lundberg/porchlight
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
porchlight/tests/test_store
History
Johan Lundberg 1bb76899a5
fix(security): make self-service last-credential guard atomic 
The self-service credential delete handlers counted credentials and then
deleted in separate steps, so concurrent deletes could each see >1 and both
proceed, removing the user's last credential and locking them out.

Add atomic delete_password_if_not_last / delete_webauthn_if_not_last repo
methods (count + delete in one conditional statement) and use them in the
manage delete handlers. Removes the now-unused _count_credentials helper.

Refs: porchlight-2nv

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-04 15:00:08 +02:00
..
__init__.py chore: create package structure with src layout 2026-02-12 14:39:07 +01:00
conftest.py fix: resolve all ruff lint errors and type checker warnings 2026-03-31 15:48:46 +02:00
test_db.py refactor: extract open_db() context manager from lifespan 2026-02-16 15:41:15 +01:00
test_exceptions.py update all imports in test files: fastapi_oidc_op → porchlight 2026-02-16 15:34:53 +01:00
test_migrations.py feat: add Consent model, migration, and repository 2026-02-18 15:01:35 +01:00
test_protocols.py feat: add Consent model, migration, and repository 2026-02-18 15:01:35 +01:00
test_sqlite_consent_repo.py fix: resolve all ruff lint errors and type checker warnings 2026-03-31 15:48:46 +02:00
test_sqlite_credential_repo.py fix(security): make self-service last-credential guard atomic 2026-06-04 15:00:08 +02:00
test_sqlite_magic_link_repo.py fix(security): consume magic-link tokens atomically 2026-06-04 10:46:38 +02:00
test_sqlite_user_repo.py fix: resolve all ruff lint errors and type checker warnings 2026-03-31 15:48:46 +02:00