: list[str] = ["http://localhost:5173"]
# Frontend URL — used to build password reset links (D-02, D-03)
frontend_url: str = "http://localhost:5173"
settings = Settings()